From 4019b3a2469042e6315b432d25d3467181b3cd81 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 9 Dec 2024 19:54:58 +0000 Subject: [PATCH 01/25] sampling avx2 --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 18 +- libcrux-ml-dsa/src/sample.rs | 121 ++++++++----- libcrux-ml-dsa/src/samplex4.rs | 257 +++++++++++++-------------- 3 files changed, 218 insertions(+), 178 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 717861772..bf6950aa8 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -26,6 +26,7 @@ pub(crate) mod multiplexing; /// Generate a key pair. #[inline(always)] +#[allow(unsafe_code)] pub(crate) fn generate_key_pair< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -54,8 +55,9 @@ pub(crate) fn generate_key_pair< let (seed_for_error_vectors, seed_for_signing) = seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE); - let a_as_ntt = - samplex4::matrix_A::(into_padded_array(seed_for_a)); + let a_as_ntt = unsafe { + samplex4::matrix_A::(into_padded_array(seed_for_a)) + }; let (s1, s2) = samplex4::sample_s1_and_s2::( into_padded_array(seed_for_error_vectors), @@ -224,6 +226,7 @@ pub(crate) fn sign< /// `message` already contains the domain separation. #[allow(non_snake_case)] #[inline(always)] +#[allow(unsafe_code)] pub(crate) fn sign_internal< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -260,8 +263,9 @@ pub(crate) fn sign_internal< SIGNING_KEY_SIZE, >(signing_key); - let A_as_ntt = - samplex4::matrix_A::(into_padded_array(&seed_for_A)); + let A_as_ntt = unsafe { + samplex4::matrix_A::(into_padded_array(&seed_for_A)) + }; let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; derive_message_representative::( @@ -466,6 +470,7 @@ fn derive_message_representative( /// `message` already contains the domain separation. #[allow(non_snake_case)] #[inline(always)] +#[allow(unsafe_code)] pub(crate) fn verify_internal< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -514,8 +519,9 @@ pub(crate) fn verify_internal< ) { return Err(VerificationError::SignerResponseExceedsBoundError); } - let A_as_ntt = - samplex4::matrix_A::(into_padded_array(&seed_for_A)); + let A_as_ntt = unsafe { + samplex4::matrix_A::(into_padded_array(&seed_for_A)) + }; let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH]; Shake256::shake256::( diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 96ab1655f..b0d011258 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -34,17 +34,58 @@ fn rejection_sample_less_than_field_modulus( done } -pub(crate) fn sample_four_ring_elements( +pub(super) struct SampleArgs< + 'a, + SIMDUnit: Operations, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +> { + pub(super) rand_stack: &'a mut ( + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + ), + pub(super) tmp_stack: &'a mut [[i32; 263]], + pub(super) out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], + pub(super) indices: &'a [(usize, usize)], +} + +impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> + SampleArgs<'a, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A> +{ + pub(super) fn new( + rand_stack: &'a mut ( + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + ), + tmp_stack: &'a mut [[i32; 263]], + out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], + indices: &'a [(usize, usize)], + ) -> Self { + Self { + rand_stack, + tmp_stack, + out, + indices, + } + } +} + +#[inline(always)] +pub(crate) fn sample_four_ring_elements< + SIMDUnit: Operations, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( mut seed0: [u8; 34], domain_separator0: u16, domain_separator1: u16, domain_seperator2: u16, domain_separator3: u16, -) -> ( - PolynomialRingElement, - PolynomialRingElement, - PolynomialRingElement, - PolynomialRingElement, + memory: &mut SampleArgs<'_, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>, ) { use crate::hash_functions::shake128::XofX4; @@ -69,17 +110,13 @@ pub(crate) fn sample_four_ring_elements( // version, which actually results in faster code (except for key // generation), even in the AVX2 instantiation of ML-DSA. let mut state = - crate::hash_functions::portable::Shake128X4::init_absorb(&seed0, &seed1, &seed2, &seed3); + crate::hash_functions::simd256::Shake128x4::init_absorb(&seed0, &seed1, &seed2, &seed3); - let mut randomness0 = [0u8; shake128::FIVE_BLOCKS_SIZE]; - let mut randomness1 = [0u8; shake128::FIVE_BLOCKS_SIZE]; - let mut randomness2 = [0u8; shake128::FIVE_BLOCKS_SIZE]; - let mut randomness3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; state.squeeze_first_five_blocks( - &mut randomness0, - &mut randomness1, - &mut randomness2, - &mut randomness3, + &mut memory.rand_stack.0, + &mut memory.rand_stack.1, + &mut memory.rand_stack.2, + &mut memory.rand_stack.3, ); // Every call to |rejection_sample_less_than_field_modulus| @@ -90,35 +127,30 @@ pub(crate) fn sample_four_ring_elements( // // To ensure we don't overflow the buffer in this case, we allocate 255 + 8 // = 263 elements. - let mut coefficients0 = [0i32; 263]; - let mut coefficients1 = [0i32; 263]; - let mut coefficients2 = [0i32; 263]; - let mut coefficients3 = [0i32; 263]; - let mut sampled0 = 0; let mut sampled1 = 0; let mut sampled2 = 0; let mut sampled3 = 0; let mut done0 = rejection_sample_less_than_field_modulus::( - &randomness0, + &mut memory.rand_stack.0, &mut sampled0, - &mut coefficients0, + &mut memory.tmp_stack[0], ); let mut done1 = rejection_sample_less_than_field_modulus::( - &randomness1, + &mut memory.rand_stack.1, &mut sampled1, - &mut coefficients1, + &mut memory.tmp_stack[1], ); let mut done2 = rejection_sample_less_than_field_modulus::( - &randomness2, + &mut memory.rand_stack.2, &mut sampled2, - &mut coefficients2, + &mut memory.tmp_stack[2], ); let mut done3 = rejection_sample_less_than_field_modulus::( - &randomness3, + &mut memory.rand_stack.3, &mut sampled3, - &mut coefficients3, + &mut memory.tmp_stack[3], ); while !done0 || !done1 || !done2 || !done3 { @@ -127,38 +159,36 @@ pub(crate) fn sample_four_ring_elements( done0 = rejection_sample_less_than_field_modulus::( &randomnesses.0, &mut sampled0, - &mut coefficients0, + &mut memory.tmp_stack[0], ); } if !done1 { done1 = rejection_sample_less_than_field_modulus::( &randomnesses.1, &mut sampled1, - &mut coefficients1, + &mut memory.tmp_stack[1], ); } if !done2 { done2 = rejection_sample_less_than_field_modulus::( &randomnesses.2, &mut sampled2, - &mut coefficients2, + &mut memory.tmp_stack[2], ); } if !done3 { done3 = rejection_sample_less_than_field_modulus::( &randomnesses.3, &mut sampled3, - &mut coefficients3, + &mut memory.tmp_stack[3], ); } } - ( - PolynomialRingElement::::from_i32_array(&coefficients0), - PolynomialRingElement::::from_i32_array(&coefficients1), - PolynomialRingElement::::from_i32_array(&coefficients2), - PolynomialRingElement::::from_i32_array(&coefficients3), - ) + for (k, (i, j)) in memory.indices.iter().enumerate() { + memory.out[*i][*j] = + PolynomialRingElement::::from_i32_array(&memory.tmp_stack[k]); + } } #[inline(always)] @@ -502,15 +532,26 @@ mod tests { fn sample_ring_element_uniform( seed: [u8; 34], ) -> PolynomialRingElement { - let four_ring_elements = sample_four_ring_elements::( + let mut rand_stack = ( + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + ); + let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; + let mut out = [[PolynomialRingElement::::ZERO(); 4]; 1]; + let indices = [(0, 0), (0, 1), (0, 2), (0, 3)]; + let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices); + sample_four_ring_elements::( seed, ((seed[33] as u16) << 8) | (seed[32] as u16), 0, 0, 0, + &mut memory, ); - four_ring_elements.0 + out[0][0] } // This is just a wrapper around sample_four_ring_elements, for testing diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index edf06d13c..77cb1b7f8 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,7 +1,7 @@ use crate::{ - hash_functions::shake256, + hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, - sample::{sample_four_error_ring_elements, sample_four_ring_elements}, + sample::{sample_four_error_ring_elements, sample_four_ring_elements, SampleArgs}, simd::traits::Operations, }; @@ -38,53 +38,57 @@ pub(crate) fn matrix_A_4_by_4< let mut A: Matrix = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let four_ring_elements = sample_four_ring_elements::( + let mut rand_stack = ( + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + ); + let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; + let mut memory = SampleArgs::new( + &mut rand_stack, + &mut tmp_stack, + &mut A, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + ); + sample_four_ring_elements::( seed, generate_domain_separator(0, 0), generate_domain_separator(0, 1), generate_domain_separator(0, 2), generate_domain_separator(0, 3), + &mut memory, ); - update_matrix(&mut A, 0, 0, four_ring_elements.0); - update_matrix(&mut A, 0, 1, four_ring_elements.1); - update_matrix(&mut A, 0, 2, four_ring_elements.2); - update_matrix(&mut A, 0, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(1, 0), (1, 1), (1, 2), (1, 3)]; + sample_four_ring_elements::( seed, generate_domain_separator(1, 0), generate_domain_separator(1, 1), generate_domain_separator(1, 2), generate_domain_separator(1, 3), + &mut memory, ); - update_matrix(&mut A, 1, 0, four_ring_elements.0); - update_matrix(&mut A, 1, 1, four_ring_elements.1); - update_matrix(&mut A, 1, 2, four_ring_elements.2); - update_matrix(&mut A, 1, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(2, 0), (2, 1), (2, 2), (2, 3)]; + sample_four_ring_elements::( seed, generate_domain_separator(2, 0), generate_domain_separator(2, 1), generate_domain_separator(2, 2), generate_domain_separator(2, 3), + &mut memory, ); - update_matrix(&mut A, 2, 0, four_ring_elements.0); - update_matrix(&mut A, 2, 1, four_ring_elements.1); - update_matrix(&mut A, 2, 2, four_ring_elements.2); - update_matrix(&mut A, 2, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(3, 0), (3, 1), (3, 2), (3, 3)]; + sample_four_ring_elements::( seed, generate_domain_separator(3, 0), generate_domain_separator(3, 1), generate_domain_separator(3, 2), generate_domain_separator(3, 3), + &mut memory, ); - update_matrix(&mut A, 3, 0, four_ring_elements.0); - update_matrix(&mut A, 3, 1, four_ring_elements.1); - update_matrix(&mut A, 3, 2, four_ring_elements.2); - update_matrix(&mut A, 3, 3, four_ring_elements.3); A } @@ -100,103 +104,102 @@ pub(crate) fn matrix_A_6_by_5< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let four_ring_elements = sample_four_ring_elements::( + let mut rand_stack = ( + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + ); + let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; + let mut memory = SampleArgs::new( + &mut rand_stack, + &mut tmp_stack, + &mut A, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + ); + sample_four_ring_elements::( seed, generate_domain_separator(0, 0), generate_domain_separator(0, 1), generate_domain_separator(0, 2), generate_domain_separator(0, 3), + &mut memory, ); - update_matrix(&mut A, 0, 0, four_ring_elements.0); - update_matrix(&mut A, 0, 1, four_ring_elements.1); - update_matrix(&mut A, 0, 2, four_ring_elements.2); - update_matrix(&mut A, 0, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(0, 4), (1, 0), (1, 1), (1, 2)]; + sample_four_ring_elements::( seed, generate_domain_separator(0, 4), generate_domain_separator(1, 0), generate_domain_separator(1, 1), generate_domain_separator(1, 2), + &mut memory, ); - update_matrix(&mut A, 0, 4, four_ring_elements.0); - update_matrix(&mut A, 1, 0, four_ring_elements.1); - update_matrix(&mut A, 1, 1, four_ring_elements.2); - update_matrix(&mut A, 1, 2, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(1, 3), (1, 4), (2, 0), (2, 1)]; + sample_four_ring_elements::( seed, generate_domain_separator(1, 3), generate_domain_separator(1, 4), generate_domain_separator(2, 0), generate_domain_separator(2, 1), + &mut memory, ); - update_matrix(&mut A, 1, 3, four_ring_elements.0); - update_matrix(&mut A, 1, 4, four_ring_elements.1); - update_matrix(&mut A, 2, 0, four_ring_elements.2); - update_matrix(&mut A, 2, 1, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(2, 2), (2, 3), (2, 4), (3, 0)]; + sample_four_ring_elements::( seed, generate_domain_separator(2, 2), generate_domain_separator(2, 3), generate_domain_separator(2, 4), generate_domain_separator(3, 0), + &mut memory, ); - update_matrix(&mut A, 2, 2, four_ring_elements.0); - update_matrix(&mut A, 2, 3, four_ring_elements.1); - update_matrix(&mut A, 2, 4, four_ring_elements.2); - update_matrix(&mut A, 3, 0, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(3, 1), (3, 2), (3, 3), (3, 4)]; + sample_four_ring_elements::( seed, generate_domain_separator(3, 1), generate_domain_separator(3, 2), generate_domain_separator(3, 3), generate_domain_separator(3, 4), + &mut memory, ); - update_matrix(&mut A, 3, 1, four_ring_elements.0); - update_matrix(&mut A, 3, 2, four_ring_elements.1); - update_matrix(&mut A, 3, 3, four_ring_elements.2); - update_matrix(&mut A, 3, 4, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)]; + sample_four_ring_elements::( seed, generate_domain_separator(4, 0), generate_domain_separator(4, 1), generate_domain_separator(4, 2), generate_domain_separator(4, 3), + &mut memory, ); - update_matrix(&mut A, 4, 0, four_ring_elements.0); - update_matrix(&mut A, 4, 1, four_ring_elements.1); - update_matrix(&mut A, 4, 2, four_ring_elements.2); - update_matrix(&mut A, 4, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(4, 4), (5, 0), (5, 1), (5, 2)]; + sample_four_ring_elements::( seed, generate_domain_separator(4, 4), generate_domain_separator(5, 0), generate_domain_separator(5, 1), generate_domain_separator(5, 2), + &mut memory, ); - update_matrix(&mut A, 4, 4, four_ring_elements.0); - update_matrix(&mut A, 5, 0, four_ring_elements.1); - update_matrix(&mut A, 5, 1, four_ring_elements.2); - update_matrix(&mut A, 5, 2, four_ring_elements.3); // The the last 2 sampled ring elements are discarded here. - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(5, 3), (5, 4)]; + sample_four_ring_elements::( seed, generate_domain_separator(5, 3), generate_domain_separator(5, 4), generate_domain_separator(5, 5), generate_domain_separator(5, 6), + &mut memory, ); - update_matrix(&mut A, 5, 3, four_ring_elements.0); - update_matrix(&mut A, 5, 4, four_ring_elements.1); A } + #[allow(non_snake_case)] #[inline(always)] pub(crate) fn matrix_A_8_by_7< @@ -208,179 +211,169 @@ pub(crate) fn matrix_A_8_by_7< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let four_ring_elements = sample_four_ring_elements::( + let mut rand_stack = ( + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + [0u8; shake128::FIVE_BLOCKS_SIZE], + ); + let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; + let mut memory = SampleArgs::new( + &mut rand_stack, + &mut tmp_stack, + &mut A, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + ); + + sample_four_ring_elements::( seed, generate_domain_separator(0, 0), generate_domain_separator(0, 1), generate_domain_separator(0, 2), generate_domain_separator(0, 3), + &mut memory, ); - update_matrix(&mut A, 0, 0, four_ring_elements.0); - update_matrix(&mut A, 0, 1, four_ring_elements.1); - update_matrix(&mut A, 0, 2, four_ring_elements.2); - update_matrix(&mut A, 0, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(0, 4), (0, 5), (0, 6), (1, 0)]; + sample_four_ring_elements::( seed, generate_domain_separator(0, 4), generate_domain_separator(0, 5), generate_domain_separator(0, 6), generate_domain_separator(1, 0), + &mut memory, ); - update_matrix(&mut A, 0, 4, four_ring_elements.0); - update_matrix(&mut A, 0, 5, four_ring_elements.1); - update_matrix(&mut A, 0, 6, four_ring_elements.2); - update_matrix(&mut A, 1, 0, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(1, 1), (1, 2), (1, 3), (1, 4)]; + sample_four_ring_elements::( seed, generate_domain_separator(1, 1), generate_domain_separator(1, 2), generate_domain_separator(1, 3), generate_domain_separator(1, 4), + &mut memory, ); - update_matrix(&mut A, 1, 1, four_ring_elements.0); - update_matrix(&mut A, 1, 2, four_ring_elements.1); - update_matrix(&mut A, 1, 3, four_ring_elements.2); - update_matrix(&mut A, 1, 4, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(1, 5), (1, 6), (2, 0), (2, 1)]; + sample_four_ring_elements::( seed, generate_domain_separator(1, 5), generate_domain_separator(1, 6), generate_domain_separator(2, 0), generate_domain_separator(2, 1), + &mut memory, ); - update_matrix(&mut A, 1, 5, four_ring_elements.0); - update_matrix(&mut A, 1, 6, four_ring_elements.1); - update_matrix(&mut A, 2, 0, four_ring_elements.2); - update_matrix(&mut A, 2, 1, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(2, 2), (2, 3), (2, 4), (2, 5)]; + sample_four_ring_elements::( seed, generate_domain_separator(2, 2), generate_domain_separator(2, 3), generate_domain_separator(2, 4), generate_domain_separator(2, 5), + &mut memory, ); - update_matrix(&mut A, 2, 2, four_ring_elements.0); - update_matrix(&mut A, 2, 3, four_ring_elements.1); - update_matrix(&mut A, 2, 4, four_ring_elements.2); - update_matrix(&mut A, 2, 5, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(2, 6), (3, 0), (3, 1), (3, 2)]; + sample_four_ring_elements::( seed, generate_domain_separator(2, 6), generate_domain_separator(3, 0), generate_domain_separator(3, 1), generate_domain_separator(3, 2), + &mut memory, ); - update_matrix(&mut A, 2, 6, four_ring_elements.0); - update_matrix(&mut A, 3, 0, four_ring_elements.1); - update_matrix(&mut A, 3, 1, four_ring_elements.2); - update_matrix(&mut A, 3, 2, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(3, 3), (3, 4), (3, 5), (3, 6)]; + sample_four_ring_elements::( seed, generate_domain_separator(3, 3), generate_domain_separator(3, 4), generate_domain_separator(3, 5), generate_domain_separator(3, 6), + &mut memory, ); - update_matrix(&mut A, 3, 3, four_ring_elements.0); - update_matrix(&mut A, 3, 4, four_ring_elements.1); - update_matrix(&mut A, 3, 5, four_ring_elements.2); - update_matrix(&mut A, 3, 6, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)]; + sample_four_ring_elements::( seed, generate_domain_separator(4, 0), generate_domain_separator(4, 1), generate_domain_separator(4, 2), generate_domain_separator(4, 3), + &mut memory, ); - update_matrix(&mut A, 4, 0, four_ring_elements.0); - update_matrix(&mut A, 4, 1, four_ring_elements.1); - update_matrix(&mut A, 4, 2, four_ring_elements.2); - update_matrix(&mut A, 4, 3, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(4, 4), (4, 5), (4, 6), (5, 0)]; + sample_four_ring_elements::( seed, generate_domain_separator(4, 4), generate_domain_separator(4, 5), generate_domain_separator(4, 6), generate_domain_separator(5, 0), + &mut memory, ); - update_matrix(&mut A, 4, 4, four_ring_elements.0); - update_matrix(&mut A, 4, 5, four_ring_elements.1); - update_matrix(&mut A, 4, 6, four_ring_elements.2); - update_matrix(&mut A, 5, 0, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(5, 1), (5, 2), (5, 3), (5, 4)]; + sample_four_ring_elements::( seed, generate_domain_separator(5, 1), generate_domain_separator(5, 2), generate_domain_separator(5, 3), generate_domain_separator(5, 4), + &mut memory, ); - update_matrix(&mut A, 5, 1, four_ring_elements.0); - update_matrix(&mut A, 5, 2, four_ring_elements.1); - update_matrix(&mut A, 5, 3, four_ring_elements.2); - update_matrix(&mut A, 5, 4, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(5, 5), (5, 6), (6, 0), (6, 1)]; + sample_four_ring_elements::( seed, generate_domain_separator(5, 5), generate_domain_separator(5, 6), generate_domain_separator(6, 0), generate_domain_separator(6, 1), + &mut memory, ); - update_matrix(&mut A, 5, 5, four_ring_elements.0); - update_matrix(&mut A, 5, 6, four_ring_elements.1); - update_matrix(&mut A, 6, 0, four_ring_elements.2); - update_matrix(&mut A, 6, 1, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(6, 2), (6, 3), (6, 4), (6, 5)]; + sample_four_ring_elements::( seed, generate_domain_separator(6, 2), generate_domain_separator(6, 3), generate_domain_separator(6, 4), generate_domain_separator(6, 5), + &mut memory, ); - update_matrix(&mut A, 6, 2, four_ring_elements.0); - update_matrix(&mut A, 6, 3, four_ring_elements.1); - update_matrix(&mut A, 6, 4, four_ring_elements.2); - update_matrix(&mut A, 6, 5, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(6, 6), (7, 0), (7, 1), (7, 2)]; + sample_four_ring_elements::( seed, generate_domain_separator(6, 6), generate_domain_separator(7, 0), generate_domain_separator(7, 1), generate_domain_separator(7, 2), + &mut memory, ); - update_matrix(&mut A, 6, 6, four_ring_elements.0); - update_matrix(&mut A, 7, 0, four_ring_elements.1); - update_matrix(&mut A, 7, 1, four_ring_elements.2); - update_matrix(&mut A, 7, 2, four_ring_elements.3); - let four_ring_elements = sample_four_ring_elements::( + memory.indices = &[(7, 3), (7, 4), (7, 5), (7, 6)]; + sample_four_ring_elements::( seed, generate_domain_separator(7, 3), generate_domain_separator(7, 4), generate_domain_separator(7, 5), generate_domain_separator(7, 6), + &mut memory, ); - update_matrix(&mut A, 7, 3, four_ring_elements.0); - update_matrix(&mut A, 7, 4, four_ring_elements.1); - update_matrix(&mut A, 7, 5, four_ring_elements.2); - update_matrix(&mut A, 7, 6, four_ring_elements.3); A } + +// XXX: of course we can't do this unconditionally, but with the manual monomorphization +// macro, we could inject this. This gives us +50% faster key generation and +70% signing. +#[cfg_attr(not(hax), target_feature(enable = "avx2"))] +#[allow(unsafe_code)] #[allow(non_snake_case)] -#[inline(always)] -pub(crate) fn matrix_A( +// #[inline(always)] +pub(crate) unsafe fn matrix_A( seed: [u8; 34], ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { From 56c466470188395fd2ab0138af43f085e84499a3 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 16 Dec 2024 15:37:19 +0100 Subject: [PATCH 02/25] Select x4 Ring Element Sampler via enum This allows us to have a `target_feature` boundary here as well. --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 34 +- .../src/ml_dsa_generic/instantiations.rs | 28 +- .../src/ml_dsa_generic/instantiations/avx2.rs | 50 ++- libcrux-ml-dsa/src/sample.rs | 47 +- libcrux-ml-dsa/src/samplex4.rs | 421 ++++++------------ 5 files changed, 246 insertions(+), 334 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index bf6950aa8..bd4b333e0 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -12,7 +12,7 @@ use crate::{ ntt::ntt, pre_hash::{DomainSeparationContext, PreHash}, sample::{sample_challenge_ring_element, sample_mask_vector}, - samplex4, + samplex4::{self, X4Sampler}, simd::traits::Operations, types::{SigningError, VerificationError}, utils::into_padded_array, @@ -41,6 +41,7 @@ pub(crate) fn generate_key_pair< const VERIFICATION_KEY_SIZE: usize, >( randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], + sampler: X4Sampler, ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE let mut seed_expanded = [0; 128]; @@ -55,9 +56,10 @@ pub(crate) fn generate_key_pair< let (seed_for_error_vectors, seed_for_signing) = seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE); - let a_as_ntt = unsafe { - samplex4::matrix_A::(into_padded_array(seed_for_a)) - }; + let a_as_ntt = samplex4::matrix_A::( + into_padded_array(seed_for_a), + sampler, + ); let (s1, s2) = samplex4::sample_s1_and_s2::( into_padded_array(seed_for_error_vectors), @@ -123,6 +125,7 @@ pub(crate) fn sign_pre_hashed< message: &[u8], context: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], + sampler: X4Sampler, ) -> Result, SigningError> { if context.len() > CONTEXT_MAX_LEN { return Err(SigningError::ContextTooLongError); @@ -157,6 +160,7 @@ pub(crate) fn sign_pre_hashed< &pre_hashed_message, Some(domain_separation_context), randomness, + sampler, ) } @@ -187,6 +191,7 @@ pub(crate) fn sign< message: &[u8], context: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], + sampler: X4Sampler, ) -> Result, SigningError> { let domain_separation_context = match DomainSeparationContext::new(context, None) { Ok(dsc) => dsc, @@ -217,6 +222,7 @@ pub(crate) fn sign< message, Some(domain_separation_context), randomness, + sampler, ) } @@ -252,6 +258,7 @@ pub(crate) fn sign_internal< message: &[u8], domain_separation_context: Option, randomness: [u8; SIGNING_RANDOMNESS_SIZE], + sampler: X4Sampler, ) -> Result, SigningError> { let (seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt) = encoding::signing_key::deserialize_then_ntt::< @@ -263,9 +270,10 @@ pub(crate) fn sign_internal< SIGNING_KEY_SIZE, >(signing_key); - let A_as_ntt = unsafe { - samplex4::matrix_A::(into_padded_array(&seed_for_A)) - }; + let A_as_ntt = samplex4::matrix_A::( + into_padded_array(&seed_for_A), + sampler, + ); let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; derive_message_representative::( @@ -494,6 +502,7 @@ pub(crate) fn verify_internal< message: &[u8], domain_separation_context: Option, signature_serialized: &[u8; SIGNATURE_SIZE], + sampler: X4Sampler, ) -> Result<(), VerificationError> { let (seed_for_A, t1) = encoding::verification_key::deserialize::( @@ -519,9 +528,10 @@ pub(crate) fn verify_internal< ) { return Err(VerificationError::SignerResponseExceedsBoundError); } - let A_as_ntt = unsafe { - samplex4::matrix_A::(into_padded_array(&seed_for_A)) - }; + let A_as_ntt = samplex4::matrix_A::( + into_padded_array(&seed_for_A), + sampler, + ); let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH]; Shake256::shake256::( @@ -599,6 +609,7 @@ pub(crate) fn verify< message: &[u8], context: &[u8], signature_serialized: &[u8; SIGNATURE_SIZE], + sampler: X4Sampler, ) -> Result<(), VerificationError> { // We manually do the matching here to make Eurydice happy. let domain_separation_context = match DomainSeparationContext::new(context, None) { @@ -628,6 +639,7 @@ pub(crate) fn verify< message, Some(domain_separation_context), &signature_serialized, + sampler, ) } @@ -659,6 +671,7 @@ pub(crate) fn verify_pre_hashed< message: &[u8], context: &[u8], signature_serialized: &[u8; SIGNATURE_SIZE], + sampler: X4Sampler, ) -> Result<(), VerificationError> { let pre_hashed_message = PH::hash::(message); let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) { @@ -689,5 +702,6 @@ pub(crate) fn verify_pre_hashed< &pre_hashed_message, Some(domain_separation_context), &signature_serialized, + sampler, ) } diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs index 07920de39..f2714e110 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -1,5 +1,5 @@ macro_rules! instantiate { - ($modp:ident, $simdunit:path, $shake128:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path) => { + ($modp:ident, $simdunit:path, $shake128:path, $shake128x4:path, $shake256:path, $shake256xof:path, $shake256x4:path, $sampler:path) => { pub mod $modp { use crate::{ constants::*, @@ -31,7 +31,7 @@ macro_rules! instantiate { ERROR_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, VERIFICATION_KEY_SIZE, - >(randomness) + >(randomness, $sampler) } /// Sign. @@ -76,7 +76,7 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness) + >(&signing_key, message, context, randomness, $sampler) } /// Sign (internal API) @@ -121,7 +121,13 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, None, randomness) + >( + &signing_key, + message, + None, + randomness, + crate::samplex4::X4Sampler::AVX2, + ) } /// Sign (pre-hashed). @@ -169,7 +175,7 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness) + >(&signing_key, message, context, randomness, $sampler) } /// Verify. @@ -211,7 +217,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature) + >(verification_key, message, context, signature, $sampler) } /// Verify (internal API). @@ -253,7 +259,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, None, signature) + >(verification_key, message, None, signature, $sampler) } /// Verify (pre-hashed with SHAKE-128). @@ -298,7 +304,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature) + >(verification_key, message, context, signature, $sampler) } } }; @@ -311,7 +317,8 @@ instantiate! {portable, crate::hash_functions::portable::Shake128X4, crate::hash_functions::portable::Shake256, crate::hash_functions::portable::Shake256Xof, - crate::hash_functions::portable::Shake256X4 + crate::hash_functions::portable::Shake256X4, + crate::samplex4::X4Sampler::Portable } // AVX2 generic implementation. @@ -326,5 +333,6 @@ instantiate! {neon, crate::hash_functions::neon::Shake128x4, crate::hash_functions::portable::Shake256, crate::hash_functions::portable::Shake256Xof, - crate::hash_functions::neon::Shake256x4 + crate::hash_functions::neon::Shake256x4, + crate::samplex4::X4Sampler::Neon } diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs index 92d06ad8d..0e756ac25 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs @@ -33,7 +33,7 @@ mod avx2_feature { ERROR_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, VERIFICATION_KEY_SIZE, - >(randomness) + >(randomness, crate::samplex4::X4Sampler::AVX2) } /// Sign. @@ -80,7 +80,13 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness) + >( + &signing_key, + message, + context, + randomness, + crate::samplex4::X4Sampler::AVX2, + ) } /// Sign (internal API) @@ -127,7 +133,13 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, None, randomness) + >( + &signing_key, + message, + None, + randomness, + crate::samplex4::X4Sampler::AVX2, + ) } /// Sign (pre-hashed). @@ -177,7 +189,13 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness) + >( + &signing_key, + message, + context, + randomness, + crate::samplex4::X4Sampler::AVX2, + ) } /// Verify. @@ -221,7 +239,13 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature) + >( + verification_key, + message, + context, + signature, + crate::samplex4::X4Sampler::AVX2, + ) } /// Verify (internal API). @@ -265,7 +289,13 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, None, signature) + >( + verification_key, + message, + None, + signature, + crate::samplex4::X4Sampler::AVX2, + ) } /// Verify (pre-hashed with SHAKE-128). @@ -312,7 +342,13 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature) + >( + verification_key, + message, + context, + signature, + crate::samplex4::X4Sampler::AVX2, + ) } } diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index b0d011258..fa69241a7 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -37,29 +37,35 @@ fn rejection_sample_less_than_field_modulus( pub(super) struct SampleArgs< 'a, SIMDUnit: Operations, + const STACK_SIZE: usize, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, > { pub(super) rand_stack: &'a mut ( - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], ), pub(super) tmp_stack: &'a mut [[i32; 263]], pub(super) out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], pub(super) indices: &'a [(usize, usize)], } -impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize> - SampleArgs<'a, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A> +impl< + 'a, + SIMDUnit: Operations, + const STACK_SIZE: usize, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + > SampleArgs<'a, SIMDUnit, STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A> { pub(super) fn new( rand_stack: &'a mut ( - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], + [u8; STACK_SIZE], ), tmp_stack: &'a mut [[i32; 263]], out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], @@ -77,6 +83,7 @@ impl<'a, SIMDUnit: Operations, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize #[inline(always)] pub(crate) fn sample_four_ring_elements< SIMDUnit: Operations, + Shake128: shake128::XofX4, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, >( @@ -85,10 +92,8 @@ pub(crate) fn sample_four_ring_elements< domain_separator1: u16, domain_seperator2: u16, domain_separator3: u16, - memory: &mut SampleArgs<'_, SIMDUnit, ROWS_IN_A, COLUMNS_IN_A>, + memory: &mut SampleArgs<'_, SIMDUnit, { shake128::FIVE_BLOCKS_SIZE }, ROWS_IN_A, COLUMNS_IN_A>, ) { - use crate::hash_functions::shake128::XofX4; - // Prepare the seeds seed0[32] = domain_separator0 as u8; seed0[33] = (domain_separator0 >> 8) as u8; @@ -105,12 +110,7 @@ pub(crate) fn sample_four_ring_elements< seed3[32] = domain_separator3 as u8; seed3[33] = (domain_separator3 >> 8) as u8; - // FIXME: We use the portable implementation here, since the - // compiler has an easier time optimizing it, compared to the AVX2 - // version, which actually results in faster code (except for key - // generation), even in the AVX2 instantiation of ML-DSA. - let mut state = - crate::hash_functions::simd256::Shake128x4::init_absorb(&seed0, &seed1, &seed2, &seed3); + let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3); state.squeeze_first_five_blocks( &mut memory.rand_stack.0, @@ -529,7 +529,7 @@ mod tests { // This is just a wrapper around sample_four_ring_elements, for testing // purposes. - fn sample_ring_element_uniform( + fn sample_ring_element_uniform( seed: [u8; 34], ) -> PolynomialRingElement { let mut rand_stack = ( @@ -542,7 +542,7 @@ mod tests { let mut out = [[PolynomialRingElement::::ZERO(); 4]; 1]; let indices = [(0, 0), (0, 1), (0, 2), (0, 3)]; let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices); - sample_four_ring_elements::( + sample_four_ring_elements::( seed, ((seed[33] as u16) << 8) | (seed[32] as u16), 0, @@ -611,7 +611,7 @@ mod tests { ]; assert_eq!( - sample_ring_element_uniform::(seed).to_i32_array(), + sample_ring_element_uniform::(seed).to_i32_array(), expected_coefficients ); @@ -625,7 +625,8 @@ mod tests { 0xB1, 0x83, 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, 0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E, 0x01, 0x00, ]; - let actual_coefficients = sample_ring_element_uniform::(seed).to_i32_array(); + let actual_coefficients = + sample_ring_element_uniform::(seed).to_i32_array(); assert_eq!(actual_coefficients[0], 1_165_602); assert_eq!( diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 77cb1b7f8..285186ba0 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -5,31 +5,44 @@ use crate::{ simd::traits::Operations, }; +/// The x4 sampling implementation that is selected during multiplexing. +#[allow(unused)] +pub(crate) enum X4Sampler { + AVX2, + Neon, + Portable, +} + #[inline(always)] -fn generate_domain_separator(row: u8, column: u8) -> u16 { +fn generate_domain_separator((row, column): (u8, u8)) -> u16 { (column as u16) | ((row as u16) << 8) } -// Doing deep updates like `a[1][1] = 3` causes a memory blowup in F* -// https://github.com/hacspec/hax/issues/1098 -// So we are instead using a matrix abstraction with a custom update function here. - type Matrix = [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; -fn update_matrix( - m: &mut Matrix, - i: usize, - j: usize, - v: PolynomialRingElement, -) { - m[i][j] = v; +/// A call to sample four ring elements from $seed into $memory at indices $a, $b +/// $c, $d. +macro_rules! sample_four_ring_elements_into { + ($memory:ident, $seed:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { + $memory.indices = &[$a, $b, $c, $d]; + sample_four_ring_elements::( + $seed, + generate_domain_separator($a), + generate_domain_separator($b), + generate_domain_separator($c), + generate_domain_separator($d), + &mut $memory, + ); + }; } #[allow(non_snake_case)] #[inline(always)] +#[cfg(feature = "mldsa44")] pub(crate) fn matrix_A_4_by_4< SIMDUnit: Operations, + Shake128: shake128::XofX4, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, >( @@ -45,58 +58,22 @@ pub(crate) fn matrix_A_4_by_4< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new( - &mut rand_stack, - &mut tmp_stack, - &mut A, - &[(0, 0), (0, 1), (0, 2), (0, 3)], - ); - sample_four_ring_elements::( - seed, - generate_domain_separator(0, 0), - generate_domain_separator(0, 1), - generate_domain_separator(0, 2), - generate_domain_separator(0, 3), - &mut memory, - ); + let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); - memory.indices = &[(1, 0), (1, 1), (1, 2), (1, 3)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(1, 0), - generate_domain_separator(1, 1), - generate_domain_separator(1, 2), - generate_domain_separator(1, 3), - &mut memory, - ); - - memory.indices = &[(2, 0), (2, 1), (2, 2), (2, 3)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(2, 0), - generate_domain_separator(2, 1), - generate_domain_separator(2, 2), - generate_domain_separator(2, 3), - &mut memory, - ); - - memory.indices = &[(3, 0), (3, 1), (3, 2), (3, 3)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(3, 0), - generate_domain_separator(3, 1), - generate_domain_separator(3, 2), - generate_domain_separator(3, 3), - &mut memory, - ); + sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); + sample_four_ring_elements_into!(memory, seed, (1, 0), (1, 1), (1, 2), (1, 3)); + sample_four_ring_elements_into!(memory, seed, (2, 0), (2, 1), (2, 2), (2, 3)); + sample_four_ring_elements_into!(memory, seed, (3, 0), (3, 1), (3, 2), (3, 3)); A } #[allow(non_snake_case)] #[inline(always)] +#[cfg(feature = "mldsa65")] pub(crate) fn matrix_A_6_by_5< SIMDUnit: Operations, + Shake128: shake128::XofX4, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, >( @@ -111,89 +88,24 @@ pub(crate) fn matrix_A_6_by_5< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new( - &mut rand_stack, - &mut tmp_stack, - &mut A, - &[(0, 0), (0, 1), (0, 2), (0, 3)], - ); - sample_four_ring_elements::( - seed, - generate_domain_separator(0, 0), - generate_domain_separator(0, 1), - generate_domain_separator(0, 2), - generate_domain_separator(0, 3), - &mut memory, - ); + let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); - memory.indices = &[(0, 4), (1, 0), (1, 1), (1, 2)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(0, 4), - generate_domain_separator(1, 0), - generate_domain_separator(1, 1), - generate_domain_separator(1, 2), - &mut memory, - ); - - memory.indices = &[(1, 3), (1, 4), (2, 0), (2, 1)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(1, 3), - generate_domain_separator(1, 4), - generate_domain_separator(2, 0), - generate_domain_separator(2, 1), - &mut memory, - ); + sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); + sample_four_ring_elements_into!(memory, seed, (0, 4), (1, 0), (1, 1), (1, 2)); + sample_four_ring_elements_into!(memory, seed, (1, 3), (1, 4), (2, 0), (2, 1)); + sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (3, 0)); + sample_four_ring_elements_into!(memory, seed, (3, 1), (3, 2), (3, 3), (3, 4)); + sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3)); + sample_four_ring_elements_into!(memory, seed, (4, 4), (5, 0), (5, 1), (5, 2)); - memory.indices = &[(2, 2), (2, 3), (2, 4), (3, 0)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(2, 2), - generate_domain_separator(2, 3), - generate_domain_separator(2, 4), - generate_domain_separator(3, 0), - &mut memory, - ); - - memory.indices = &[(3, 1), (3, 2), (3, 3), (3, 4)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(3, 1), - generate_domain_separator(3, 2), - generate_domain_separator(3, 3), - generate_domain_separator(3, 4), - &mut memory, - ); - - memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(4, 0), - generate_domain_separator(4, 1), - generate_domain_separator(4, 2), - generate_domain_separator(4, 3), - &mut memory, - ); - - memory.indices = &[(4, 4), (5, 0), (5, 1), (5, 2)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(4, 4), - generate_domain_separator(5, 0), - generate_domain_separator(5, 1), - generate_domain_separator(5, 2), - &mut memory, - ); - - // The the last 2 sampled ring elements are discarded here. + // The last 2 sampled ring elements are discarded here. memory.indices = &[(5, 3), (5, 4)]; - sample_four_ring_elements::( + sample_four_ring_elements::( seed, - generate_domain_separator(5, 3), - generate_domain_separator(5, 4), - generate_domain_separator(5, 5), - generate_domain_separator(5, 6), + generate_domain_separator((5, 3)), + generate_domain_separator((5, 4)), + generate_domain_separator((5, 5)), + generate_domain_separator((5, 6)), &mut memory, ); @@ -202,8 +114,10 @@ pub(crate) fn matrix_A_6_by_5< #[allow(non_snake_case)] #[inline(always)] +#[cfg(feature = "mldsa87")] pub(crate) fn matrix_A_8_by_7< SIMDUnit: Operations, + Shake128: shake128::XofX4, const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, >( @@ -218,168 +132,107 @@ pub(crate) fn matrix_A_8_by_7< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new( - &mut rand_stack, - &mut tmp_stack, - &mut A, - &[(0, 0), (0, 1), (0, 2), (0, 3)], - ); - - sample_four_ring_elements::( - seed, - generate_domain_separator(0, 0), - generate_domain_separator(0, 1), - generate_domain_separator(0, 2), - generate_domain_separator(0, 3), - &mut memory, - ); - - memory.indices = &[(0, 4), (0, 5), (0, 6), (1, 0)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(0, 4), - generate_domain_separator(0, 5), - generate_domain_separator(0, 6), - generate_domain_separator(1, 0), - &mut memory, - ); - - memory.indices = &[(1, 1), (1, 2), (1, 3), (1, 4)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(1, 1), - generate_domain_separator(1, 2), - generate_domain_separator(1, 3), - generate_domain_separator(1, 4), - &mut memory, - ); - - memory.indices = &[(1, 5), (1, 6), (2, 0), (2, 1)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(1, 5), - generate_domain_separator(1, 6), - generate_domain_separator(2, 0), - generate_domain_separator(2, 1), - &mut memory, - ); - - memory.indices = &[(2, 2), (2, 3), (2, 4), (2, 5)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(2, 2), - generate_domain_separator(2, 3), - generate_domain_separator(2, 4), - generate_domain_separator(2, 5), - &mut memory, - ); - - memory.indices = &[(2, 6), (3, 0), (3, 1), (3, 2)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(2, 6), - generate_domain_separator(3, 0), - generate_domain_separator(3, 1), - generate_domain_separator(3, 2), - &mut memory, - ); - - memory.indices = &[(3, 3), (3, 4), (3, 5), (3, 6)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(3, 3), - generate_domain_separator(3, 4), - generate_domain_separator(3, 5), - generate_domain_separator(3, 6), - &mut memory, - ); - - memory.indices = &[(4, 0), (4, 1), (4, 2), (4, 3)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(4, 0), - generate_domain_separator(4, 1), - generate_domain_separator(4, 2), - generate_domain_separator(4, 3), - &mut memory, - ); - - memory.indices = &[(4, 4), (4, 5), (4, 6), (5, 0)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(4, 4), - generate_domain_separator(4, 5), - generate_domain_separator(4, 6), - generate_domain_separator(5, 0), - &mut memory, - ); - - memory.indices = &[(5, 1), (5, 2), (5, 3), (5, 4)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(5, 1), - generate_domain_separator(5, 2), - generate_domain_separator(5, 3), - generate_domain_separator(5, 4), - &mut memory, - ); - - memory.indices = &[(5, 5), (5, 6), (6, 0), (6, 1)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(5, 5), - generate_domain_separator(5, 6), - generate_domain_separator(6, 0), - generate_domain_separator(6, 1), - &mut memory, - ); - - memory.indices = &[(6, 2), (6, 3), (6, 4), (6, 5)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(6, 2), - generate_domain_separator(6, 3), - generate_domain_separator(6, 4), - generate_domain_separator(6, 5), - &mut memory, - ); - - memory.indices = &[(6, 6), (7, 0), (7, 1), (7, 2)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(6, 6), - generate_domain_separator(7, 0), - generate_domain_separator(7, 1), - generate_domain_separator(7, 2), - &mut memory, - ); - - memory.indices = &[(7, 3), (7, 4), (7, 5), (7, 6)]; - sample_four_ring_elements::( - seed, - generate_domain_separator(7, 3), - generate_domain_separator(7, 4), - generate_domain_separator(7, 5), - generate_domain_separator(7, 6), - &mut memory, - ); + let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); + + sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); + sample_four_ring_elements_into!(memory, seed, (0, 4), (0, 5), (0, 6), (1, 0)); + sample_four_ring_elements_into!(memory, seed, (1, 1), (1, 2), (1, 3), (1, 4)); + sample_four_ring_elements_into!(memory, seed, (1, 5), (1, 6), (2, 0), (2, 1)); + sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (2, 5)); + sample_four_ring_elements_into!(memory, seed, (2, 6), (3, 0), (3, 1), (3, 2)); + sample_four_ring_elements_into!(memory, seed, (3, 3), (3, 4), (3, 5), (3, 6)); + sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3)); + sample_four_ring_elements_into!(memory, seed, (4, 4), (4, 5), (4, 6), (5, 0)); + sample_four_ring_elements_into!(memory, seed, (5, 1), (5, 2), (5, 3), (5, 4)); + sample_four_ring_elements_into!(memory, seed, (5, 5), (5, 6), (6, 0), (6, 1)); + sample_four_ring_elements_into!(memory, seed, (6, 2), (6, 3), (6, 4), (6, 5)); + sample_four_ring_elements_into!(memory, seed, (6, 6), (7, 0), (7, 1), (7, 2)); + sample_four_ring_elements_into!(memory, seed, (7, 3), (7, 4), (7, 5), (7, 6)); A } +#[inline(always)] +#[allow(unsafe_code)] +#[allow(non_snake_case)] +pub(crate) fn matrix_A( + seed: [u8; 34], + sampler: X4Sampler, +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + match sampler { + #[cfg(feature = "simd256")] + X4Sampler::AVX2 => unsafe { matrix_A_avx2::(seed) }, + #[cfg(feature = "simd128")] + X4Sampler::Neon => matrix_A_generic::< + SIMDUnit, + crate::hash_functions::neon::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + X4Sampler::Portable => matrix_A_generic::< + SIMDUnit, + crate::hash_functions::portable::Shake128X4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + _ => unreachable!(), + } +} + // XXX: of course we can't do this unconditionally, but with the manual monomorphization // macro, we could inject this. This gives us +50% faster key generation and +70% signing. #[cfg_attr(not(hax), target_feature(enable = "avx2"))] #[allow(unsafe_code)] #[allow(non_snake_case)] -// #[inline(always)] -pub(crate) unsafe fn matrix_A( +pub(crate) unsafe fn matrix_A_avx2< + SIMDUnit: Operations, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( + seed: [u8; 34], +) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { + #[cfg(feature = "mldsa44")] + (4, 4) => matrix_A_4_by_4::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + #[cfg(feature = "mldsa65")] + (6, 5) => matrix_A_6_by_5::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + #[cfg(feature = "mldsa87")] + (8, 7) => matrix_A_8_by_7::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + _ => unreachable!(), + } +} + +#[allow(non_snake_case)] +pub(crate) fn matrix_A_generic< + SIMDUnit: Operations, + Shake128: shake128::XofX4, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, +>( seed: [u8; 34], ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { - (4, 4) => matrix_A_4_by_4::(seed), - (6, 5) => matrix_A_6_by_5::(seed), - (8, 7) => matrix_A_8_by_7::(seed), + #[cfg(feature = "mldsa44")] + (4, 4) => matrix_A_4_by_4::(seed), + #[cfg(feature = "mldsa65")] + (6, 5) => matrix_A_6_by_5::(seed), + #[cfg(feature = "mldsa87")] + (8, 7) => matrix_A_8_by_7::(seed), _ => unreachable!(), } } From 2b2e4e8ba452934cd684e266af00e37442d4fe1e Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 16 Dec 2024 15:48:46 +0100 Subject: [PATCH 03/25] Remove obsolete comment --- libcrux-ml-dsa/src/samplex4.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 285186ba0..1818cf758 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -179,8 +179,6 @@ pub(crate) fn matrix_A Date: Mon, 16 Dec 2024 16:24:14 +0100 Subject: [PATCH 04/25] Remove obsolete `unsafe` exceptions --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index bd4b333e0..1c1cb164a 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -26,7 +26,6 @@ pub(crate) mod multiplexing; /// Generate a key pair. #[inline(always)] -#[allow(unsafe_code)] pub(crate) fn generate_key_pair< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -232,7 +231,6 @@ pub(crate) fn sign< /// `message` already contains the domain separation. #[allow(non_snake_case)] #[inline(always)] -#[allow(unsafe_code)] pub(crate) fn sign_internal< SIMDUnit: Operations, Shake128X4: shake128::XofX4, @@ -478,7 +476,6 @@ fn derive_message_representative( /// `message` already contains the domain separation. #[allow(non_snake_case)] #[inline(always)] -#[allow(unsafe_code)] pub(crate) fn verify_internal< SIMDUnit: Operations, Shake128X4: shake128::XofX4, From 7537f2b95b9049364d712f0e7896972e440e323b Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Mon, 16 Dec 2024 16:36:38 +0100 Subject: [PATCH 05/25] Some documentation around `SampleArgs` --- libcrux-ml-dsa/src/sample.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index fa69241a7..95ce8a771 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -34,6 +34,10 @@ fn rejection_sample_less_than_field_modulus( done } +/// A buffering data structure for sampling into a matrix. +/// +/// After rejection sampling the ring element at `tmp_stack[i]` will +/// be written to the indices at `indices[i]` in `out`. pub(super) struct SampleArgs< 'a, SIMDUnit: Operations, @@ -41,14 +45,21 @@ pub(super) struct SampleArgs< const ROWS_IN_A: usize, const COLUMNS_IN_A: usize, > { + /// Buffer for holding an initial supply of rejection sampling + /// randomness, e.g. five blocks of XoF output. pub(super) rand_stack: &'a mut ( [u8; STACK_SIZE], [u8; STACK_SIZE], [u8; STACK_SIZE], [u8; STACK_SIZE], ), + /// Buffers for holding coefficients of field elements as they are sampled. pub(super) tmp_stack: &'a mut [[i32; 263]], + /// Matrix into which field elements are written from + /// `tmp_stack`, after successful rejection sampling. pub(super) out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], + /// Indices in `out` where ring elements from `tmp_stack` should + /// be written to. pub(super) indices: &'a [(usize, usize)], } From 229548656e4eaa1324c514638f9f8d135499a5c1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 17 Dec 2024 14:22:52 +0100 Subject: [PATCH 06/25] Use trait for Sampler instead of enum --- libcrux-ml-dsa/src/ml_dsa_generic.rs | 40 ++--- .../src/ml_dsa_generic/instantiations.rs | 31 ++-- .../src/ml_dsa_generic/instantiations/avx2.rs | 57 ++----- libcrux-ml-dsa/src/samplex4.rs | 153 +++++++++++------- 4 files changed, 138 insertions(+), 143 deletions(-) diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 1c1cb164a..a5bde6d4a 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -28,6 +28,7 @@ pub(crate) mod multiplexing; #[inline(always)] pub(crate) fn generate_key_pair< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, Shake256Xof: shake256::Xof, @@ -40,7 +41,6 @@ pub(crate) fn generate_key_pair< const VERIFICATION_KEY_SIZE: usize, >( randomness: [u8; KEY_GENERATION_RANDOMNESS_SIZE], - sampler: X4Sampler, ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { // 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE let mut seed_expanded = [0; 128]; @@ -55,10 +55,8 @@ pub(crate) fn generate_key_pair< let (seed_for_error_vectors, seed_for_signing) = seed_expanded.split_at(SEED_FOR_ERROR_VECTORS_SIZE); - let a_as_ntt = samplex4::matrix_A::( - into_padded_array(seed_for_a), - sampler, - ); + let a_as_ntt = + Sampler::matrix_A::(into_padded_array(seed_for_a)); let (s1, s2) = samplex4::sample_s1_and_s2::( into_padded_array(seed_for_error_vectors), @@ -98,6 +96,7 @@ pub(crate) fn generate_key_pair< #[inline(always)] pub(crate) fn sign_pre_hashed< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128: shake128::Xof, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, @@ -124,7 +123,6 @@ pub(crate) fn sign_pre_hashed< message: &[u8], context: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], - sampler: X4Sampler, ) -> Result, SigningError> { if context.len() > CONTEXT_MAX_LEN { return Err(SigningError::ContextTooLongError); @@ -136,6 +134,7 @@ pub(crate) fn sign_pre_hashed< }; sign_internal::< SIMDUnit, + Sampler, Shake128X4, Shake256, Shake256Xof, @@ -159,7 +158,6 @@ pub(crate) fn sign_pre_hashed< &pre_hashed_message, Some(domain_separation_context), randomness, - sampler, ) } @@ -167,6 +165,7 @@ pub(crate) fn sign_pre_hashed< #[inline(always)] pub(crate) fn sign< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, Shake256Xof: shake256::Xof, @@ -190,7 +189,6 @@ pub(crate) fn sign< message: &[u8], context: &[u8], randomness: [u8; SIGNING_RANDOMNESS_SIZE], - sampler: X4Sampler, ) -> Result, SigningError> { let domain_separation_context = match DomainSeparationContext::new(context, None) { Ok(dsc) => dsc, @@ -198,6 +196,7 @@ pub(crate) fn sign< }; sign_internal::< SIMDUnit, + Sampler, Shake128X4, Shake256, Shake256Xof, @@ -221,7 +220,6 @@ pub(crate) fn sign< message, Some(domain_separation_context), randomness, - sampler, ) } @@ -233,6 +231,7 @@ pub(crate) fn sign< #[inline(always)] pub(crate) fn sign_internal< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, Shake256Xof: shake256::Xof, @@ -256,7 +255,6 @@ pub(crate) fn sign_internal< message: &[u8], domain_separation_context: Option, randomness: [u8; SIGNING_RANDOMNESS_SIZE], - sampler: X4Sampler, ) -> Result, SigningError> { let (seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt) = encoding::signing_key::deserialize_then_ntt::< @@ -268,10 +266,8 @@ pub(crate) fn sign_internal< SIGNING_KEY_SIZE, >(signing_key); - let A_as_ntt = samplex4::matrix_A::( - into_padded_array(&seed_for_A), - sampler, - ); + let A_as_ntt = + Sampler::matrix_A::(into_padded_array(&seed_for_A)); let mut message_representative = [0; MESSAGE_REPRESENTATIVE_SIZE]; derive_message_representative::( @@ -478,6 +474,7 @@ fn derive_message_representative( #[inline(always)] pub(crate) fn verify_internal< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, Shake256Xof: shake256::Xof, @@ -499,7 +496,6 @@ pub(crate) fn verify_internal< message: &[u8], domain_separation_context: Option, signature_serialized: &[u8; SIGNATURE_SIZE], - sampler: X4Sampler, ) -> Result<(), VerificationError> { let (seed_for_A, t1) = encoding::verification_key::deserialize::( @@ -525,10 +521,8 @@ pub(crate) fn verify_internal< ) { return Err(VerificationError::SignerResponseExceedsBoundError); } - let A_as_ntt = samplex4::matrix_A::( - into_padded_array(&seed_for_A), - sampler, - ); + let A_as_ntt = + Sampler::matrix_A::(into_padded_array(&seed_for_A)); let mut verification_key_hash = [0; BYTES_FOR_VERIFICATION_KEY_HASH]; Shake256::shake256::( @@ -585,6 +579,7 @@ pub(crate) fn verify_internal< #[inline(always)] pub(crate) fn verify< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, Shake256Xof: shake256::Xof, @@ -606,7 +601,6 @@ pub(crate) fn verify< message: &[u8], context: &[u8], signature_serialized: &[u8; SIGNATURE_SIZE], - sampler: X4Sampler, ) -> Result<(), VerificationError> { // We manually do the matching here to make Eurydice happy. let domain_separation_context = match DomainSeparationContext::new(context, None) { @@ -615,6 +609,7 @@ pub(crate) fn verify< }; verify_internal::< SIMDUnit, + Sampler, Shake128X4, Shake256, Shake256Xof, @@ -636,7 +631,6 @@ pub(crate) fn verify< message, Some(domain_separation_context), &signature_serialized, - sampler, ) } @@ -644,6 +638,7 @@ pub(crate) fn verify< #[inline(always)] pub(crate) fn verify_pre_hashed< SIMDUnit: Operations, + Sampler: X4Sampler, Shake128: shake128::Xof, Shake128X4: shake128::XofX4, Shake256: shake256::DsaXof, @@ -668,7 +663,6 @@ pub(crate) fn verify_pre_hashed< message: &[u8], context: &[u8], signature_serialized: &[u8; SIGNATURE_SIZE], - sampler: X4Sampler, ) -> Result<(), VerificationError> { let pre_hashed_message = PH::hash::(message); let domain_separation_context = match DomainSeparationContext::new(context, Some(PH::oid())) { @@ -678,6 +672,7 @@ pub(crate) fn verify_pre_hashed< verify_internal::< SIMDUnit, + Sampler, Shake128X4, Shake256, Shake256Xof, @@ -699,6 +694,5 @@ pub(crate) fn verify_pre_hashed< &pre_hashed_message, Some(domain_separation_context), &signature_serialized, - sampler, ) } diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs index f2714e110..a3f240793 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations.rs @@ -21,6 +21,7 @@ macro_rules! instantiate { ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { crate::ml_dsa_generic::generate_key_pair::< $simdunit, + $sampler, $shake128x4, $shake256, $shake256xof, @@ -31,7 +32,7 @@ macro_rules! instantiate { ERROR_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, VERIFICATION_KEY_SIZE, - >(randomness, $sampler) + >(randomness) } /// Sign. @@ -58,6 +59,7 @@ macro_rules! instantiate { ) -> Result, SigningError> { crate::ml_dsa_generic::sign::< $simdunit, + $sampler, $shake128x4, $shake256, $shake256xof, @@ -76,7 +78,7 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness, $sampler) + >(&signing_key, message, context, randomness) } /// Sign (internal API) @@ -103,6 +105,7 @@ macro_rules! instantiate { ) -> Result, SigningError> { crate::ml_dsa_generic::sign_internal::< $simdunit, + $sampler, $shake128x4, $shake256, $shake256xof, @@ -121,13 +124,7 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >( - &signing_key, - message, - None, - randomness, - crate::samplex4::X4Sampler::AVX2, - ) + >(&signing_key, message, None, randomness) } /// Sign (pre-hashed). @@ -154,6 +151,7 @@ macro_rules! instantiate { ) -> Result, SigningError> { crate::ml_dsa_generic::sign_pre_hashed::< $simdunit, + $sampler, $shake128, $shake128x4, $shake256, @@ -175,7 +173,7 @@ macro_rules! instantiate { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >(&signing_key, message, context, randomness, $sampler) + >(&signing_key, message, context, randomness) } /// Verify. @@ -201,6 +199,7 @@ macro_rules! instantiate { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify::< $simdunit, + $sampler, $shake128x4, $shake256, $shake256xof, @@ -217,7 +216,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature, $sampler) + >(verification_key, message, context, signature) } /// Verify (internal API). @@ -243,6 +242,7 @@ macro_rules! instantiate { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify_internal::< $simdunit, + $sampler, $shake128x4, $shake256, $shake256xof, @@ -259,7 +259,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, None, signature, $sampler) + >(verification_key, message, None, signature) } /// Verify (pre-hashed with SHAKE-128). @@ -285,6 +285,7 @@ macro_rules! instantiate { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify_pre_hashed::< $simdunit, + $sampler, $shake128, $shake128x4, $shake256, @@ -304,7 +305,7 @@ macro_rules! instantiate { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >(verification_key, message, context, signature, $sampler) + >(verification_key, message, context, signature) } } }; @@ -318,7 +319,7 @@ instantiate! {portable, crate::hash_functions::portable::Shake256, crate::hash_functions::portable::Shake256Xof, crate::hash_functions::portable::Shake256X4, - crate::samplex4::X4Sampler::Portable + crate::samplex4::portable::PortableSampler } // AVX2 generic implementation. @@ -334,5 +335,5 @@ instantiate! {neon, crate::hash_functions::portable::Shake256, crate::hash_functions::portable::Shake256Xof, crate::hash_functions::neon::Shake256x4, - crate::samplex4::X4Sampler::Neon + crate::samplex4::neon::NeonSampler } diff --git a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs index 0e756ac25..b582d0a54 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic/instantiations/avx2.rs @@ -23,6 +23,7 @@ mod avx2_feature { ) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) { crate::ml_dsa_generic::generate_key_pair::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256 @@ -33,7 +34,7 @@ mod avx2_feature { ERROR_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, VERIFICATION_KEY_SIZE, - >(randomness, crate::samplex4::X4Sampler::AVX2) + >(randomness) } /// Sign. @@ -62,6 +63,7 @@ mod avx2_feature { ) -> Result, SigningError> { crate::ml_dsa_generic::sign::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256 @@ -80,13 +82,7 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >( - &signing_key, - message, - context, - randomness, - crate::samplex4::X4Sampler::AVX2, - ) + >(&signing_key, message, context, randomness) } /// Sign (internal API) @@ -115,6 +111,7 @@ mod avx2_feature { ) -> Result, SigningError> { crate::ml_dsa_generic::sign_internal::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256 @@ -133,13 +130,7 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >( - &signing_key, - message, - None, - randomness, - crate::samplex4::X4Sampler::AVX2, - ) + >(&signing_key, message, None, randomness) } /// Sign (pre-hashed). @@ -168,6 +159,7 @@ mod avx2_feature { ) -> Result, SigningError> { crate::ml_dsa_generic::sign_pre_hashed::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::portable::Shake128, // XXX: Use simd256 crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, @@ -189,13 +181,7 @@ mod avx2_feature { GAMMA1_RING_ELEMENT_SIZE, SIGNING_KEY_SIZE, SIGNATURE_SIZE, - >( - &signing_key, - message, - context, - randomness, - crate::samplex4::X4Sampler::AVX2, - ) + >(&signing_key, message, context, randomness) } /// Verify. @@ -223,6 +209,7 @@ mod avx2_feature { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256 @@ -239,13 +226,7 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >( - verification_key, - message, - context, - signature, - crate::samplex4::X4Sampler::AVX2, - ) + >(verification_key, message, context, signature) } /// Verify (internal API). @@ -273,6 +254,7 @@ mod avx2_feature { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify_internal::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, crate::hash_functions::portable::Shake256Xof, // XXX: Use simd256 @@ -289,13 +271,7 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >( - verification_key, - message, - None, - signature, - crate::samplex4::X4Sampler::AVX2, - ) + >(verification_key, message, None, signature) } /// Verify (pre-hashed with SHAKE-128). @@ -323,6 +299,7 @@ mod avx2_feature { ) -> Result<(), VerificationError> { crate::ml_dsa_generic::verify_pre_hashed::< crate::simd::avx2::AVX2SIMDUnit, + crate::samplex4::avx2::AVX2Sampler, crate::hash_functions::portable::Shake128, // XXX: Use simd256 crate::hash_functions::simd256::Shake128x4, crate::hash_functions::simd256::Shake256, @@ -342,13 +319,7 @@ mod avx2_feature { COMMITMENT_HASH_SIZE, ONES_IN_VERIFIER_CHALLENGE, MAX_ONES_IN_HINT, - >( - verification_key, - message, - context, - signature, - crate::samplex4::X4Sampler::AVX2, - ) + >(verification_key, message, context, signature) } } diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 1818cf758..760041885 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -6,11 +6,12 @@ use crate::{ }; /// The x4 sampling implementation that is selected during multiplexing. -#[allow(unused)] -pub(crate) enum X4Sampler { - AVX2, - Neon, - Portable, +pub(crate) trait X4Sampler { + /// Sample the matrix A using platform specific implementation. + #[allow(non_snake_case)] + fn matrix_A( + seed: [u8; 34], + ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; } #[inline(always)] @@ -152,66 +153,94 @@ pub(crate) fn matrix_A_8_by_7< A } -#[inline(always)] -#[allow(unsafe_code)] -#[allow(non_snake_case)] -pub(crate) fn matrix_A( - seed: [u8; 34], - sampler: X4Sampler, -) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { - match sampler { - #[cfg(feature = "simd256")] - X4Sampler::AVX2 => unsafe { matrix_A_avx2::(seed) }, - #[cfg(feature = "simd128")] - X4Sampler::Neon => matrix_A_generic::< - SIMDUnit, - crate::hash_functions::neon::Shake128x4, - ROWS_IN_A, - COLUMNS_IN_A, - >(seed), - X4Sampler::Portable => matrix_A_generic::< - SIMDUnit, - crate::hash_functions::portable::Shake128X4, - ROWS_IN_A, - COLUMNS_IN_A, - >(seed), - _ => unreachable!(), +pub(crate) mod portable { + use super::*; + + pub(crate) struct PortableSampler {} + impl X4Sampler for PortableSampler { + #[inline(always)] + fn matrix_A( + seed: [u8; 34], + ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + matrix_A_generic::< + SIMDUnit, + crate::hash_functions::portable::Shake128X4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed) + } } } -#[cfg_attr(not(hax), target_feature(enable = "avx2"))] -#[allow(unsafe_code)] -#[allow(non_snake_case)] -pub(crate) unsafe fn matrix_A_avx2< - SIMDUnit: Operations, - const ROWS_IN_A: usize, - const COLUMNS_IN_A: usize, ->( - seed: [u8; 34], -) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { - match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { - #[cfg(feature = "mldsa44")] - (4, 4) => matrix_A_4_by_4::< - SIMDUnit, - crate::hash_functions::simd256::Shake128x4, - ROWS_IN_A, - COLUMNS_IN_A, - >(seed), - #[cfg(feature = "mldsa65")] - (6, 5) => matrix_A_6_by_5::< - SIMDUnit, - crate::hash_functions::simd256::Shake128x4, - ROWS_IN_A, - COLUMNS_IN_A, - >(seed), - #[cfg(feature = "mldsa87")] - (8, 7) => matrix_A_8_by_7::< - SIMDUnit, - crate::hash_functions::simd256::Shake128x4, - ROWS_IN_A, - COLUMNS_IN_A, - >(seed), - _ => unreachable!(), +#[cfg(feature = "simd128")] +pub(crate) mod neon { + use super::*; + + pub(crate) struct NeonSampler {} + impl X4Sampler for NeonSampler { + #[inline(always)] + fn matrix_A( + seed: [u8; 34], + ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + matrix_A_generic::< + SIMDUnit, + crate::hash_functions::neon::Shake128X4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed) + } + } +} + +#[cfg(feature = "simd256")] +pub(crate) mod avx2 { + use super::*; + + pub(crate) struct AVX2Sampler {} + impl X4Sampler for AVX2Sampler { + #[inline(always)] + #[allow(unsafe_code)] + fn matrix_A( + seed: [u8; 34], + ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + unsafe { matrix_A_avx2(seed) } + } + } + + #[cfg_attr(not(hax), target_feature(enable = "avx2"))] + #[allow(unsafe_code)] + #[allow(non_snake_case)] + pub(crate) unsafe fn matrix_A_avx2< + SIMDUnit: Operations, + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + >( + seed: [u8; 34], + ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { + match (ROWS_IN_A as u8, COLUMNS_IN_A as u8) { + #[cfg(feature = "mldsa44")] + (4, 4) => matrix_A_4_by_4::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + #[cfg(feature = "mldsa65")] + (6, 5) => matrix_A_6_by_5::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + #[cfg(feature = "mldsa87")] + (8, 7) => matrix_A_8_by_7::< + SIMDUnit, + crate::hash_functions::simd256::Shake128x4, + ROWS_IN_A, + COLUMNS_IN_A, + >(seed), + _ => unreachable!(), + } } } From 7329f77864abb16a99160326232cd2188a7ea379 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 17 Dec 2024 14:26:05 +0100 Subject: [PATCH 07/25] C Extraction Update --- libcrux-ml-dsa/cg.yaml | 4 +- libcrux-ml-dsa/cg/code_gen.txt | 2 +- libcrux-ml-dsa/cg/header.txt | 2 +- libcrux-ml-dsa/cg/libcrux_core.h | 24 +- libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h | 2851 +++++++++++------ libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 2894 ++++++++++++------ libcrux-ml-dsa/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-dsa/cg/libcrux_sha3_portable.h | 2 +- 8 files changed, 4021 insertions(+), 1760 deletions(-) diff --git a/libcrux-ml-dsa/cg.yaml b/libcrux-ml-dsa/cg.yaml index 8989a1168..5ea47625a 100644 --- a/libcrux-ml-dsa/cg.yaml +++ b/libcrux-ml-dsa/cg.yaml @@ -53,7 +53,8 @@ files: include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' api: - patterns: + patterns: + - [libcrux_ml_dsa, samplex4, avx2, "*"] - [libcrux_ml_dsa, simd, avx2, "*"] - [libcrux_ml_dsa, hash_functions, simd256, "*"] - [libcrux_ml_dsa, ml_dsa_65, avx2, "*"] @@ -76,6 +77,7 @@ files: api: patterns: - [libcrux_ml_dsa, "*"] + - [libcrux_ml_dsa, samplex4, portable, "*"] - [libcrux_ml_dsa, simd, "*"] - [libcrux_ml_dsa, hash_functions, portable, "*"] - [libcrux_ml_dsa, ml_dsa_65, portable, "*"] diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt index ff59781b4..2534e4163 100644 --- a/libcrux-ml-dsa/cg/code_gen.txt +++ b/libcrux-ml-dsa/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 F*: b0961063393215ca65927f017720cb365a193833-dirty -Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590 +Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt index 17dad08f7..3d06fc7fc 100644 --- a/libcrux-ml-dsa/cg/header.txt +++ b/libcrux-ml-dsa/cg/header.txt @@ -8,5 +8,5 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: d4b51bcb3af12fb1358ed37830e33cbd72d31590 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h index ed839622f..fcb82cc0a 100644 --- a/libcrux-ml-dsa/cg/libcrux_core.h +++ b/libcrux-ml-dsa/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ #ifndef __libcrux_core_H @@ -42,7 +42,7 @@ typedef uint8_t Result_a9_tags; #define None 0 #define Some 1 -typedef uint8_t Option_d8_tags; +typedef uint8_t Option_08_tags; /** A monomorphic instance of core.option.Option @@ -50,7 +50,7 @@ with types size_t */ typedef struct Option_08_s { - Option_d8_tags tag; + Option_08_tags tag; size_t f0; } Option_08; @@ -139,11 +139,11 @@ typedef struct libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature_s { This function found in impl {libcrux_ml_dsa::types::MLDSASignature#4} */ /** -A monomorphic instance of libcrux_ml_dsa.types.as_raw_8f +A monomorphic instance of libcrux_ml_dsa.types.as_ref_8f with const generics - SIZE= 3309 */ -static inline uint8_t *libcrux_ml_dsa_types_as_raw_8f_fa( +static inline uint8_t *libcrux_ml_dsa_types_as_ref_8f_fa( libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *self) { return self->value; } @@ -216,11 +216,11 @@ This function found in impl {libcrux_ml_dsa::types::MLDSAVerificationKey#2} */ /** -A monomorphic instance of libcrux_ml_dsa.types.as_raw_66 +A monomorphic instance of libcrux_ml_dsa.types.as_ref_66 with const generics - SIZE= 1952 */ -static inline uint8_t *libcrux_ml_dsa_types_as_raw_66_97( +static inline uint8_t *libcrux_ml_dsa_types_as_ref_66_97( libcrux_ml_dsa_types_MLDSAVerificationKey_ea *self) { return self->value; } @@ -231,7 +231,7 @@ with types int32_t[256size_t][6size_t] */ typedef struct Option_f0_s { - Option_d8_tags tag; + Option_08_tags tag; int32_t f0[6U][256U]; } Option_f0; @@ -241,7 +241,7 @@ with types uint8_t[48size_t] */ typedef struct Option_67_s { - Option_d8_tags tag; + Option_08_tags tag; uint8_t f0[48U]; } Option_67; @@ -369,11 +369,11 @@ typedef struct libcrux_ml_dsa_types_MLDSASigningKey_22_s { This function found in impl {libcrux_ml_dsa::types::MLDSASigningKey} */ /** -A monomorphic instance of libcrux_ml_dsa.types.as_raw_9b +A monomorphic instance of libcrux_ml_dsa.types.as_ref_9b with const generics - SIZE= 4032 */ -static inline uint8_t *libcrux_ml_dsa_types_as_raw_9b_09( +static inline uint8_t *libcrux_ml_dsa_types_as_ref_9b_09( libcrux_ml_dsa_types_MLDSASigningKey_22 *self) { return self->value; } @@ -499,7 +499,7 @@ with types uint8_t[11size_t] */ typedef struct Option_30_s { - Option_d8_tags tag; + Option_08_tags tag; uint8_t f0[11U]; } Option_30; diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h index 4cd046ed1..df9227c80 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ #ifndef __libcrux_mldsa65_avx2_H @@ -3230,6 +3230,9 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_simd_avx2_invert_ntt_montgomery_a2( memcpy(ret, ret0, (size_t)32U * sizeof(__m256i)); } +typedef struct libcrux_ml_dsa_samplex4_avx2_AVX2Sampler_s { +} libcrux_ml_dsa_samplex4_avx2_AVX2Sampler; + /** A monomorphic instance of libcrux_ml_dsa.polynomial.PolynomialRingElement with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit @@ -3289,579 +3292,77 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ea(void) { return lit; } -typedef struct - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4_s { - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst; - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 thd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3; -} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4; - /** -A monomorphic instance of -libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types -libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) { - bool done = false; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) { - size_t _cloop_i = i; - Eurydice_slice random_bytes = - Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U, - _cloop_i * (size_t)24U + (size_t)24U, uint8_t); - if (!done) { - Eurydice_slice uu____0 = random_bytes; - size_t sampled = - libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2( - uu____0, Eurydice_array_to_subslice_from((size_t)263U, out, - sampled_coefficients[0U], - int32_t, size_t)); - sampled_coefficients[0U] = sampled_coefficients[0U] + sampled; - if (sampled_coefficients[0U] >= - LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - done = true; - } - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics - +- $840size_t +- $6size_t +- $5size_t */ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24 -libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result = - libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2( - Eurydice_slice_subslice2( - array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - (i0 + (size_t)1U) * - LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - int32_t)); - } - return result; -} +typedef struct libcrux_ml_dsa_sample_SampleArgs_c5_s { + uint8_t_840size_t__x4 *rand_stack; + Eurydice_slice tmp_stack; + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U]; + Eurydice_slice indices; +} libcrux_ml_dsa_sample_SampleArgs_c5; /** -A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics - +This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit, +STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]} */ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 -libcrux_ml_dsa_sample_sample_four_ring_elements_ea(uint8_t seed0[34U], - uint16_t domain_separator0, - uint16_t domain_separator1, - uint16_t domain_seperator2, - uint16_t domain_separator3) { - seed0[32U] = (uint8_t)domain_separator0; - seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); - uint8_t seed1[34U]; - memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t)); - seed1[32U] = (uint8_t)domain_separator1; - seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); - uint8_t seed2[34U]; - memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); - seed2[32U] = (uint8_t)domain_seperator2; - seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); - uint8_t seed3[34U]; - memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); - seed3[32U] = (uint8_t)domain_separator3; - seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U); - libcrux_ml_dsa_hash_functions_portable_Shake128X4 state = - libcrux_ml_dsa_hash_functions_portable_init_absorb_ed( - Eurydice_array_to_slice((size_t)34U, seed0, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed1, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); - uint8_t randomness0[840U] = {0U}; - uint8_t randomness1[840U] = {0U}; - uint8_t randomness2[840U] = {0U}; - uint8_t randomness3[840U] = {0U}; - libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed( - &state, randomness0, randomness1, randomness2, randomness3); - int32_t coefficients0[263U] = {0U}; - int32_t coefficients1[263U] = {0U}; - int32_t coefficients2[263U] = {0U}; - int32_t coefficients3[263U] = {0U}; - size_t sampled0 = (size_t)0U; - size_t sampled1 = (size_t)0U; - size_t sampled2 = (size_t)0U; - size_t sampled3 = (size_t)0U; - bool done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t), - &sampled0, coefficients0); - bool done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t), - &sampled1, coefficients1); - bool done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t), - &sampled2, coefficients2); - bool done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t), - &sampled3, coefficients3); - while (true) { - if (done0) { - if (done1) { - if (done2) { - if (done3) { - break; - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), - &sampled3, coefficients3); - } - } - } - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____0 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ea( - Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ea( - Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____2 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ea( - Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - lit; - lit.fst = uu____0; - lit.snd = uu____1; - lit.thd = uu____2; - lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ea( - Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix +A monomorphic instance of libcrux_ml_dsa.sample.new_29 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics +- STACK_SIZE= 840 - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_dsa_samplex4_update_matrix_fe( - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*m)[5U], size_t i, - size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_24 v) { - m[i][j] = v; +static inline libcrux_ml_dsa_sample_SampleArgs_c5 +libcrux_ml_dsa_sample_new_29_4f( + uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U], + Eurydice_slice indices) { + libcrux_ml_dsa_sample_SampleArgs_c5 lit; + lit.rand_stack = rand_stack; + lit.tmp_stack = tmp_stack; + lit.out = out; + lit.indices = indices; + return lit; } /** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4 -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics +A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe( - uint8_t seed[34U], - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U]; - for (size_t i = (size_t)0U; i < (size_t)6U; i++) { - A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U, - four_ring_elements2.f3); - memcpy(ret, A, - (size_t)6U * - sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); +static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, + uint16_t domain_seperator2, uint16_t domain_separator3, + libcrux_ml_dsa_sample_SampleArgs_c5 *memory) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "Eurydice error: Failure(\"Error looking trait impl: " + "core::slice::iter::{core::iter::traits::iterator::Iterator for " + "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, " + "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n"); + KRML_HOST_EXIT(255U); } /** A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5 -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics -- ROWS_IN_A= 6 -- COLUMNS_IN_A= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe( - uint8_t seed[34U], - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U]; - for (size_t i = (size_t)0U; i < (size_t)6U; i++) { - A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U, - four_ring_elements2.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed3[34U]; - memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed3, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U, - four_ring_elements3.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U, - four_ring_elements3.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U, - four_ring_elements3.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U, - four_ring_elements3.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed4[34U]; - memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed4, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U, - four_ring_elements4.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U, - four_ring_elements4.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U, - four_ring_elements4.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U, - four_ring_elements4.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed5[34U]; - memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed5, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U, - four_ring_elements5.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U, - four_ring_elements5.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U, - four_ring_elements5.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U, - four_ring_elements5.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed6[34U]; - memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed6, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U, - four_ring_elements6.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U, - four_ring_elements6.snd); - memcpy(ret, A, - (size_t)6U * - sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); -} - -/** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7 -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe( +static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( uint8_t seed[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) { libcrux_ml_dsa_polynomial_PolynomialRingElement_24 A[6U][5U]; @@ -3872,296 +3373,1865 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe( A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)4U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)5U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)0U, (size_t)6U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)0U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)1U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)2U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)3U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)4U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)5U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)1U, (size_t)6U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)0U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)1U, - four_ring_elements2.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed3[34U]; - memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed3, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)2U, - four_ring_elements3.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)3U, - four_ring_elements3.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)4U, - four_ring_elements3.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)5U, - four_ring_elements3.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed4[34U]; - memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed4, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)2U, (size_t)6U, - four_ring_elements4.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)0U, - four_ring_elements4.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)1U, - four_ring_elements4.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)2U, - four_ring_elements4.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed5[34U]; - memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed5, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)3U, - four_ring_elements5.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)4U, - four_ring_elements5.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)5U, - four_ring_elements5.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)3U, (size_t)6U, - four_ring_elements5.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed6[34U]; - memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed6, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)0U, - four_ring_elements6.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)1U, - four_ring_elements6.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)2U, - four_ring_elements6.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)3U, - four_ring_elements6.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed7[34U]; - memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed7, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)4U, - four_ring_elements7.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)5U, - four_ring_elements7.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)4U, (size_t)6U, - four_ring_elements7.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)0U, - four_ring_elements7.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed8[34U]; - memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed8, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)1U, - four_ring_elements8.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)2U, - four_ring_elements8.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)3U, - four_ring_elements8.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)4U, - four_ring_elements8.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed9[34U]; - memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed9, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)5U, - four_ring_elements9.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)5U, (size_t)6U, - four_ring_elements9.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)0U, - four_ring_elements9.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)1U, - four_ring_elements9.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed10[34U]; - memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed10, - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)2U, - four_ring_elements10.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)3U, - four_ring_elements10.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)4U, - four_ring_elements10.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)5U, - four_ring_elements10.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed11[34U]; - memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed11, - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)6U, (size_t)6U, - four_ring_elements11.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)0U, - four_ring_elements11.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)1U, - four_ring_elements11.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)2U, - four_ring_elements11.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed12[34U]; - memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4 - four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ea( - copy_of_seed12, - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)3U, - four_ring_elements12.fst); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)4U, - four_ring_elements12.snd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)5U, - four_ring_elements12.thd); - libcrux_ml_dsa_samplex4_update_matrix_fe(A, (size_t)7U, (size_t)6U, - four_ring_elements12.f3); + uint8_t uu____0[840U] = {0U}; + uint8_t uu____1[840U] = {0U}; + uint8_t_840size_t__x4 rand_stack; + rand_stack.fst[0U] = 0U; + rand_stack.fst[1U] = 0U; + rand_stack.fst[2U] = 0U; + rand_stack.fst[3U] = 0U; + rand_stack.fst[4U] = 0U; + rand_stack.fst[5U] = 0U; + rand_stack.fst[6U] = 0U; + rand_stack.fst[7U] = 0U; + rand_stack.fst[8U] = 0U; + rand_stack.fst[9U] = 0U; + rand_stack.fst[10U] = 0U; + rand_stack.fst[11U] = 0U; + rand_stack.fst[12U] = 0U; + rand_stack.fst[13U] = 0U; + rand_stack.fst[14U] = 0U; + rand_stack.fst[15U] = 0U; + rand_stack.fst[16U] = 0U; + rand_stack.fst[17U] = 0U; + rand_stack.fst[18U] = 0U; + rand_stack.fst[19U] = 0U; + rand_stack.fst[20U] = 0U; + rand_stack.fst[21U] = 0U; + rand_stack.fst[22U] = 0U; + rand_stack.fst[23U] = 0U; + rand_stack.fst[24U] = 0U; + rand_stack.fst[25U] = 0U; + rand_stack.fst[26U] = 0U; + rand_stack.fst[27U] = 0U; + rand_stack.fst[28U] = 0U; + rand_stack.fst[29U] = 0U; + rand_stack.fst[30U] = 0U; + rand_stack.fst[31U] = 0U; + rand_stack.fst[32U] = 0U; + rand_stack.fst[33U] = 0U; + rand_stack.fst[34U] = 0U; + rand_stack.fst[35U] = 0U; + rand_stack.fst[36U] = 0U; + rand_stack.fst[37U] = 0U; + rand_stack.fst[38U] = 0U; + rand_stack.fst[39U] = 0U; + rand_stack.fst[40U] = 0U; + rand_stack.fst[41U] = 0U; + rand_stack.fst[42U] = 0U; + rand_stack.fst[43U] = 0U; + rand_stack.fst[44U] = 0U; + rand_stack.fst[45U] = 0U; + rand_stack.fst[46U] = 0U; + rand_stack.fst[47U] = 0U; + rand_stack.fst[48U] = 0U; + rand_stack.fst[49U] = 0U; + rand_stack.fst[50U] = 0U; + rand_stack.fst[51U] = 0U; + rand_stack.fst[52U] = 0U; + rand_stack.fst[53U] = 0U; + rand_stack.fst[54U] = 0U; + rand_stack.fst[55U] = 0U; + rand_stack.fst[56U] = 0U; + rand_stack.fst[57U] = 0U; + rand_stack.fst[58U] = 0U; + rand_stack.fst[59U] = 0U; + rand_stack.fst[60U] = 0U; + rand_stack.fst[61U] = 0U; + rand_stack.fst[62U] = 0U; + rand_stack.fst[63U] = 0U; + rand_stack.fst[64U] = 0U; + rand_stack.fst[65U] = 0U; + rand_stack.fst[66U] = 0U; + rand_stack.fst[67U] = 0U; + rand_stack.fst[68U] = 0U; + rand_stack.fst[69U] = 0U; + rand_stack.fst[70U] = 0U; + rand_stack.fst[71U] = 0U; + rand_stack.fst[72U] = 0U; + rand_stack.fst[73U] = 0U; + rand_stack.fst[74U] = 0U; + rand_stack.fst[75U] = 0U; + rand_stack.fst[76U] = 0U; + rand_stack.fst[77U] = 0U; + rand_stack.fst[78U] = 0U; + rand_stack.fst[79U] = 0U; + rand_stack.fst[80U] = 0U; + rand_stack.fst[81U] = 0U; + rand_stack.fst[82U] = 0U; + rand_stack.fst[83U] = 0U; + rand_stack.fst[84U] = 0U; + rand_stack.fst[85U] = 0U; + rand_stack.fst[86U] = 0U; + rand_stack.fst[87U] = 0U; + rand_stack.fst[88U] = 0U; + rand_stack.fst[89U] = 0U; + rand_stack.fst[90U] = 0U; + rand_stack.fst[91U] = 0U; + rand_stack.fst[92U] = 0U; + rand_stack.fst[93U] = 0U; + rand_stack.fst[94U] = 0U; + rand_stack.fst[95U] = 0U; + rand_stack.fst[96U] = 0U; + rand_stack.fst[97U] = 0U; + rand_stack.fst[98U] = 0U; + rand_stack.fst[99U] = 0U; + rand_stack.fst[100U] = 0U; + rand_stack.fst[101U] = 0U; + rand_stack.fst[102U] = 0U; + rand_stack.fst[103U] = 0U; + rand_stack.fst[104U] = 0U; + rand_stack.fst[105U] = 0U; + rand_stack.fst[106U] = 0U; + rand_stack.fst[107U] = 0U; + rand_stack.fst[108U] = 0U; + rand_stack.fst[109U] = 0U; + rand_stack.fst[110U] = 0U; + rand_stack.fst[111U] = 0U; + rand_stack.fst[112U] = 0U; + rand_stack.fst[113U] = 0U; + rand_stack.fst[114U] = 0U; + rand_stack.fst[115U] = 0U; + rand_stack.fst[116U] = 0U; + rand_stack.fst[117U] = 0U; + rand_stack.fst[118U] = 0U; + rand_stack.fst[119U] = 0U; + rand_stack.fst[120U] = 0U; + rand_stack.fst[121U] = 0U; + rand_stack.fst[122U] = 0U; + rand_stack.fst[123U] = 0U; + rand_stack.fst[124U] = 0U; + rand_stack.fst[125U] = 0U; + rand_stack.fst[126U] = 0U; + rand_stack.fst[127U] = 0U; + rand_stack.fst[128U] = 0U; + rand_stack.fst[129U] = 0U; + rand_stack.fst[130U] = 0U; + rand_stack.fst[131U] = 0U; + rand_stack.fst[132U] = 0U; + rand_stack.fst[133U] = 0U; + rand_stack.fst[134U] = 0U; + rand_stack.fst[135U] = 0U; + rand_stack.fst[136U] = 0U; + rand_stack.fst[137U] = 0U; + rand_stack.fst[138U] = 0U; + rand_stack.fst[139U] = 0U; + rand_stack.fst[140U] = 0U; + rand_stack.fst[141U] = 0U; + rand_stack.fst[142U] = 0U; + rand_stack.fst[143U] = 0U; + rand_stack.fst[144U] = 0U; + rand_stack.fst[145U] = 0U; + rand_stack.fst[146U] = 0U; + rand_stack.fst[147U] = 0U; + rand_stack.fst[148U] = 0U; + rand_stack.fst[149U] = 0U; + rand_stack.fst[150U] = 0U; + rand_stack.fst[151U] = 0U; + rand_stack.fst[152U] = 0U; + rand_stack.fst[153U] = 0U; + rand_stack.fst[154U] = 0U; + rand_stack.fst[155U] = 0U; + rand_stack.fst[156U] = 0U; + rand_stack.fst[157U] = 0U; + rand_stack.fst[158U] = 0U; + rand_stack.fst[159U] = 0U; + rand_stack.fst[160U] = 0U; + rand_stack.fst[161U] = 0U; + rand_stack.fst[162U] = 0U; + rand_stack.fst[163U] = 0U; + rand_stack.fst[164U] = 0U; + rand_stack.fst[165U] = 0U; + rand_stack.fst[166U] = 0U; + rand_stack.fst[167U] = 0U; + rand_stack.fst[168U] = 0U; + rand_stack.fst[169U] = 0U; + rand_stack.fst[170U] = 0U; + rand_stack.fst[171U] = 0U; + rand_stack.fst[172U] = 0U; + rand_stack.fst[173U] = 0U; + rand_stack.fst[174U] = 0U; + rand_stack.fst[175U] = 0U; + rand_stack.fst[176U] = 0U; + rand_stack.fst[177U] = 0U; + rand_stack.fst[178U] = 0U; + rand_stack.fst[179U] = 0U; + rand_stack.fst[180U] = 0U; + rand_stack.fst[181U] = 0U; + rand_stack.fst[182U] = 0U; + rand_stack.fst[183U] = 0U; + rand_stack.fst[184U] = 0U; + rand_stack.fst[185U] = 0U; + rand_stack.fst[186U] = 0U; + rand_stack.fst[187U] = 0U; + rand_stack.fst[188U] = 0U; + rand_stack.fst[189U] = 0U; + rand_stack.fst[190U] = 0U; + rand_stack.fst[191U] = 0U; + rand_stack.fst[192U] = 0U; + rand_stack.fst[193U] = 0U; + rand_stack.fst[194U] = 0U; + rand_stack.fst[195U] = 0U; + rand_stack.fst[196U] = 0U; + rand_stack.fst[197U] = 0U; + rand_stack.fst[198U] = 0U; + rand_stack.fst[199U] = 0U; + rand_stack.fst[200U] = 0U; + rand_stack.fst[201U] = 0U; + rand_stack.fst[202U] = 0U; + rand_stack.fst[203U] = 0U; + rand_stack.fst[204U] = 0U; + rand_stack.fst[205U] = 0U; + rand_stack.fst[206U] = 0U; + rand_stack.fst[207U] = 0U; + rand_stack.fst[208U] = 0U; + rand_stack.fst[209U] = 0U; + rand_stack.fst[210U] = 0U; + rand_stack.fst[211U] = 0U; + rand_stack.fst[212U] = 0U; + rand_stack.fst[213U] = 0U; + rand_stack.fst[214U] = 0U; + rand_stack.fst[215U] = 0U; + rand_stack.fst[216U] = 0U; + rand_stack.fst[217U] = 0U; + rand_stack.fst[218U] = 0U; + rand_stack.fst[219U] = 0U; + rand_stack.fst[220U] = 0U; + rand_stack.fst[221U] = 0U; + rand_stack.fst[222U] = 0U; + rand_stack.fst[223U] = 0U; + rand_stack.fst[224U] = 0U; + rand_stack.fst[225U] = 0U; + rand_stack.fst[226U] = 0U; + rand_stack.fst[227U] = 0U; + rand_stack.fst[228U] = 0U; + rand_stack.fst[229U] = 0U; + rand_stack.fst[230U] = 0U; + rand_stack.fst[231U] = 0U; + rand_stack.fst[232U] = 0U; + rand_stack.fst[233U] = 0U; + rand_stack.fst[234U] = 0U; + rand_stack.fst[235U] = 0U; + rand_stack.fst[236U] = 0U; + rand_stack.fst[237U] = 0U; + rand_stack.fst[238U] = 0U; + rand_stack.fst[239U] = 0U; + rand_stack.fst[240U] = 0U; + rand_stack.fst[241U] = 0U; + rand_stack.fst[242U] = 0U; + rand_stack.fst[243U] = 0U; + rand_stack.fst[244U] = 0U; + rand_stack.fst[245U] = 0U; + rand_stack.fst[246U] = 0U; + rand_stack.fst[247U] = 0U; + rand_stack.fst[248U] = 0U; + rand_stack.fst[249U] = 0U; + rand_stack.fst[250U] = 0U; + rand_stack.fst[251U] = 0U; + rand_stack.fst[252U] = 0U; + rand_stack.fst[253U] = 0U; + rand_stack.fst[254U] = 0U; + rand_stack.fst[255U] = 0U; + rand_stack.fst[256U] = 0U; + rand_stack.fst[257U] = 0U; + rand_stack.fst[258U] = 0U; + rand_stack.fst[259U] = 0U; + rand_stack.fst[260U] = 0U; + rand_stack.fst[261U] = 0U; + rand_stack.fst[262U] = 0U; + rand_stack.fst[263U] = 0U; + rand_stack.fst[264U] = 0U; + rand_stack.fst[265U] = 0U; + rand_stack.fst[266U] = 0U; + rand_stack.fst[267U] = 0U; + rand_stack.fst[268U] = 0U; + rand_stack.fst[269U] = 0U; + rand_stack.fst[270U] = 0U; + rand_stack.fst[271U] = 0U; + rand_stack.fst[272U] = 0U; + rand_stack.fst[273U] = 0U; + rand_stack.fst[274U] = 0U; + rand_stack.fst[275U] = 0U; + rand_stack.fst[276U] = 0U; + rand_stack.fst[277U] = 0U; + rand_stack.fst[278U] = 0U; + rand_stack.fst[279U] = 0U; + rand_stack.fst[280U] = 0U; + rand_stack.fst[281U] = 0U; + rand_stack.fst[282U] = 0U; + rand_stack.fst[283U] = 0U; + rand_stack.fst[284U] = 0U; + rand_stack.fst[285U] = 0U; + rand_stack.fst[286U] = 0U; + rand_stack.fst[287U] = 0U; + rand_stack.fst[288U] = 0U; + rand_stack.fst[289U] = 0U; + rand_stack.fst[290U] = 0U; + rand_stack.fst[291U] = 0U; + rand_stack.fst[292U] = 0U; + rand_stack.fst[293U] = 0U; + rand_stack.fst[294U] = 0U; + rand_stack.fst[295U] = 0U; + rand_stack.fst[296U] = 0U; + rand_stack.fst[297U] = 0U; + rand_stack.fst[298U] = 0U; + rand_stack.fst[299U] = 0U; + rand_stack.fst[300U] = 0U; + rand_stack.fst[301U] = 0U; + rand_stack.fst[302U] = 0U; + rand_stack.fst[303U] = 0U; + rand_stack.fst[304U] = 0U; + rand_stack.fst[305U] = 0U; + rand_stack.fst[306U] = 0U; + rand_stack.fst[307U] = 0U; + rand_stack.fst[308U] = 0U; + rand_stack.fst[309U] = 0U; + rand_stack.fst[310U] = 0U; + rand_stack.fst[311U] = 0U; + rand_stack.fst[312U] = 0U; + rand_stack.fst[313U] = 0U; + rand_stack.fst[314U] = 0U; + rand_stack.fst[315U] = 0U; + rand_stack.fst[316U] = 0U; + rand_stack.fst[317U] = 0U; + rand_stack.fst[318U] = 0U; + rand_stack.fst[319U] = 0U; + rand_stack.fst[320U] = 0U; + rand_stack.fst[321U] = 0U; + rand_stack.fst[322U] = 0U; + rand_stack.fst[323U] = 0U; + rand_stack.fst[324U] = 0U; + rand_stack.fst[325U] = 0U; + rand_stack.fst[326U] = 0U; + rand_stack.fst[327U] = 0U; + rand_stack.fst[328U] = 0U; + rand_stack.fst[329U] = 0U; + rand_stack.fst[330U] = 0U; + rand_stack.fst[331U] = 0U; + rand_stack.fst[332U] = 0U; + rand_stack.fst[333U] = 0U; + rand_stack.fst[334U] = 0U; + rand_stack.fst[335U] = 0U; + rand_stack.fst[336U] = 0U; + rand_stack.fst[337U] = 0U; + rand_stack.fst[338U] = 0U; + rand_stack.fst[339U] = 0U; + rand_stack.fst[340U] = 0U; + rand_stack.fst[341U] = 0U; + rand_stack.fst[342U] = 0U; + rand_stack.fst[343U] = 0U; + rand_stack.fst[344U] = 0U; + rand_stack.fst[345U] = 0U; + rand_stack.fst[346U] = 0U; + rand_stack.fst[347U] = 0U; + rand_stack.fst[348U] = 0U; + rand_stack.fst[349U] = 0U; + rand_stack.fst[350U] = 0U; + rand_stack.fst[351U] = 0U; + rand_stack.fst[352U] = 0U; + rand_stack.fst[353U] = 0U; + rand_stack.fst[354U] = 0U; + rand_stack.fst[355U] = 0U; + rand_stack.fst[356U] = 0U; + rand_stack.fst[357U] = 0U; + rand_stack.fst[358U] = 0U; + rand_stack.fst[359U] = 0U; + rand_stack.fst[360U] = 0U; + rand_stack.fst[361U] = 0U; + rand_stack.fst[362U] = 0U; + rand_stack.fst[363U] = 0U; + rand_stack.fst[364U] = 0U; + rand_stack.fst[365U] = 0U; + rand_stack.fst[366U] = 0U; + rand_stack.fst[367U] = 0U; + rand_stack.fst[368U] = 0U; + rand_stack.fst[369U] = 0U; + rand_stack.fst[370U] = 0U; + rand_stack.fst[371U] = 0U; + rand_stack.fst[372U] = 0U; + rand_stack.fst[373U] = 0U; + rand_stack.fst[374U] = 0U; + rand_stack.fst[375U] = 0U; + rand_stack.fst[376U] = 0U; + rand_stack.fst[377U] = 0U; + rand_stack.fst[378U] = 0U; + rand_stack.fst[379U] = 0U; + rand_stack.fst[380U] = 0U; + rand_stack.fst[381U] = 0U; + rand_stack.fst[382U] = 0U; + rand_stack.fst[383U] = 0U; + rand_stack.fst[384U] = 0U; + rand_stack.fst[385U] = 0U; + rand_stack.fst[386U] = 0U; + rand_stack.fst[387U] = 0U; + rand_stack.fst[388U] = 0U; + rand_stack.fst[389U] = 0U; + rand_stack.fst[390U] = 0U; + rand_stack.fst[391U] = 0U; + rand_stack.fst[392U] = 0U; + rand_stack.fst[393U] = 0U; + rand_stack.fst[394U] = 0U; + rand_stack.fst[395U] = 0U; + rand_stack.fst[396U] = 0U; + rand_stack.fst[397U] = 0U; + rand_stack.fst[398U] = 0U; + rand_stack.fst[399U] = 0U; + rand_stack.fst[400U] = 0U; + rand_stack.fst[401U] = 0U; + rand_stack.fst[402U] = 0U; + rand_stack.fst[403U] = 0U; + rand_stack.fst[404U] = 0U; + rand_stack.fst[405U] = 0U; + rand_stack.fst[406U] = 0U; + rand_stack.fst[407U] = 0U; + rand_stack.fst[408U] = 0U; + rand_stack.fst[409U] = 0U; + rand_stack.fst[410U] = 0U; + rand_stack.fst[411U] = 0U; + rand_stack.fst[412U] = 0U; + rand_stack.fst[413U] = 0U; + rand_stack.fst[414U] = 0U; + rand_stack.fst[415U] = 0U; + rand_stack.fst[416U] = 0U; + rand_stack.fst[417U] = 0U; + rand_stack.fst[418U] = 0U; + rand_stack.fst[419U] = 0U; + rand_stack.fst[420U] = 0U; + rand_stack.fst[421U] = 0U; + rand_stack.fst[422U] = 0U; + rand_stack.fst[423U] = 0U; + rand_stack.fst[424U] = 0U; + rand_stack.fst[425U] = 0U; + rand_stack.fst[426U] = 0U; + rand_stack.fst[427U] = 0U; + rand_stack.fst[428U] = 0U; + rand_stack.fst[429U] = 0U; + rand_stack.fst[430U] = 0U; + rand_stack.fst[431U] = 0U; + rand_stack.fst[432U] = 0U; + rand_stack.fst[433U] = 0U; + rand_stack.fst[434U] = 0U; + rand_stack.fst[435U] = 0U; + rand_stack.fst[436U] = 0U; + rand_stack.fst[437U] = 0U; + rand_stack.fst[438U] = 0U; + rand_stack.fst[439U] = 0U; + rand_stack.fst[440U] = 0U; + rand_stack.fst[441U] = 0U; + rand_stack.fst[442U] = 0U; + rand_stack.fst[443U] = 0U; + rand_stack.fst[444U] = 0U; + rand_stack.fst[445U] = 0U; + rand_stack.fst[446U] = 0U; + rand_stack.fst[447U] = 0U; + rand_stack.fst[448U] = 0U; + rand_stack.fst[449U] = 0U; + rand_stack.fst[450U] = 0U; + rand_stack.fst[451U] = 0U; + rand_stack.fst[452U] = 0U; + rand_stack.fst[453U] = 0U; + rand_stack.fst[454U] = 0U; + rand_stack.fst[455U] = 0U; + rand_stack.fst[456U] = 0U; + rand_stack.fst[457U] = 0U; + rand_stack.fst[458U] = 0U; + rand_stack.fst[459U] = 0U; + rand_stack.fst[460U] = 0U; + rand_stack.fst[461U] = 0U; + rand_stack.fst[462U] = 0U; + rand_stack.fst[463U] = 0U; + rand_stack.fst[464U] = 0U; + rand_stack.fst[465U] = 0U; + rand_stack.fst[466U] = 0U; + rand_stack.fst[467U] = 0U; + rand_stack.fst[468U] = 0U; + rand_stack.fst[469U] = 0U; + rand_stack.fst[470U] = 0U; + rand_stack.fst[471U] = 0U; + rand_stack.fst[472U] = 0U; + rand_stack.fst[473U] = 0U; + rand_stack.fst[474U] = 0U; + rand_stack.fst[475U] = 0U; + rand_stack.fst[476U] = 0U; + rand_stack.fst[477U] = 0U; + rand_stack.fst[478U] = 0U; + rand_stack.fst[479U] = 0U; + rand_stack.fst[480U] = 0U; + rand_stack.fst[481U] = 0U; + rand_stack.fst[482U] = 0U; + rand_stack.fst[483U] = 0U; + rand_stack.fst[484U] = 0U; + rand_stack.fst[485U] = 0U; + rand_stack.fst[486U] = 0U; + rand_stack.fst[487U] = 0U; + rand_stack.fst[488U] = 0U; + rand_stack.fst[489U] = 0U; + rand_stack.fst[490U] = 0U; + rand_stack.fst[491U] = 0U; + rand_stack.fst[492U] = 0U; + rand_stack.fst[493U] = 0U; + rand_stack.fst[494U] = 0U; + rand_stack.fst[495U] = 0U; + rand_stack.fst[496U] = 0U; + rand_stack.fst[497U] = 0U; + rand_stack.fst[498U] = 0U; + rand_stack.fst[499U] = 0U; + rand_stack.fst[500U] = 0U; + rand_stack.fst[501U] = 0U; + rand_stack.fst[502U] = 0U; + rand_stack.fst[503U] = 0U; + rand_stack.fst[504U] = 0U; + rand_stack.fst[505U] = 0U; + rand_stack.fst[506U] = 0U; + rand_stack.fst[507U] = 0U; + rand_stack.fst[508U] = 0U; + rand_stack.fst[509U] = 0U; + rand_stack.fst[510U] = 0U; + rand_stack.fst[511U] = 0U; + rand_stack.fst[512U] = 0U; + rand_stack.fst[513U] = 0U; + rand_stack.fst[514U] = 0U; + rand_stack.fst[515U] = 0U; + rand_stack.fst[516U] = 0U; + rand_stack.fst[517U] = 0U; + rand_stack.fst[518U] = 0U; + rand_stack.fst[519U] = 0U; + rand_stack.fst[520U] = 0U; + rand_stack.fst[521U] = 0U; + rand_stack.fst[522U] = 0U; + rand_stack.fst[523U] = 0U; + rand_stack.fst[524U] = 0U; + rand_stack.fst[525U] = 0U; + rand_stack.fst[526U] = 0U; + rand_stack.fst[527U] = 0U; + rand_stack.fst[528U] = 0U; + rand_stack.fst[529U] = 0U; + rand_stack.fst[530U] = 0U; + rand_stack.fst[531U] = 0U; + rand_stack.fst[532U] = 0U; + rand_stack.fst[533U] = 0U; + rand_stack.fst[534U] = 0U; + rand_stack.fst[535U] = 0U; + rand_stack.fst[536U] = 0U; + rand_stack.fst[537U] = 0U; + rand_stack.fst[538U] = 0U; + rand_stack.fst[539U] = 0U; + rand_stack.fst[540U] = 0U; + rand_stack.fst[541U] = 0U; + rand_stack.fst[542U] = 0U; + rand_stack.fst[543U] = 0U; + rand_stack.fst[544U] = 0U; + rand_stack.fst[545U] = 0U; + rand_stack.fst[546U] = 0U; + rand_stack.fst[547U] = 0U; + rand_stack.fst[548U] = 0U; + rand_stack.fst[549U] = 0U; + rand_stack.fst[550U] = 0U; + rand_stack.fst[551U] = 0U; + rand_stack.fst[552U] = 0U; + rand_stack.fst[553U] = 0U; + rand_stack.fst[554U] = 0U; + rand_stack.fst[555U] = 0U; + rand_stack.fst[556U] = 0U; + rand_stack.fst[557U] = 0U; + rand_stack.fst[558U] = 0U; + rand_stack.fst[559U] = 0U; + rand_stack.fst[560U] = 0U; + rand_stack.fst[561U] = 0U; + rand_stack.fst[562U] = 0U; + rand_stack.fst[563U] = 0U; + rand_stack.fst[564U] = 0U; + rand_stack.fst[565U] = 0U; + rand_stack.fst[566U] = 0U; + rand_stack.fst[567U] = 0U; + rand_stack.fst[568U] = 0U; + rand_stack.fst[569U] = 0U; + rand_stack.fst[570U] = 0U; + rand_stack.fst[571U] = 0U; + rand_stack.fst[572U] = 0U; + rand_stack.fst[573U] = 0U; + rand_stack.fst[574U] = 0U; + rand_stack.fst[575U] = 0U; + rand_stack.fst[576U] = 0U; + rand_stack.fst[577U] = 0U; + rand_stack.fst[578U] = 0U; + rand_stack.fst[579U] = 0U; + rand_stack.fst[580U] = 0U; + rand_stack.fst[581U] = 0U; + rand_stack.fst[582U] = 0U; + rand_stack.fst[583U] = 0U; + rand_stack.fst[584U] = 0U; + rand_stack.fst[585U] = 0U; + rand_stack.fst[586U] = 0U; + rand_stack.fst[587U] = 0U; + rand_stack.fst[588U] = 0U; + rand_stack.fst[589U] = 0U; + rand_stack.fst[590U] = 0U; + rand_stack.fst[591U] = 0U; + rand_stack.fst[592U] = 0U; + rand_stack.fst[593U] = 0U; + rand_stack.fst[594U] = 0U; + rand_stack.fst[595U] = 0U; + rand_stack.fst[596U] = 0U; + rand_stack.fst[597U] = 0U; + rand_stack.fst[598U] = 0U; + rand_stack.fst[599U] = 0U; + rand_stack.fst[600U] = 0U; + rand_stack.fst[601U] = 0U; + rand_stack.fst[602U] = 0U; + rand_stack.fst[603U] = 0U; + rand_stack.fst[604U] = 0U; + rand_stack.fst[605U] = 0U; + rand_stack.fst[606U] = 0U; + rand_stack.fst[607U] = 0U; + rand_stack.fst[608U] = 0U; + rand_stack.fst[609U] = 0U; + rand_stack.fst[610U] = 0U; + rand_stack.fst[611U] = 0U; + rand_stack.fst[612U] = 0U; + rand_stack.fst[613U] = 0U; + rand_stack.fst[614U] = 0U; + rand_stack.fst[615U] = 0U; + rand_stack.fst[616U] = 0U; + rand_stack.fst[617U] = 0U; + rand_stack.fst[618U] = 0U; + rand_stack.fst[619U] = 0U; + rand_stack.fst[620U] = 0U; + rand_stack.fst[621U] = 0U; + rand_stack.fst[622U] = 0U; + rand_stack.fst[623U] = 0U; + rand_stack.fst[624U] = 0U; + rand_stack.fst[625U] = 0U; + rand_stack.fst[626U] = 0U; + rand_stack.fst[627U] = 0U; + rand_stack.fst[628U] = 0U; + rand_stack.fst[629U] = 0U; + rand_stack.fst[630U] = 0U; + rand_stack.fst[631U] = 0U; + rand_stack.fst[632U] = 0U; + rand_stack.fst[633U] = 0U; + rand_stack.fst[634U] = 0U; + rand_stack.fst[635U] = 0U; + rand_stack.fst[636U] = 0U; + rand_stack.fst[637U] = 0U; + rand_stack.fst[638U] = 0U; + rand_stack.fst[639U] = 0U; + rand_stack.fst[640U] = 0U; + rand_stack.fst[641U] = 0U; + rand_stack.fst[642U] = 0U; + rand_stack.fst[643U] = 0U; + rand_stack.fst[644U] = 0U; + rand_stack.fst[645U] = 0U; + rand_stack.fst[646U] = 0U; + rand_stack.fst[647U] = 0U; + rand_stack.fst[648U] = 0U; + rand_stack.fst[649U] = 0U; + rand_stack.fst[650U] = 0U; + rand_stack.fst[651U] = 0U; + rand_stack.fst[652U] = 0U; + rand_stack.fst[653U] = 0U; + rand_stack.fst[654U] = 0U; + rand_stack.fst[655U] = 0U; + rand_stack.fst[656U] = 0U; + rand_stack.fst[657U] = 0U; + rand_stack.fst[658U] = 0U; + rand_stack.fst[659U] = 0U; + rand_stack.fst[660U] = 0U; + rand_stack.fst[661U] = 0U; + rand_stack.fst[662U] = 0U; + rand_stack.fst[663U] = 0U; + rand_stack.fst[664U] = 0U; + rand_stack.fst[665U] = 0U; + rand_stack.fst[666U] = 0U; + rand_stack.fst[667U] = 0U; + rand_stack.fst[668U] = 0U; + rand_stack.fst[669U] = 0U; + rand_stack.fst[670U] = 0U; + rand_stack.fst[671U] = 0U; + rand_stack.fst[672U] = 0U; + rand_stack.fst[673U] = 0U; + rand_stack.fst[674U] = 0U; + rand_stack.fst[675U] = 0U; + rand_stack.fst[676U] = 0U; + rand_stack.fst[677U] = 0U; + rand_stack.fst[678U] = 0U; + rand_stack.fst[679U] = 0U; + rand_stack.fst[680U] = 0U; + rand_stack.fst[681U] = 0U; + rand_stack.fst[682U] = 0U; + rand_stack.fst[683U] = 0U; + rand_stack.fst[684U] = 0U; + rand_stack.fst[685U] = 0U; + rand_stack.fst[686U] = 0U; + rand_stack.fst[687U] = 0U; + rand_stack.fst[688U] = 0U; + rand_stack.fst[689U] = 0U; + rand_stack.fst[690U] = 0U; + rand_stack.fst[691U] = 0U; + rand_stack.fst[692U] = 0U; + rand_stack.fst[693U] = 0U; + rand_stack.fst[694U] = 0U; + rand_stack.fst[695U] = 0U; + rand_stack.fst[696U] = 0U; + rand_stack.fst[697U] = 0U; + rand_stack.fst[698U] = 0U; + rand_stack.fst[699U] = 0U; + rand_stack.fst[700U] = 0U; + rand_stack.fst[701U] = 0U; + rand_stack.fst[702U] = 0U; + rand_stack.fst[703U] = 0U; + rand_stack.fst[704U] = 0U; + rand_stack.fst[705U] = 0U; + rand_stack.fst[706U] = 0U; + rand_stack.fst[707U] = 0U; + rand_stack.fst[708U] = 0U; + rand_stack.fst[709U] = 0U; + rand_stack.fst[710U] = 0U; + rand_stack.fst[711U] = 0U; + rand_stack.fst[712U] = 0U; + rand_stack.fst[713U] = 0U; + rand_stack.fst[714U] = 0U; + rand_stack.fst[715U] = 0U; + rand_stack.fst[716U] = 0U; + rand_stack.fst[717U] = 0U; + rand_stack.fst[718U] = 0U; + rand_stack.fst[719U] = 0U; + rand_stack.fst[720U] = 0U; + rand_stack.fst[721U] = 0U; + rand_stack.fst[722U] = 0U; + rand_stack.fst[723U] = 0U; + rand_stack.fst[724U] = 0U; + rand_stack.fst[725U] = 0U; + rand_stack.fst[726U] = 0U; + rand_stack.fst[727U] = 0U; + rand_stack.fst[728U] = 0U; + rand_stack.fst[729U] = 0U; + rand_stack.fst[730U] = 0U; + rand_stack.fst[731U] = 0U; + rand_stack.fst[732U] = 0U; + rand_stack.fst[733U] = 0U; + rand_stack.fst[734U] = 0U; + rand_stack.fst[735U] = 0U; + rand_stack.fst[736U] = 0U; + rand_stack.fst[737U] = 0U; + rand_stack.fst[738U] = 0U; + rand_stack.fst[739U] = 0U; + rand_stack.fst[740U] = 0U; + rand_stack.fst[741U] = 0U; + rand_stack.fst[742U] = 0U; + rand_stack.fst[743U] = 0U; + rand_stack.fst[744U] = 0U; + rand_stack.fst[745U] = 0U; + rand_stack.fst[746U] = 0U; + rand_stack.fst[747U] = 0U; + rand_stack.fst[748U] = 0U; + rand_stack.fst[749U] = 0U; + rand_stack.fst[750U] = 0U; + rand_stack.fst[751U] = 0U; + rand_stack.fst[752U] = 0U; + rand_stack.fst[753U] = 0U; + rand_stack.fst[754U] = 0U; + rand_stack.fst[755U] = 0U; + rand_stack.fst[756U] = 0U; + rand_stack.fst[757U] = 0U; + rand_stack.fst[758U] = 0U; + rand_stack.fst[759U] = 0U; + rand_stack.fst[760U] = 0U; + rand_stack.fst[761U] = 0U; + rand_stack.fst[762U] = 0U; + rand_stack.fst[763U] = 0U; + rand_stack.fst[764U] = 0U; + rand_stack.fst[765U] = 0U; + rand_stack.fst[766U] = 0U; + rand_stack.fst[767U] = 0U; + rand_stack.fst[768U] = 0U; + rand_stack.fst[769U] = 0U; + rand_stack.fst[770U] = 0U; + rand_stack.fst[771U] = 0U; + rand_stack.fst[772U] = 0U; + rand_stack.fst[773U] = 0U; + rand_stack.fst[774U] = 0U; + rand_stack.fst[775U] = 0U; + rand_stack.fst[776U] = 0U; + rand_stack.fst[777U] = 0U; + rand_stack.fst[778U] = 0U; + rand_stack.fst[779U] = 0U; + rand_stack.fst[780U] = 0U; + rand_stack.fst[781U] = 0U; + rand_stack.fst[782U] = 0U; + rand_stack.fst[783U] = 0U; + rand_stack.fst[784U] = 0U; + rand_stack.fst[785U] = 0U; + rand_stack.fst[786U] = 0U; + rand_stack.fst[787U] = 0U; + rand_stack.fst[788U] = 0U; + rand_stack.fst[789U] = 0U; + rand_stack.fst[790U] = 0U; + rand_stack.fst[791U] = 0U; + rand_stack.fst[792U] = 0U; + rand_stack.fst[793U] = 0U; + rand_stack.fst[794U] = 0U; + rand_stack.fst[795U] = 0U; + rand_stack.fst[796U] = 0U; + rand_stack.fst[797U] = 0U; + rand_stack.fst[798U] = 0U; + rand_stack.fst[799U] = 0U; + rand_stack.fst[800U] = 0U; + rand_stack.fst[801U] = 0U; + rand_stack.fst[802U] = 0U; + rand_stack.fst[803U] = 0U; + rand_stack.fst[804U] = 0U; + rand_stack.fst[805U] = 0U; + rand_stack.fst[806U] = 0U; + rand_stack.fst[807U] = 0U; + rand_stack.fst[808U] = 0U; + rand_stack.fst[809U] = 0U; + rand_stack.fst[810U] = 0U; + rand_stack.fst[811U] = 0U; + rand_stack.fst[812U] = 0U; + rand_stack.fst[813U] = 0U; + rand_stack.fst[814U] = 0U; + rand_stack.fst[815U] = 0U; + rand_stack.fst[816U] = 0U; + rand_stack.fst[817U] = 0U; + rand_stack.fst[818U] = 0U; + rand_stack.fst[819U] = 0U; + rand_stack.fst[820U] = 0U; + rand_stack.fst[821U] = 0U; + rand_stack.fst[822U] = 0U; + rand_stack.fst[823U] = 0U; + rand_stack.fst[824U] = 0U; + rand_stack.fst[825U] = 0U; + rand_stack.fst[826U] = 0U; + rand_stack.fst[827U] = 0U; + rand_stack.fst[828U] = 0U; + rand_stack.fst[829U] = 0U; + rand_stack.fst[830U] = 0U; + rand_stack.fst[831U] = 0U; + rand_stack.fst[832U] = 0U; + rand_stack.fst[833U] = 0U; + rand_stack.fst[834U] = 0U; + rand_stack.fst[835U] = 0U; + rand_stack.fst[836U] = 0U; + rand_stack.fst[837U] = 0U; + rand_stack.fst[838U] = 0U; + rand_stack.fst[839U] = 0U; + memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t)); + memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t)); + rand_stack.f3[0U] = 0U; + rand_stack.f3[1U] = 0U; + rand_stack.f3[2U] = 0U; + rand_stack.f3[3U] = 0U; + rand_stack.f3[4U] = 0U; + rand_stack.f3[5U] = 0U; + rand_stack.f3[6U] = 0U; + rand_stack.f3[7U] = 0U; + rand_stack.f3[8U] = 0U; + rand_stack.f3[9U] = 0U; + rand_stack.f3[10U] = 0U; + rand_stack.f3[11U] = 0U; + rand_stack.f3[12U] = 0U; + rand_stack.f3[13U] = 0U; + rand_stack.f3[14U] = 0U; + rand_stack.f3[15U] = 0U; + rand_stack.f3[16U] = 0U; + rand_stack.f3[17U] = 0U; + rand_stack.f3[18U] = 0U; + rand_stack.f3[19U] = 0U; + rand_stack.f3[20U] = 0U; + rand_stack.f3[21U] = 0U; + rand_stack.f3[22U] = 0U; + rand_stack.f3[23U] = 0U; + rand_stack.f3[24U] = 0U; + rand_stack.f3[25U] = 0U; + rand_stack.f3[26U] = 0U; + rand_stack.f3[27U] = 0U; + rand_stack.f3[28U] = 0U; + rand_stack.f3[29U] = 0U; + rand_stack.f3[30U] = 0U; + rand_stack.f3[31U] = 0U; + rand_stack.f3[32U] = 0U; + rand_stack.f3[33U] = 0U; + rand_stack.f3[34U] = 0U; + rand_stack.f3[35U] = 0U; + rand_stack.f3[36U] = 0U; + rand_stack.f3[37U] = 0U; + rand_stack.f3[38U] = 0U; + rand_stack.f3[39U] = 0U; + rand_stack.f3[40U] = 0U; + rand_stack.f3[41U] = 0U; + rand_stack.f3[42U] = 0U; + rand_stack.f3[43U] = 0U; + rand_stack.f3[44U] = 0U; + rand_stack.f3[45U] = 0U; + rand_stack.f3[46U] = 0U; + rand_stack.f3[47U] = 0U; + rand_stack.f3[48U] = 0U; + rand_stack.f3[49U] = 0U; + rand_stack.f3[50U] = 0U; + rand_stack.f3[51U] = 0U; + rand_stack.f3[52U] = 0U; + rand_stack.f3[53U] = 0U; + rand_stack.f3[54U] = 0U; + rand_stack.f3[55U] = 0U; + rand_stack.f3[56U] = 0U; + rand_stack.f3[57U] = 0U; + rand_stack.f3[58U] = 0U; + rand_stack.f3[59U] = 0U; + rand_stack.f3[60U] = 0U; + rand_stack.f3[61U] = 0U; + rand_stack.f3[62U] = 0U; + rand_stack.f3[63U] = 0U; + rand_stack.f3[64U] = 0U; + rand_stack.f3[65U] = 0U; + rand_stack.f3[66U] = 0U; + rand_stack.f3[67U] = 0U; + rand_stack.f3[68U] = 0U; + rand_stack.f3[69U] = 0U; + rand_stack.f3[70U] = 0U; + rand_stack.f3[71U] = 0U; + rand_stack.f3[72U] = 0U; + rand_stack.f3[73U] = 0U; + rand_stack.f3[74U] = 0U; + rand_stack.f3[75U] = 0U; + rand_stack.f3[76U] = 0U; + rand_stack.f3[77U] = 0U; + rand_stack.f3[78U] = 0U; + rand_stack.f3[79U] = 0U; + rand_stack.f3[80U] = 0U; + rand_stack.f3[81U] = 0U; + rand_stack.f3[82U] = 0U; + rand_stack.f3[83U] = 0U; + rand_stack.f3[84U] = 0U; + rand_stack.f3[85U] = 0U; + rand_stack.f3[86U] = 0U; + rand_stack.f3[87U] = 0U; + rand_stack.f3[88U] = 0U; + rand_stack.f3[89U] = 0U; + rand_stack.f3[90U] = 0U; + rand_stack.f3[91U] = 0U; + rand_stack.f3[92U] = 0U; + rand_stack.f3[93U] = 0U; + rand_stack.f3[94U] = 0U; + rand_stack.f3[95U] = 0U; + rand_stack.f3[96U] = 0U; + rand_stack.f3[97U] = 0U; + rand_stack.f3[98U] = 0U; + rand_stack.f3[99U] = 0U; + rand_stack.f3[100U] = 0U; + rand_stack.f3[101U] = 0U; + rand_stack.f3[102U] = 0U; + rand_stack.f3[103U] = 0U; + rand_stack.f3[104U] = 0U; + rand_stack.f3[105U] = 0U; + rand_stack.f3[106U] = 0U; + rand_stack.f3[107U] = 0U; + rand_stack.f3[108U] = 0U; + rand_stack.f3[109U] = 0U; + rand_stack.f3[110U] = 0U; + rand_stack.f3[111U] = 0U; + rand_stack.f3[112U] = 0U; + rand_stack.f3[113U] = 0U; + rand_stack.f3[114U] = 0U; + rand_stack.f3[115U] = 0U; + rand_stack.f3[116U] = 0U; + rand_stack.f3[117U] = 0U; + rand_stack.f3[118U] = 0U; + rand_stack.f3[119U] = 0U; + rand_stack.f3[120U] = 0U; + rand_stack.f3[121U] = 0U; + rand_stack.f3[122U] = 0U; + rand_stack.f3[123U] = 0U; + rand_stack.f3[124U] = 0U; + rand_stack.f3[125U] = 0U; + rand_stack.f3[126U] = 0U; + rand_stack.f3[127U] = 0U; + rand_stack.f3[128U] = 0U; + rand_stack.f3[129U] = 0U; + rand_stack.f3[130U] = 0U; + rand_stack.f3[131U] = 0U; + rand_stack.f3[132U] = 0U; + rand_stack.f3[133U] = 0U; + rand_stack.f3[134U] = 0U; + rand_stack.f3[135U] = 0U; + rand_stack.f3[136U] = 0U; + rand_stack.f3[137U] = 0U; + rand_stack.f3[138U] = 0U; + rand_stack.f3[139U] = 0U; + rand_stack.f3[140U] = 0U; + rand_stack.f3[141U] = 0U; + rand_stack.f3[142U] = 0U; + rand_stack.f3[143U] = 0U; + rand_stack.f3[144U] = 0U; + rand_stack.f3[145U] = 0U; + rand_stack.f3[146U] = 0U; + rand_stack.f3[147U] = 0U; + rand_stack.f3[148U] = 0U; + rand_stack.f3[149U] = 0U; + rand_stack.f3[150U] = 0U; + rand_stack.f3[151U] = 0U; + rand_stack.f3[152U] = 0U; + rand_stack.f3[153U] = 0U; + rand_stack.f3[154U] = 0U; + rand_stack.f3[155U] = 0U; + rand_stack.f3[156U] = 0U; + rand_stack.f3[157U] = 0U; + rand_stack.f3[158U] = 0U; + rand_stack.f3[159U] = 0U; + rand_stack.f3[160U] = 0U; + rand_stack.f3[161U] = 0U; + rand_stack.f3[162U] = 0U; + rand_stack.f3[163U] = 0U; + rand_stack.f3[164U] = 0U; + rand_stack.f3[165U] = 0U; + rand_stack.f3[166U] = 0U; + rand_stack.f3[167U] = 0U; + rand_stack.f3[168U] = 0U; + rand_stack.f3[169U] = 0U; + rand_stack.f3[170U] = 0U; + rand_stack.f3[171U] = 0U; + rand_stack.f3[172U] = 0U; + rand_stack.f3[173U] = 0U; + rand_stack.f3[174U] = 0U; + rand_stack.f3[175U] = 0U; + rand_stack.f3[176U] = 0U; + rand_stack.f3[177U] = 0U; + rand_stack.f3[178U] = 0U; + rand_stack.f3[179U] = 0U; + rand_stack.f3[180U] = 0U; + rand_stack.f3[181U] = 0U; + rand_stack.f3[182U] = 0U; + rand_stack.f3[183U] = 0U; + rand_stack.f3[184U] = 0U; + rand_stack.f3[185U] = 0U; + rand_stack.f3[186U] = 0U; + rand_stack.f3[187U] = 0U; + rand_stack.f3[188U] = 0U; + rand_stack.f3[189U] = 0U; + rand_stack.f3[190U] = 0U; + rand_stack.f3[191U] = 0U; + rand_stack.f3[192U] = 0U; + rand_stack.f3[193U] = 0U; + rand_stack.f3[194U] = 0U; + rand_stack.f3[195U] = 0U; + rand_stack.f3[196U] = 0U; + rand_stack.f3[197U] = 0U; + rand_stack.f3[198U] = 0U; + rand_stack.f3[199U] = 0U; + rand_stack.f3[200U] = 0U; + rand_stack.f3[201U] = 0U; + rand_stack.f3[202U] = 0U; + rand_stack.f3[203U] = 0U; + rand_stack.f3[204U] = 0U; + rand_stack.f3[205U] = 0U; + rand_stack.f3[206U] = 0U; + rand_stack.f3[207U] = 0U; + rand_stack.f3[208U] = 0U; + rand_stack.f3[209U] = 0U; + rand_stack.f3[210U] = 0U; + rand_stack.f3[211U] = 0U; + rand_stack.f3[212U] = 0U; + rand_stack.f3[213U] = 0U; + rand_stack.f3[214U] = 0U; + rand_stack.f3[215U] = 0U; + rand_stack.f3[216U] = 0U; + rand_stack.f3[217U] = 0U; + rand_stack.f3[218U] = 0U; + rand_stack.f3[219U] = 0U; + rand_stack.f3[220U] = 0U; + rand_stack.f3[221U] = 0U; + rand_stack.f3[222U] = 0U; + rand_stack.f3[223U] = 0U; + rand_stack.f3[224U] = 0U; + rand_stack.f3[225U] = 0U; + rand_stack.f3[226U] = 0U; + rand_stack.f3[227U] = 0U; + rand_stack.f3[228U] = 0U; + rand_stack.f3[229U] = 0U; + rand_stack.f3[230U] = 0U; + rand_stack.f3[231U] = 0U; + rand_stack.f3[232U] = 0U; + rand_stack.f3[233U] = 0U; + rand_stack.f3[234U] = 0U; + rand_stack.f3[235U] = 0U; + rand_stack.f3[236U] = 0U; + rand_stack.f3[237U] = 0U; + rand_stack.f3[238U] = 0U; + rand_stack.f3[239U] = 0U; + rand_stack.f3[240U] = 0U; + rand_stack.f3[241U] = 0U; + rand_stack.f3[242U] = 0U; + rand_stack.f3[243U] = 0U; + rand_stack.f3[244U] = 0U; + rand_stack.f3[245U] = 0U; + rand_stack.f3[246U] = 0U; + rand_stack.f3[247U] = 0U; + rand_stack.f3[248U] = 0U; + rand_stack.f3[249U] = 0U; + rand_stack.f3[250U] = 0U; + rand_stack.f3[251U] = 0U; + rand_stack.f3[252U] = 0U; + rand_stack.f3[253U] = 0U; + rand_stack.f3[254U] = 0U; + rand_stack.f3[255U] = 0U; + rand_stack.f3[256U] = 0U; + rand_stack.f3[257U] = 0U; + rand_stack.f3[258U] = 0U; + rand_stack.f3[259U] = 0U; + rand_stack.f3[260U] = 0U; + rand_stack.f3[261U] = 0U; + rand_stack.f3[262U] = 0U; + rand_stack.f3[263U] = 0U; + rand_stack.f3[264U] = 0U; + rand_stack.f3[265U] = 0U; + rand_stack.f3[266U] = 0U; + rand_stack.f3[267U] = 0U; + rand_stack.f3[268U] = 0U; + rand_stack.f3[269U] = 0U; + rand_stack.f3[270U] = 0U; + rand_stack.f3[271U] = 0U; + rand_stack.f3[272U] = 0U; + rand_stack.f3[273U] = 0U; + rand_stack.f3[274U] = 0U; + rand_stack.f3[275U] = 0U; + rand_stack.f3[276U] = 0U; + rand_stack.f3[277U] = 0U; + rand_stack.f3[278U] = 0U; + rand_stack.f3[279U] = 0U; + rand_stack.f3[280U] = 0U; + rand_stack.f3[281U] = 0U; + rand_stack.f3[282U] = 0U; + rand_stack.f3[283U] = 0U; + rand_stack.f3[284U] = 0U; + rand_stack.f3[285U] = 0U; + rand_stack.f3[286U] = 0U; + rand_stack.f3[287U] = 0U; + rand_stack.f3[288U] = 0U; + rand_stack.f3[289U] = 0U; + rand_stack.f3[290U] = 0U; + rand_stack.f3[291U] = 0U; + rand_stack.f3[292U] = 0U; + rand_stack.f3[293U] = 0U; + rand_stack.f3[294U] = 0U; + rand_stack.f3[295U] = 0U; + rand_stack.f3[296U] = 0U; + rand_stack.f3[297U] = 0U; + rand_stack.f3[298U] = 0U; + rand_stack.f3[299U] = 0U; + rand_stack.f3[300U] = 0U; + rand_stack.f3[301U] = 0U; + rand_stack.f3[302U] = 0U; + rand_stack.f3[303U] = 0U; + rand_stack.f3[304U] = 0U; + rand_stack.f3[305U] = 0U; + rand_stack.f3[306U] = 0U; + rand_stack.f3[307U] = 0U; + rand_stack.f3[308U] = 0U; + rand_stack.f3[309U] = 0U; + rand_stack.f3[310U] = 0U; + rand_stack.f3[311U] = 0U; + rand_stack.f3[312U] = 0U; + rand_stack.f3[313U] = 0U; + rand_stack.f3[314U] = 0U; + rand_stack.f3[315U] = 0U; + rand_stack.f3[316U] = 0U; + rand_stack.f3[317U] = 0U; + rand_stack.f3[318U] = 0U; + rand_stack.f3[319U] = 0U; + rand_stack.f3[320U] = 0U; + rand_stack.f3[321U] = 0U; + rand_stack.f3[322U] = 0U; + rand_stack.f3[323U] = 0U; + rand_stack.f3[324U] = 0U; + rand_stack.f3[325U] = 0U; + rand_stack.f3[326U] = 0U; + rand_stack.f3[327U] = 0U; + rand_stack.f3[328U] = 0U; + rand_stack.f3[329U] = 0U; + rand_stack.f3[330U] = 0U; + rand_stack.f3[331U] = 0U; + rand_stack.f3[332U] = 0U; + rand_stack.f3[333U] = 0U; + rand_stack.f3[334U] = 0U; + rand_stack.f3[335U] = 0U; + rand_stack.f3[336U] = 0U; + rand_stack.f3[337U] = 0U; + rand_stack.f3[338U] = 0U; + rand_stack.f3[339U] = 0U; + rand_stack.f3[340U] = 0U; + rand_stack.f3[341U] = 0U; + rand_stack.f3[342U] = 0U; + rand_stack.f3[343U] = 0U; + rand_stack.f3[344U] = 0U; + rand_stack.f3[345U] = 0U; + rand_stack.f3[346U] = 0U; + rand_stack.f3[347U] = 0U; + rand_stack.f3[348U] = 0U; + rand_stack.f3[349U] = 0U; + rand_stack.f3[350U] = 0U; + rand_stack.f3[351U] = 0U; + rand_stack.f3[352U] = 0U; + rand_stack.f3[353U] = 0U; + rand_stack.f3[354U] = 0U; + rand_stack.f3[355U] = 0U; + rand_stack.f3[356U] = 0U; + rand_stack.f3[357U] = 0U; + rand_stack.f3[358U] = 0U; + rand_stack.f3[359U] = 0U; + rand_stack.f3[360U] = 0U; + rand_stack.f3[361U] = 0U; + rand_stack.f3[362U] = 0U; + rand_stack.f3[363U] = 0U; + rand_stack.f3[364U] = 0U; + rand_stack.f3[365U] = 0U; + rand_stack.f3[366U] = 0U; + rand_stack.f3[367U] = 0U; + rand_stack.f3[368U] = 0U; + rand_stack.f3[369U] = 0U; + rand_stack.f3[370U] = 0U; + rand_stack.f3[371U] = 0U; + rand_stack.f3[372U] = 0U; + rand_stack.f3[373U] = 0U; + rand_stack.f3[374U] = 0U; + rand_stack.f3[375U] = 0U; + rand_stack.f3[376U] = 0U; + rand_stack.f3[377U] = 0U; + rand_stack.f3[378U] = 0U; + rand_stack.f3[379U] = 0U; + rand_stack.f3[380U] = 0U; + rand_stack.f3[381U] = 0U; + rand_stack.f3[382U] = 0U; + rand_stack.f3[383U] = 0U; + rand_stack.f3[384U] = 0U; + rand_stack.f3[385U] = 0U; + rand_stack.f3[386U] = 0U; + rand_stack.f3[387U] = 0U; + rand_stack.f3[388U] = 0U; + rand_stack.f3[389U] = 0U; + rand_stack.f3[390U] = 0U; + rand_stack.f3[391U] = 0U; + rand_stack.f3[392U] = 0U; + rand_stack.f3[393U] = 0U; + rand_stack.f3[394U] = 0U; + rand_stack.f3[395U] = 0U; + rand_stack.f3[396U] = 0U; + rand_stack.f3[397U] = 0U; + rand_stack.f3[398U] = 0U; + rand_stack.f3[399U] = 0U; + rand_stack.f3[400U] = 0U; + rand_stack.f3[401U] = 0U; + rand_stack.f3[402U] = 0U; + rand_stack.f3[403U] = 0U; + rand_stack.f3[404U] = 0U; + rand_stack.f3[405U] = 0U; + rand_stack.f3[406U] = 0U; + rand_stack.f3[407U] = 0U; + rand_stack.f3[408U] = 0U; + rand_stack.f3[409U] = 0U; + rand_stack.f3[410U] = 0U; + rand_stack.f3[411U] = 0U; + rand_stack.f3[412U] = 0U; + rand_stack.f3[413U] = 0U; + rand_stack.f3[414U] = 0U; + rand_stack.f3[415U] = 0U; + rand_stack.f3[416U] = 0U; + rand_stack.f3[417U] = 0U; + rand_stack.f3[418U] = 0U; + rand_stack.f3[419U] = 0U; + rand_stack.f3[420U] = 0U; + rand_stack.f3[421U] = 0U; + rand_stack.f3[422U] = 0U; + rand_stack.f3[423U] = 0U; + rand_stack.f3[424U] = 0U; + rand_stack.f3[425U] = 0U; + rand_stack.f3[426U] = 0U; + rand_stack.f3[427U] = 0U; + rand_stack.f3[428U] = 0U; + rand_stack.f3[429U] = 0U; + rand_stack.f3[430U] = 0U; + rand_stack.f3[431U] = 0U; + rand_stack.f3[432U] = 0U; + rand_stack.f3[433U] = 0U; + rand_stack.f3[434U] = 0U; + rand_stack.f3[435U] = 0U; + rand_stack.f3[436U] = 0U; + rand_stack.f3[437U] = 0U; + rand_stack.f3[438U] = 0U; + rand_stack.f3[439U] = 0U; + rand_stack.f3[440U] = 0U; + rand_stack.f3[441U] = 0U; + rand_stack.f3[442U] = 0U; + rand_stack.f3[443U] = 0U; + rand_stack.f3[444U] = 0U; + rand_stack.f3[445U] = 0U; + rand_stack.f3[446U] = 0U; + rand_stack.f3[447U] = 0U; + rand_stack.f3[448U] = 0U; + rand_stack.f3[449U] = 0U; + rand_stack.f3[450U] = 0U; + rand_stack.f3[451U] = 0U; + rand_stack.f3[452U] = 0U; + rand_stack.f3[453U] = 0U; + rand_stack.f3[454U] = 0U; + rand_stack.f3[455U] = 0U; + rand_stack.f3[456U] = 0U; + rand_stack.f3[457U] = 0U; + rand_stack.f3[458U] = 0U; + rand_stack.f3[459U] = 0U; + rand_stack.f3[460U] = 0U; + rand_stack.f3[461U] = 0U; + rand_stack.f3[462U] = 0U; + rand_stack.f3[463U] = 0U; + rand_stack.f3[464U] = 0U; + rand_stack.f3[465U] = 0U; + rand_stack.f3[466U] = 0U; + rand_stack.f3[467U] = 0U; + rand_stack.f3[468U] = 0U; + rand_stack.f3[469U] = 0U; + rand_stack.f3[470U] = 0U; + rand_stack.f3[471U] = 0U; + rand_stack.f3[472U] = 0U; + rand_stack.f3[473U] = 0U; + rand_stack.f3[474U] = 0U; + rand_stack.f3[475U] = 0U; + rand_stack.f3[476U] = 0U; + rand_stack.f3[477U] = 0U; + rand_stack.f3[478U] = 0U; + rand_stack.f3[479U] = 0U; + rand_stack.f3[480U] = 0U; + rand_stack.f3[481U] = 0U; + rand_stack.f3[482U] = 0U; + rand_stack.f3[483U] = 0U; + rand_stack.f3[484U] = 0U; + rand_stack.f3[485U] = 0U; + rand_stack.f3[486U] = 0U; + rand_stack.f3[487U] = 0U; + rand_stack.f3[488U] = 0U; + rand_stack.f3[489U] = 0U; + rand_stack.f3[490U] = 0U; + rand_stack.f3[491U] = 0U; + rand_stack.f3[492U] = 0U; + rand_stack.f3[493U] = 0U; + rand_stack.f3[494U] = 0U; + rand_stack.f3[495U] = 0U; + rand_stack.f3[496U] = 0U; + rand_stack.f3[497U] = 0U; + rand_stack.f3[498U] = 0U; + rand_stack.f3[499U] = 0U; + rand_stack.f3[500U] = 0U; + rand_stack.f3[501U] = 0U; + rand_stack.f3[502U] = 0U; + rand_stack.f3[503U] = 0U; + rand_stack.f3[504U] = 0U; + rand_stack.f3[505U] = 0U; + rand_stack.f3[506U] = 0U; + rand_stack.f3[507U] = 0U; + rand_stack.f3[508U] = 0U; + rand_stack.f3[509U] = 0U; + rand_stack.f3[510U] = 0U; + rand_stack.f3[511U] = 0U; + rand_stack.f3[512U] = 0U; + rand_stack.f3[513U] = 0U; + rand_stack.f3[514U] = 0U; + rand_stack.f3[515U] = 0U; + rand_stack.f3[516U] = 0U; + rand_stack.f3[517U] = 0U; + rand_stack.f3[518U] = 0U; + rand_stack.f3[519U] = 0U; + rand_stack.f3[520U] = 0U; + rand_stack.f3[521U] = 0U; + rand_stack.f3[522U] = 0U; + rand_stack.f3[523U] = 0U; + rand_stack.f3[524U] = 0U; + rand_stack.f3[525U] = 0U; + rand_stack.f3[526U] = 0U; + rand_stack.f3[527U] = 0U; + rand_stack.f3[528U] = 0U; + rand_stack.f3[529U] = 0U; + rand_stack.f3[530U] = 0U; + rand_stack.f3[531U] = 0U; + rand_stack.f3[532U] = 0U; + rand_stack.f3[533U] = 0U; + rand_stack.f3[534U] = 0U; + rand_stack.f3[535U] = 0U; + rand_stack.f3[536U] = 0U; + rand_stack.f3[537U] = 0U; + rand_stack.f3[538U] = 0U; + rand_stack.f3[539U] = 0U; + rand_stack.f3[540U] = 0U; + rand_stack.f3[541U] = 0U; + rand_stack.f3[542U] = 0U; + rand_stack.f3[543U] = 0U; + rand_stack.f3[544U] = 0U; + rand_stack.f3[545U] = 0U; + rand_stack.f3[546U] = 0U; + rand_stack.f3[547U] = 0U; + rand_stack.f3[548U] = 0U; + rand_stack.f3[549U] = 0U; + rand_stack.f3[550U] = 0U; + rand_stack.f3[551U] = 0U; + rand_stack.f3[552U] = 0U; + rand_stack.f3[553U] = 0U; + rand_stack.f3[554U] = 0U; + rand_stack.f3[555U] = 0U; + rand_stack.f3[556U] = 0U; + rand_stack.f3[557U] = 0U; + rand_stack.f3[558U] = 0U; + rand_stack.f3[559U] = 0U; + rand_stack.f3[560U] = 0U; + rand_stack.f3[561U] = 0U; + rand_stack.f3[562U] = 0U; + rand_stack.f3[563U] = 0U; + rand_stack.f3[564U] = 0U; + rand_stack.f3[565U] = 0U; + rand_stack.f3[566U] = 0U; + rand_stack.f3[567U] = 0U; + rand_stack.f3[568U] = 0U; + rand_stack.f3[569U] = 0U; + rand_stack.f3[570U] = 0U; + rand_stack.f3[571U] = 0U; + rand_stack.f3[572U] = 0U; + rand_stack.f3[573U] = 0U; + rand_stack.f3[574U] = 0U; + rand_stack.f3[575U] = 0U; + rand_stack.f3[576U] = 0U; + rand_stack.f3[577U] = 0U; + rand_stack.f3[578U] = 0U; + rand_stack.f3[579U] = 0U; + rand_stack.f3[580U] = 0U; + rand_stack.f3[581U] = 0U; + rand_stack.f3[582U] = 0U; + rand_stack.f3[583U] = 0U; + rand_stack.f3[584U] = 0U; + rand_stack.f3[585U] = 0U; + rand_stack.f3[586U] = 0U; + rand_stack.f3[587U] = 0U; + rand_stack.f3[588U] = 0U; + rand_stack.f3[589U] = 0U; + rand_stack.f3[590U] = 0U; + rand_stack.f3[591U] = 0U; + rand_stack.f3[592U] = 0U; + rand_stack.f3[593U] = 0U; + rand_stack.f3[594U] = 0U; + rand_stack.f3[595U] = 0U; + rand_stack.f3[596U] = 0U; + rand_stack.f3[597U] = 0U; + rand_stack.f3[598U] = 0U; + rand_stack.f3[599U] = 0U; + rand_stack.f3[600U] = 0U; + rand_stack.f3[601U] = 0U; + rand_stack.f3[602U] = 0U; + rand_stack.f3[603U] = 0U; + rand_stack.f3[604U] = 0U; + rand_stack.f3[605U] = 0U; + rand_stack.f3[606U] = 0U; + rand_stack.f3[607U] = 0U; + rand_stack.f3[608U] = 0U; + rand_stack.f3[609U] = 0U; + rand_stack.f3[610U] = 0U; + rand_stack.f3[611U] = 0U; + rand_stack.f3[612U] = 0U; + rand_stack.f3[613U] = 0U; + rand_stack.f3[614U] = 0U; + rand_stack.f3[615U] = 0U; + rand_stack.f3[616U] = 0U; + rand_stack.f3[617U] = 0U; + rand_stack.f3[618U] = 0U; + rand_stack.f3[619U] = 0U; + rand_stack.f3[620U] = 0U; + rand_stack.f3[621U] = 0U; + rand_stack.f3[622U] = 0U; + rand_stack.f3[623U] = 0U; + rand_stack.f3[624U] = 0U; + rand_stack.f3[625U] = 0U; + rand_stack.f3[626U] = 0U; + rand_stack.f3[627U] = 0U; + rand_stack.f3[628U] = 0U; + rand_stack.f3[629U] = 0U; + rand_stack.f3[630U] = 0U; + rand_stack.f3[631U] = 0U; + rand_stack.f3[632U] = 0U; + rand_stack.f3[633U] = 0U; + rand_stack.f3[634U] = 0U; + rand_stack.f3[635U] = 0U; + rand_stack.f3[636U] = 0U; + rand_stack.f3[637U] = 0U; + rand_stack.f3[638U] = 0U; + rand_stack.f3[639U] = 0U; + rand_stack.f3[640U] = 0U; + rand_stack.f3[641U] = 0U; + rand_stack.f3[642U] = 0U; + rand_stack.f3[643U] = 0U; + rand_stack.f3[644U] = 0U; + rand_stack.f3[645U] = 0U; + rand_stack.f3[646U] = 0U; + rand_stack.f3[647U] = 0U; + rand_stack.f3[648U] = 0U; + rand_stack.f3[649U] = 0U; + rand_stack.f3[650U] = 0U; + rand_stack.f3[651U] = 0U; + rand_stack.f3[652U] = 0U; + rand_stack.f3[653U] = 0U; + rand_stack.f3[654U] = 0U; + rand_stack.f3[655U] = 0U; + rand_stack.f3[656U] = 0U; + rand_stack.f3[657U] = 0U; + rand_stack.f3[658U] = 0U; + rand_stack.f3[659U] = 0U; + rand_stack.f3[660U] = 0U; + rand_stack.f3[661U] = 0U; + rand_stack.f3[662U] = 0U; + rand_stack.f3[663U] = 0U; + rand_stack.f3[664U] = 0U; + rand_stack.f3[665U] = 0U; + rand_stack.f3[666U] = 0U; + rand_stack.f3[667U] = 0U; + rand_stack.f3[668U] = 0U; + rand_stack.f3[669U] = 0U; + rand_stack.f3[670U] = 0U; + rand_stack.f3[671U] = 0U; + rand_stack.f3[672U] = 0U; + rand_stack.f3[673U] = 0U; + rand_stack.f3[674U] = 0U; + rand_stack.f3[675U] = 0U; + rand_stack.f3[676U] = 0U; + rand_stack.f3[677U] = 0U; + rand_stack.f3[678U] = 0U; + rand_stack.f3[679U] = 0U; + rand_stack.f3[680U] = 0U; + rand_stack.f3[681U] = 0U; + rand_stack.f3[682U] = 0U; + rand_stack.f3[683U] = 0U; + rand_stack.f3[684U] = 0U; + rand_stack.f3[685U] = 0U; + rand_stack.f3[686U] = 0U; + rand_stack.f3[687U] = 0U; + rand_stack.f3[688U] = 0U; + rand_stack.f3[689U] = 0U; + rand_stack.f3[690U] = 0U; + rand_stack.f3[691U] = 0U; + rand_stack.f3[692U] = 0U; + rand_stack.f3[693U] = 0U; + rand_stack.f3[694U] = 0U; + rand_stack.f3[695U] = 0U; + rand_stack.f3[696U] = 0U; + rand_stack.f3[697U] = 0U; + rand_stack.f3[698U] = 0U; + rand_stack.f3[699U] = 0U; + rand_stack.f3[700U] = 0U; + rand_stack.f3[701U] = 0U; + rand_stack.f3[702U] = 0U; + rand_stack.f3[703U] = 0U; + rand_stack.f3[704U] = 0U; + rand_stack.f3[705U] = 0U; + rand_stack.f3[706U] = 0U; + rand_stack.f3[707U] = 0U; + rand_stack.f3[708U] = 0U; + rand_stack.f3[709U] = 0U; + rand_stack.f3[710U] = 0U; + rand_stack.f3[711U] = 0U; + rand_stack.f3[712U] = 0U; + rand_stack.f3[713U] = 0U; + rand_stack.f3[714U] = 0U; + rand_stack.f3[715U] = 0U; + rand_stack.f3[716U] = 0U; + rand_stack.f3[717U] = 0U; + rand_stack.f3[718U] = 0U; + rand_stack.f3[719U] = 0U; + rand_stack.f3[720U] = 0U; + rand_stack.f3[721U] = 0U; + rand_stack.f3[722U] = 0U; + rand_stack.f3[723U] = 0U; + rand_stack.f3[724U] = 0U; + rand_stack.f3[725U] = 0U; + rand_stack.f3[726U] = 0U; + rand_stack.f3[727U] = 0U; + rand_stack.f3[728U] = 0U; + rand_stack.f3[729U] = 0U; + rand_stack.f3[730U] = 0U; + rand_stack.f3[731U] = 0U; + rand_stack.f3[732U] = 0U; + rand_stack.f3[733U] = 0U; + rand_stack.f3[734U] = 0U; + rand_stack.f3[735U] = 0U; + rand_stack.f3[736U] = 0U; + rand_stack.f3[737U] = 0U; + rand_stack.f3[738U] = 0U; + rand_stack.f3[739U] = 0U; + rand_stack.f3[740U] = 0U; + rand_stack.f3[741U] = 0U; + rand_stack.f3[742U] = 0U; + rand_stack.f3[743U] = 0U; + rand_stack.f3[744U] = 0U; + rand_stack.f3[745U] = 0U; + rand_stack.f3[746U] = 0U; + rand_stack.f3[747U] = 0U; + rand_stack.f3[748U] = 0U; + rand_stack.f3[749U] = 0U; + rand_stack.f3[750U] = 0U; + rand_stack.f3[751U] = 0U; + rand_stack.f3[752U] = 0U; + rand_stack.f3[753U] = 0U; + rand_stack.f3[754U] = 0U; + rand_stack.f3[755U] = 0U; + rand_stack.f3[756U] = 0U; + rand_stack.f3[757U] = 0U; + rand_stack.f3[758U] = 0U; + rand_stack.f3[759U] = 0U; + rand_stack.f3[760U] = 0U; + rand_stack.f3[761U] = 0U; + rand_stack.f3[762U] = 0U; + rand_stack.f3[763U] = 0U; + rand_stack.f3[764U] = 0U; + rand_stack.f3[765U] = 0U; + rand_stack.f3[766U] = 0U; + rand_stack.f3[767U] = 0U; + rand_stack.f3[768U] = 0U; + rand_stack.f3[769U] = 0U; + rand_stack.f3[770U] = 0U; + rand_stack.f3[771U] = 0U; + rand_stack.f3[772U] = 0U; + rand_stack.f3[773U] = 0U; + rand_stack.f3[774U] = 0U; + rand_stack.f3[775U] = 0U; + rand_stack.f3[776U] = 0U; + rand_stack.f3[777U] = 0U; + rand_stack.f3[778U] = 0U; + rand_stack.f3[779U] = 0U; + rand_stack.f3[780U] = 0U; + rand_stack.f3[781U] = 0U; + rand_stack.f3[782U] = 0U; + rand_stack.f3[783U] = 0U; + rand_stack.f3[784U] = 0U; + rand_stack.f3[785U] = 0U; + rand_stack.f3[786U] = 0U; + rand_stack.f3[787U] = 0U; + rand_stack.f3[788U] = 0U; + rand_stack.f3[789U] = 0U; + rand_stack.f3[790U] = 0U; + rand_stack.f3[791U] = 0U; + rand_stack.f3[792U] = 0U; + rand_stack.f3[793U] = 0U; + rand_stack.f3[794U] = 0U; + rand_stack.f3[795U] = 0U; + rand_stack.f3[796U] = 0U; + rand_stack.f3[797U] = 0U; + rand_stack.f3[798U] = 0U; + rand_stack.f3[799U] = 0U; + rand_stack.f3[800U] = 0U; + rand_stack.f3[801U] = 0U; + rand_stack.f3[802U] = 0U; + rand_stack.f3[803U] = 0U; + rand_stack.f3[804U] = 0U; + rand_stack.f3[805U] = 0U; + rand_stack.f3[806U] = 0U; + rand_stack.f3[807U] = 0U; + rand_stack.f3[808U] = 0U; + rand_stack.f3[809U] = 0U; + rand_stack.f3[810U] = 0U; + rand_stack.f3[811U] = 0U; + rand_stack.f3[812U] = 0U; + rand_stack.f3[813U] = 0U; + rand_stack.f3[814U] = 0U; + rand_stack.f3[815U] = 0U; + rand_stack.f3[816U] = 0U; + rand_stack.f3[817U] = 0U; + rand_stack.f3[818U] = 0U; + rand_stack.f3[819U] = 0U; + rand_stack.f3[820U] = 0U; + rand_stack.f3[821U] = 0U; + rand_stack.f3[822U] = 0U; + rand_stack.f3[823U] = 0U; + rand_stack.f3[824U] = 0U; + rand_stack.f3[825U] = 0U; + rand_stack.f3[826U] = 0U; + rand_stack.f3[827U] = 0U; + rand_stack.f3[828U] = 0U; + rand_stack.f3[829U] = 0U; + rand_stack.f3[830U] = 0U; + rand_stack.f3[831U] = 0U; + rand_stack.f3[832U] = 0U; + rand_stack.f3[833U] = 0U; + rand_stack.f3[834U] = 0U; + rand_stack.f3[835U] = 0U; + rand_stack.f3[836U] = 0U; + rand_stack.f3[837U] = 0U; + rand_stack.f3[838U] = 0U; + rand_stack.f3[839U] = 0U; + int32_t tmp_stack[4U][263U] = {{0U}}; + size_t_x2 buf0[0U] = {}; + libcrux_ml_dsa_sample_SampleArgs_c5 memory = libcrux_ml_dsa_sample_new_29_4f( + &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A, + Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2)); + size_t_x2 buf[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2); + uint8_t uu____2[34U]; + memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____2, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})), + &memory); + size_t_x2 buf1[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2); + uint8_t uu____3[34U]; + memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____3, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})), + &memory); + size_t_x2 buf2[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2); + uint8_t uu____4[34U]; + memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____4, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})), + &memory); + size_t_x2 buf3[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2); + uint8_t uu____5[34U]; + memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____5, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})), + &memory); + size_t_x2 buf4[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2); + uint8_t uu____6[34U]; + memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____6, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})), + &memory); + size_t_x2 buf5[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2); + uint8_t uu____7[34U]; + memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____7, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})), + &memory); + size_t_x2 buf6[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2); + uint8_t uu____8[34U]; + memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____8, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})), + &memory); + size_t_x2 buf7[2U] = { + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})}; + memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2); + uint8_t uu____9[34U]; + memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_f4( + uu____9, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})), + &memory); memcpy(ret, A, (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); } /** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A +A monomorphic instance of libcrux_ml_dsa.samplex4.avx2.matrix_A_avx2 with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe( +static inline void libcrux_ml_dsa_samplex4_avx2_matrix_A_avx2_fe( uint8_t seed[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) { uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U}; switch (uu____0.fst) { - case 4U: { - switch (uu____0.snd) { - case 4U: { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_4_by_4_fe(copy_of_seed, ret0); - memcpy( - ret, ret0, - (size_t)6U * - sizeof( - libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); - return; - } - default: { - } - } - break; - } case 6U: { switch (uu____0.snd) { case 5U: { @@ -4169,27 +5239,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe( uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_6_by_5_fe(copy_of_seed, ret0); - memcpy( - ret, ret0, - (size_t)6U * - sizeof( - libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); - return; - } - default: { - } - } - break; - } - case 8U: { - switch (uu____0.snd) { - case 7U: { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_8_by_7_fe(copy_of_seed, ret0); + libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4(copy_of_seed, ret0); memcpy( ret, ret0, (size_t)6U * @@ -4210,6 +5260,31 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_fe( KRML_HOST_EXIT(255U); } +/** +This function found in impl {(libcrux_ml_dsa::samplex4::X4Sampler for +libcrux_ml_dsa::samplex4::avx2::AVX2Sampler)} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.samplex4.avx2.matrix_A_b8 +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit +with const generics +- ROWS_IN_A= 6 +- COLUMNS_IN_A= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe( + uint8_t seed[34U], + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret[6U][5U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 ret0[6U][5U]; + libcrux_ml_dsa_samplex4_avx2_matrix_A_avx2_fe(copy_of_seed, ret0); + memcpy(ret, ret0, + (size_t)6U * + sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); +} + /** A monomorphic instance of K. with types libcrux_ml_dsa_polynomial_PolynomialRingElement @@ -4223,6 +5298,14 @@ typedef struct tuple_ce0_s { libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd[6U]; } tuple_ce0; +typedef struct + libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4_s { + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 fst; + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 snd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 thd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f3; +} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit_x4; + /** A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types @@ -4305,6 +5388,35 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d( randomness, sampled, out); } +/** +This function found in impl +{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24 +libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) { + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result = + libcrux_ml_dsa_polynomial_ZERO_ff_ea(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2( + Eurydice_slice_subslice2( + array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + (i0 + (size_t)1U) * + LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + int32_t)); + } + return result; +} + /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, @@ -5134,6 +6246,7 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_a9( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -5147,7 +6260,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_a0 -libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(uint8_t randomness[32U]) { +libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_90(uint8_t randomness[32U]) { uint8_t seed_expanded0[128U] = {0U}; libcrux_sha3_portable_incremental_Shake256Xof shake = libcrux_ml_dsa_hash_functions_portable_init_83(); @@ -5172,7 +6285,7 @@ libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(uint8_t randomness[32U]) { libcrux_ml_dsa_polynomial_PolynomialRingElement_24 a_as_ntt[6U][5U]; uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret); - libcrux_ml_dsa_samplex4_matrix_A_fe(ret, a_as_ntt); + libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, a_as_ntt); uint8_t ret0[66U]; libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0); tuple_ce0 uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_4d(ret0); @@ -5270,7 +6383,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_generate_key_pair /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_bc(copy_of_randomness); + return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_90(copy_of_randomness); } /** @@ -5646,7 +6759,7 @@ libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t] */ typedef struct Option_a4_s { - Option_d8_tags tag; + Option_08_tags tag; libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f0[5U]; } Option_a4; @@ -6806,6 +7919,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_cc( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -6826,7 +7940,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics - SIGNATURE_SIZE= 3309 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea( +static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b( uint8_t *signing_key, Eurydice_slice message, Option_84 domain_separation_context, uint8_t randomness[32U]) { tuple_f00 uu____0 = @@ -6853,7 +7967,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea( uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6( Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret); - libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt); + libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, A_as_ntt); uint8_t message_representative[64U] = {0U}; uint8_t uu____1[64U]; memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t)); @@ -7122,6 +8236,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -7142,7 +8257,7 @@ libcrux_ml_dsa_hash_functions_simd256_Shake256x4 with const generics - SIGNATURE_SIZE= 3309 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea( +static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_6b( uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45( @@ -7158,7 +8273,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_ea( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea( + uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b( uu____2, uu____3, uu____4, copy_of_randomness); } else { uu____1 = (CLITERAL(Result_2e){ @@ -7201,7 +8316,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_f3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_sign_ea(uu____0, uu____1, uu____2, + return libcrux_ml_dsa_ml_dsa_generic_sign_6b(uu____0, uu____1, uu____2, copy_of_randomness); } @@ -7252,7 +8367,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign( libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { - uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key); + uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key); Eurydice_slice uu____1 = message; Eurydice_slice uu____2 = context; /* Passing arrays by value in Rust generates a copy in C */ @@ -7265,6 +8380,7 @@ static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_portable_Shake128, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, @@ -7289,7 +8405,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE Result_2e -libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key, +libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_b7(uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { @@ -7320,7 +8436,7 @@ libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e(uint8_t *signing_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_ea( + uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_6b( uu____3, uu____4, uu____5, copy_of_randomness); } else { uu____0 = (CLITERAL(Result_2e){ @@ -7364,7 +8480,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_sign_pre_hashed_s /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_6e( + return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_b7( uu____0, uu____1, uu____2, copy_of_randomness); } @@ -7416,7 +8532,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Result_2e libcrux_ml_dsa_ml_dsa_65_avx2_sign_pre_hashed_shake128( libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { - uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key); + uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key); Eurydice_slice uu____1 = message; Eurydice_slice uu____2 = context; /* Passing arrays by value in Rust generates a copy in C */ @@ -8000,6 +9116,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_fe( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics @@ -8019,7 +9136,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE Result_41 -libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1( +libcrux_ml_dsa_ml_dsa_generic_verify_internal_44( uint8_t *verification_key_serialized, Eurydice_slice message, Option_84 domain_separation_context, uint8_t *signature_serialized) { tuple_930 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_fe( @@ -8050,7 +9167,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1( uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6( Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret); - libcrux_ml_dsa_samplex4_matrix_A_fe(ret, A_as_ntt); + libcrux_ml_dsa_samplex4_avx2_matrix_A_b8_fe(ret, A_as_ntt); uint8_t verification_key_hash[64U] = {0U}; libcrux_ml_dsa_hash_functions_simd256_shake256_d9_24( Eurydice_array_to_slice((size_t)1952U, verification_key_serialized, @@ -8132,6 +9249,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics @@ -8150,7 +9268,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics - MAX_ONES_IN_HINT= 55 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1( +static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_44( uint8_t *verification_key_serialized, Eurydice_slice message, Eurydice_slice context, uint8_t *signature_serialized) { Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45( @@ -8160,7 +9278,7 @@ static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_d1( libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok; libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context = dsc; - uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1( + uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_44( verification_key_serialized, message, (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}), signature_serialized); @@ -8198,7 +9316,7 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_01( uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context, uint8_t *signature) { - return libcrux_ml_dsa_ml_dsa_generic_verify_d1(verification_key, message, + return libcrux_ml_dsa_ml_dsa_generic_verify_44(verification_key, message, context, signature); } @@ -8244,13 +9362,14 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_65_avx2_verify( Eurydice_slice message, Eurydice_slice context, libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) { return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_01( - libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context, - libcrux_ml_dsa_types_as_raw_8f_fa(signature)); + libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context, + libcrux_ml_dsa_types_as_ref_8f_fa(signature)); } /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, +libcrux_ml_dsa_samplex4_avx2_AVX2Sampler, libcrux_ml_dsa_hash_functions_portable_Shake128, libcrux_ml_dsa_hash_functions_simd256_Shake128x4, libcrux_ml_dsa_hash_functions_simd256_Shake256, @@ -8273,7 +9392,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE Result_41 -libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07( +libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_f8( uint8_t *verification_key_serialized, Eurydice_slice message, Eurydice_slice context, uint8_t *signature_serialized) { uint8_t pre_hashed_message[256U]; @@ -8290,7 +9409,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07( libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok; libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context = dsc; - uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_d1( + uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_44( verification_key_serialized, Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t), (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}), @@ -8329,7 +9448,7 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_avx2_feature_verify_pre_hashed_shake128_01( uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context, uint8_t *signature) { - return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_07( + return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_f8( verification_key, message, context, signature); } @@ -8377,8 +9496,8 @@ libcrux_ml_dsa_ml_dsa_65_avx2_verify_pre_hashed_shake128( Eurydice_slice message, Eurydice_slice context, libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) { return libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2_verify_pre_hashed_shake128_01( - libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context, - libcrux_ml_dsa_types_as_raw_8f_fa(signature)); + libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context, + libcrux_ml_dsa_types_as_ref_8f_fa(signature)); } KRML_ATTRIBUTE_TARGET("avx2") diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h index 7c1e075a3..b661b4316 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ #ifndef __libcrux_mldsa65_portable_H @@ -512,16 +512,23 @@ typedef libcrux_ml_dsa_types_MLDSAVerificationKey_ea LIBCRUX_ML_DSA_CONSTANTS_BITS_IN_LOWER_PART_OF_T) / \ (size_t)8U) -static KRML_MUSTINLINE uint16_t -libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t row, uint8_t column) { - return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U; -} - #define LIBCRUX_ML_DSA_SIMD_TRAITS_FIELD_MODULUS ((int32_t)8380417) #define LIBCRUX_ML_DSA_SIMD_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (58728449ULL) +typedef struct uint8_t_x2_s { + uint8_t fst; + uint8_t snd; +} uint8_t_x2; + +static KRML_MUSTINLINE uint16_t +libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t_x2 _) { + uint8_t row = _.fst; + uint8_t column = _.snd; + return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U; +} + typedef struct libcrux_ml_dsa_pre_hash_DomainSeparationContext_s { Eurydice_slice context; Option_30 pre_hash_oid; @@ -645,6 +652,8 @@ static inline void libcrux_ml_dsa_pre_hash_oid_bd(uint8_t ret[11U]) { (size_t)11U * sizeof(uint8_t)); } +typedef struct libcrux_ml_dsa_pre_hash_SHAKE128_PH_s { +} libcrux_ml_dsa_pre_hash_SHAKE128_PH; typedef struct libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_s { int32_t coefficients[8U]; @@ -4152,10 +4161,20 @@ static inline void libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36( sizeof(libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit)); } -typedef struct uint8_t_x2_s { - uint8_t fst; - uint8_t snd; -} uint8_t_x2; +typedef struct libcrux_ml_dsa_samplex4_portable_PortableSampler_s { +} libcrux_ml_dsa_samplex4_portable_PortableSampler; + +typedef struct uint8_t_840size_t__x4_s { + uint8_t fst[840U]; + uint8_t snd[840U]; + uint8_t thd[840U]; + uint8_t f3[840U]; +} uint8_t_840size_t__x4; + +typedef struct size_t_x2_s { + size_t fst; + size_t snd; +} size_t_x2; /** A monomorphic instance of K. @@ -4225,575 +4244,74 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ba(void) { return lit; } -typedef struct - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4_s { - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst; - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b thd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3; -} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4; - /** -A monomorphic instance of -libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types -libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics - -*/ -static KRML_MUSTINLINE bool -libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) { - bool done = false; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) { - size_t _cloop_i = i; - Eurydice_slice random_bytes = - Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U, - _cloop_i * (size_t)24U + (size_t)24U, uint8_t); - if (!done) { - Eurydice_slice uu____0 = random_bytes; - size_t sampled = - libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36( - uu____0, Eurydice_array_to_subslice_from((size_t)263U, out, - sampled_coefficients[0U], - int32_t, size_t)); - sampled_coefficients[0U] = sampled_coefficients[0U] + sampled; - if (sampled_coefficients[0U] >= - LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - done = true; - } - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics - +- $840size_t +- $6size_t +- $5size_t */ -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b -libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result = - libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 = - libcrux_ml_dsa_simd_portable_from_coefficient_array_36( - Eurydice_slice_subslice2( - array, - i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - (i0 + (size_t)1U) * - LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - int32_t)); - result.simd_units[i0] = uu____0; - } - return result; -} +typedef struct libcrux_ml_dsa_sample_SampleArgs_4e_s { + uint8_t_840size_t__x4 *rand_stack; + Eurydice_slice tmp_stack; + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U]; + Eurydice_slice indices; +} libcrux_ml_dsa_sample_SampleArgs_4e; /** -A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics - +This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit, +STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]} */ -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 -libcrux_ml_dsa_sample_sample_four_ring_elements_ba(uint8_t seed0[34U], - uint16_t domain_separator0, - uint16_t domain_separator1, - uint16_t domain_seperator2, - uint16_t domain_separator3) { - seed0[32U] = (uint8_t)domain_separator0; - seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); - uint8_t seed1[34U]; - memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t)); - seed1[32U] = (uint8_t)domain_separator1; - seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); - uint8_t seed2[34U]; - memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); - seed2[32U] = (uint8_t)domain_seperator2; - seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); - uint8_t seed3[34U]; - memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); - seed3[32U] = (uint8_t)domain_separator3; - seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U); - libcrux_ml_dsa_hash_functions_portable_Shake128X4 state = - libcrux_ml_dsa_hash_functions_portable_init_absorb_ed( - Eurydice_array_to_slice((size_t)34U, seed0, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed1, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), - Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); - uint8_t randomness0[840U] = {0U}; - uint8_t randomness1[840U] = {0U}; - uint8_t randomness2[840U] = {0U}; - uint8_t randomness3[840U] = {0U}; - libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed( - &state, randomness0, randomness1, randomness2, randomness3); - int32_t coefficients0[263U] = {0U}; - int32_t coefficients1[263U] = {0U}; - int32_t coefficients2[263U] = {0U}; - int32_t coefficients3[263U] = {0U}; - size_t sampled0 = (size_t)0U; - size_t sampled1 = (size_t)0U; - size_t sampled2 = (size_t)0U; - size_t sampled3 = (size_t)0U; - bool done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, randomness0, uint8_t), - &sampled0, coefficients0); - bool done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, randomness1, uint8_t), - &sampled1, coefficients1); - bool done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, randomness2, uint8_t), - &sampled2, coefficients2); - bool done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, randomness3, uint8_t), - &sampled3, coefficients3); - while (true) { - if (done0) { - if (done1) { - if (done2) { - if (done3) { - break; - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( - &state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, - uint8_t), - &sampled3, coefficients3); - } - } - } else { - uint8_t_168size_t__x4 randomnesses = - libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state); - if (!done0) { - done0 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.fst, - uint8_t), - &sampled0, coefficients0); - } - if (!done1) { - done1 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.snd, - uint8_t), - &sampled1, coefficients1); - } - if (!done2) { - done2 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.thd, - uint8_t), - &sampled2, coefficients2); - } - if (!done3) { - done3 = - libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), - &sampled3, coefficients3); - } - } - } - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____0 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ba( - Eurydice_array_to_slice((size_t)263U, coefficients0, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ba( - Eurydice_array_to_slice((size_t)263U, coefficients1, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____2 = - libcrux_ml_dsa_polynomial_from_i32_array_ff_ba( - Eurydice_array_to_slice((size_t)263U, coefficients2, int32_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - lit; - lit.fst = uu____0; - lit.snd = uu____1; - lit.thd = uu____2; - lit.f3 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ba( - Eurydice_array_to_slice((size_t)263U, coefficients3, int32_t)); - return lit; -} - /** -A monomorphic instance of libcrux_ml_dsa.samplex4.update_matrix +A monomorphic instance of libcrux_ml_dsa.sample.new_29 with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics +- STACK_SIZE= 840 - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ -static inline void libcrux_ml_dsa_samplex4_update_matrix_2f( - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*m)[5U], size_t i, - size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_9b v) { - m[i][j] = v; +static inline libcrux_ml_dsa_sample_SampleArgs_4e +libcrux_ml_dsa_sample_new_29_ab( + uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U], + Eurydice_slice indices) { + libcrux_ml_dsa_sample_SampleArgs_4e lit; + lit.rand_stack = rand_stack; + lit.tmp_stack = tmp_stack; + lit.out = out; + lit.indices = indices; + return lit; } /** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_4_by_4 -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics +A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f( - uint8_t seed[34U], - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U]; - for (size_t i = (size_t)0U; i < (size_t)6U; i++) { - A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U, - four_ring_elements2.f3); - memcpy(ret, A, - (size_t)6U * - sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); +static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, + uint16_t domain_seperator2, uint16_t domain_separator3, + libcrux_ml_dsa_sample_SampleArgs_4e *memory) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "Eurydice error: Failure(\"Error looking trait impl: " + "core::slice::iter::{core::iter::traits::iterator::Iterator for " + "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, " + "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n"); + KRML_HOST_EXIT(255U); } /** A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_6_by_5 -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics -- ROWS_IN_A= 6 -- COLUMNS_IN_A= 5 -*/ -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f( - uint8_t seed[34U], - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U]; - for (size_t i = (size_t)0U; i < (size_t)6U; i++) { - A[i][0U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][1U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][2U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U, - four_ring_elements2.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed3[34U]; - memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed3, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U, - four_ring_elements3.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U, - four_ring_elements3.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U, - four_ring_elements3.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U, - four_ring_elements3.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed4[34U]; - memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed4, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U, - four_ring_elements4.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U, - four_ring_elements4.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U, - four_ring_elements4.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U, - four_ring_elements4.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed5[34U]; - memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed5, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U, - four_ring_elements5.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U, - four_ring_elements5.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U, - four_ring_elements5.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U, - four_ring_elements5.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed6[34U]; - memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed6, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U, - four_ring_elements6.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U, - four_ring_elements6.snd); - memcpy(ret, A, - (size_t)6U * - sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); -} - -/** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_8_by_7 -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f( +static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( uint8_t seed[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) { libcrux_ml_dsa_polynomial_PolynomialRingElement_9b A[6U][5U]; @@ -4804,295 +4322,1864 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f( A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); } - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)0U, - four_ring_elements.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)1U, - four_ring_elements.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)2U, - four_ring_elements.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)3U, - four_ring_elements.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed0[34U]; - memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements0 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed0, - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(0U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)4U, - four_ring_elements0.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)5U, - four_ring_elements0.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)0U, (size_t)6U, - four_ring_elements0.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)0U, - four_ring_elements0.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed1[34U]; - memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements1 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed1, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)1U, - four_ring_elements1.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)2U, - four_ring_elements1.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)3U, - four_ring_elements1.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)4U, - four_ring_elements1.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed2[34U]; - memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements2 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed2, - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(1U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)5U, - four_ring_elements2.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)1U, (size_t)6U, - four_ring_elements2.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)0U, - four_ring_elements2.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)1U, - four_ring_elements2.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed3[34U]; - memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements3 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed3, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 5U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)2U, - four_ring_elements3.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)3U, - four_ring_elements3.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)4U, - four_ring_elements3.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)5U, - four_ring_elements3.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed4[34U]; - memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements4 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed4, - libcrux_ml_dsa_samplex4_generate_domain_separator(2U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)2U, (size_t)6U, - four_ring_elements4.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)0U, - four_ring_elements4.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)1U, - four_ring_elements4.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)2U, - four_ring_elements4.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed5[34U]; - memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements5 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed5, - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(3U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)3U, - four_ring_elements5.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)4U, - four_ring_elements5.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)5U, - four_ring_elements5.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)3U, (size_t)6U, - four_ring_elements5.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed6[34U]; - memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements6 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed6, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 3U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)0U, - four_ring_elements6.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)1U, - four_ring_elements6.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)2U, - four_ring_elements6.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)3U, - four_ring_elements6.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed7[34U]; - memcpy(copy_of_seed7, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements7 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed7, - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(4U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 0U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)4U, - four_ring_elements7.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)5U, - four_ring_elements7.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)4U, (size_t)6U, - four_ring_elements7.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)0U, - four_ring_elements7.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed8[34U]; - memcpy(copy_of_seed8, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements8 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed8, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 4U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)1U, - four_ring_elements8.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)2U, - four_ring_elements8.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)3U, - four_ring_elements8.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)4U, - four_ring_elements8.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed9[34U]; - memcpy(copy_of_seed9, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements9 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed9, - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(5U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 1U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)5U, - four_ring_elements9.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)5U, (size_t)6U, - four_ring_elements9.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)0U, - four_ring_elements9.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)1U, - four_ring_elements9.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed10[34U]; - memcpy(copy_of_seed10, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements10 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed10, - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 2U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 5U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)2U, - four_ring_elements10.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)3U, - four_ring_elements10.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)4U, - four_ring_elements10.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)5U, - four_ring_elements10.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed11[34U]; - memcpy(copy_of_seed11, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements11 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed11, - libcrux_ml_dsa_samplex4_generate_domain_separator(6U, 6U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 0U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 1U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 2U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)6U, (size_t)6U, - four_ring_elements11.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)0U, - four_ring_elements11.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)1U, - four_ring_elements11.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)2U, - four_ring_elements11.f3); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed12[34U]; - memcpy(copy_of_seed12, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4 - four_ring_elements12 = libcrux_ml_dsa_sample_sample_four_ring_elements_ba( - copy_of_seed12, - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 3U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 4U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 5U), - libcrux_ml_dsa_samplex4_generate_domain_separator(7U, 6U)); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)3U, - four_ring_elements12.fst); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)4U, - four_ring_elements12.snd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)5U, - four_ring_elements12.thd); - libcrux_ml_dsa_samplex4_update_matrix_2f(A, (size_t)7U, (size_t)6U, - four_ring_elements12.f3); + uint8_t uu____0[840U] = {0U}; + uint8_t uu____1[840U] = {0U}; + uint8_t_840size_t__x4 rand_stack; + rand_stack.fst[0U] = 0U; + rand_stack.fst[1U] = 0U; + rand_stack.fst[2U] = 0U; + rand_stack.fst[3U] = 0U; + rand_stack.fst[4U] = 0U; + rand_stack.fst[5U] = 0U; + rand_stack.fst[6U] = 0U; + rand_stack.fst[7U] = 0U; + rand_stack.fst[8U] = 0U; + rand_stack.fst[9U] = 0U; + rand_stack.fst[10U] = 0U; + rand_stack.fst[11U] = 0U; + rand_stack.fst[12U] = 0U; + rand_stack.fst[13U] = 0U; + rand_stack.fst[14U] = 0U; + rand_stack.fst[15U] = 0U; + rand_stack.fst[16U] = 0U; + rand_stack.fst[17U] = 0U; + rand_stack.fst[18U] = 0U; + rand_stack.fst[19U] = 0U; + rand_stack.fst[20U] = 0U; + rand_stack.fst[21U] = 0U; + rand_stack.fst[22U] = 0U; + rand_stack.fst[23U] = 0U; + rand_stack.fst[24U] = 0U; + rand_stack.fst[25U] = 0U; + rand_stack.fst[26U] = 0U; + rand_stack.fst[27U] = 0U; + rand_stack.fst[28U] = 0U; + rand_stack.fst[29U] = 0U; + rand_stack.fst[30U] = 0U; + rand_stack.fst[31U] = 0U; + rand_stack.fst[32U] = 0U; + rand_stack.fst[33U] = 0U; + rand_stack.fst[34U] = 0U; + rand_stack.fst[35U] = 0U; + rand_stack.fst[36U] = 0U; + rand_stack.fst[37U] = 0U; + rand_stack.fst[38U] = 0U; + rand_stack.fst[39U] = 0U; + rand_stack.fst[40U] = 0U; + rand_stack.fst[41U] = 0U; + rand_stack.fst[42U] = 0U; + rand_stack.fst[43U] = 0U; + rand_stack.fst[44U] = 0U; + rand_stack.fst[45U] = 0U; + rand_stack.fst[46U] = 0U; + rand_stack.fst[47U] = 0U; + rand_stack.fst[48U] = 0U; + rand_stack.fst[49U] = 0U; + rand_stack.fst[50U] = 0U; + rand_stack.fst[51U] = 0U; + rand_stack.fst[52U] = 0U; + rand_stack.fst[53U] = 0U; + rand_stack.fst[54U] = 0U; + rand_stack.fst[55U] = 0U; + rand_stack.fst[56U] = 0U; + rand_stack.fst[57U] = 0U; + rand_stack.fst[58U] = 0U; + rand_stack.fst[59U] = 0U; + rand_stack.fst[60U] = 0U; + rand_stack.fst[61U] = 0U; + rand_stack.fst[62U] = 0U; + rand_stack.fst[63U] = 0U; + rand_stack.fst[64U] = 0U; + rand_stack.fst[65U] = 0U; + rand_stack.fst[66U] = 0U; + rand_stack.fst[67U] = 0U; + rand_stack.fst[68U] = 0U; + rand_stack.fst[69U] = 0U; + rand_stack.fst[70U] = 0U; + rand_stack.fst[71U] = 0U; + rand_stack.fst[72U] = 0U; + rand_stack.fst[73U] = 0U; + rand_stack.fst[74U] = 0U; + rand_stack.fst[75U] = 0U; + rand_stack.fst[76U] = 0U; + rand_stack.fst[77U] = 0U; + rand_stack.fst[78U] = 0U; + rand_stack.fst[79U] = 0U; + rand_stack.fst[80U] = 0U; + rand_stack.fst[81U] = 0U; + rand_stack.fst[82U] = 0U; + rand_stack.fst[83U] = 0U; + rand_stack.fst[84U] = 0U; + rand_stack.fst[85U] = 0U; + rand_stack.fst[86U] = 0U; + rand_stack.fst[87U] = 0U; + rand_stack.fst[88U] = 0U; + rand_stack.fst[89U] = 0U; + rand_stack.fst[90U] = 0U; + rand_stack.fst[91U] = 0U; + rand_stack.fst[92U] = 0U; + rand_stack.fst[93U] = 0U; + rand_stack.fst[94U] = 0U; + rand_stack.fst[95U] = 0U; + rand_stack.fst[96U] = 0U; + rand_stack.fst[97U] = 0U; + rand_stack.fst[98U] = 0U; + rand_stack.fst[99U] = 0U; + rand_stack.fst[100U] = 0U; + rand_stack.fst[101U] = 0U; + rand_stack.fst[102U] = 0U; + rand_stack.fst[103U] = 0U; + rand_stack.fst[104U] = 0U; + rand_stack.fst[105U] = 0U; + rand_stack.fst[106U] = 0U; + rand_stack.fst[107U] = 0U; + rand_stack.fst[108U] = 0U; + rand_stack.fst[109U] = 0U; + rand_stack.fst[110U] = 0U; + rand_stack.fst[111U] = 0U; + rand_stack.fst[112U] = 0U; + rand_stack.fst[113U] = 0U; + rand_stack.fst[114U] = 0U; + rand_stack.fst[115U] = 0U; + rand_stack.fst[116U] = 0U; + rand_stack.fst[117U] = 0U; + rand_stack.fst[118U] = 0U; + rand_stack.fst[119U] = 0U; + rand_stack.fst[120U] = 0U; + rand_stack.fst[121U] = 0U; + rand_stack.fst[122U] = 0U; + rand_stack.fst[123U] = 0U; + rand_stack.fst[124U] = 0U; + rand_stack.fst[125U] = 0U; + rand_stack.fst[126U] = 0U; + rand_stack.fst[127U] = 0U; + rand_stack.fst[128U] = 0U; + rand_stack.fst[129U] = 0U; + rand_stack.fst[130U] = 0U; + rand_stack.fst[131U] = 0U; + rand_stack.fst[132U] = 0U; + rand_stack.fst[133U] = 0U; + rand_stack.fst[134U] = 0U; + rand_stack.fst[135U] = 0U; + rand_stack.fst[136U] = 0U; + rand_stack.fst[137U] = 0U; + rand_stack.fst[138U] = 0U; + rand_stack.fst[139U] = 0U; + rand_stack.fst[140U] = 0U; + rand_stack.fst[141U] = 0U; + rand_stack.fst[142U] = 0U; + rand_stack.fst[143U] = 0U; + rand_stack.fst[144U] = 0U; + rand_stack.fst[145U] = 0U; + rand_stack.fst[146U] = 0U; + rand_stack.fst[147U] = 0U; + rand_stack.fst[148U] = 0U; + rand_stack.fst[149U] = 0U; + rand_stack.fst[150U] = 0U; + rand_stack.fst[151U] = 0U; + rand_stack.fst[152U] = 0U; + rand_stack.fst[153U] = 0U; + rand_stack.fst[154U] = 0U; + rand_stack.fst[155U] = 0U; + rand_stack.fst[156U] = 0U; + rand_stack.fst[157U] = 0U; + rand_stack.fst[158U] = 0U; + rand_stack.fst[159U] = 0U; + rand_stack.fst[160U] = 0U; + rand_stack.fst[161U] = 0U; + rand_stack.fst[162U] = 0U; + rand_stack.fst[163U] = 0U; + rand_stack.fst[164U] = 0U; + rand_stack.fst[165U] = 0U; + rand_stack.fst[166U] = 0U; + rand_stack.fst[167U] = 0U; + rand_stack.fst[168U] = 0U; + rand_stack.fst[169U] = 0U; + rand_stack.fst[170U] = 0U; + rand_stack.fst[171U] = 0U; + rand_stack.fst[172U] = 0U; + rand_stack.fst[173U] = 0U; + rand_stack.fst[174U] = 0U; + rand_stack.fst[175U] = 0U; + rand_stack.fst[176U] = 0U; + rand_stack.fst[177U] = 0U; + rand_stack.fst[178U] = 0U; + rand_stack.fst[179U] = 0U; + rand_stack.fst[180U] = 0U; + rand_stack.fst[181U] = 0U; + rand_stack.fst[182U] = 0U; + rand_stack.fst[183U] = 0U; + rand_stack.fst[184U] = 0U; + rand_stack.fst[185U] = 0U; + rand_stack.fst[186U] = 0U; + rand_stack.fst[187U] = 0U; + rand_stack.fst[188U] = 0U; + rand_stack.fst[189U] = 0U; + rand_stack.fst[190U] = 0U; + rand_stack.fst[191U] = 0U; + rand_stack.fst[192U] = 0U; + rand_stack.fst[193U] = 0U; + rand_stack.fst[194U] = 0U; + rand_stack.fst[195U] = 0U; + rand_stack.fst[196U] = 0U; + rand_stack.fst[197U] = 0U; + rand_stack.fst[198U] = 0U; + rand_stack.fst[199U] = 0U; + rand_stack.fst[200U] = 0U; + rand_stack.fst[201U] = 0U; + rand_stack.fst[202U] = 0U; + rand_stack.fst[203U] = 0U; + rand_stack.fst[204U] = 0U; + rand_stack.fst[205U] = 0U; + rand_stack.fst[206U] = 0U; + rand_stack.fst[207U] = 0U; + rand_stack.fst[208U] = 0U; + rand_stack.fst[209U] = 0U; + rand_stack.fst[210U] = 0U; + rand_stack.fst[211U] = 0U; + rand_stack.fst[212U] = 0U; + rand_stack.fst[213U] = 0U; + rand_stack.fst[214U] = 0U; + rand_stack.fst[215U] = 0U; + rand_stack.fst[216U] = 0U; + rand_stack.fst[217U] = 0U; + rand_stack.fst[218U] = 0U; + rand_stack.fst[219U] = 0U; + rand_stack.fst[220U] = 0U; + rand_stack.fst[221U] = 0U; + rand_stack.fst[222U] = 0U; + rand_stack.fst[223U] = 0U; + rand_stack.fst[224U] = 0U; + rand_stack.fst[225U] = 0U; + rand_stack.fst[226U] = 0U; + rand_stack.fst[227U] = 0U; + rand_stack.fst[228U] = 0U; + rand_stack.fst[229U] = 0U; + rand_stack.fst[230U] = 0U; + rand_stack.fst[231U] = 0U; + rand_stack.fst[232U] = 0U; + rand_stack.fst[233U] = 0U; + rand_stack.fst[234U] = 0U; + rand_stack.fst[235U] = 0U; + rand_stack.fst[236U] = 0U; + rand_stack.fst[237U] = 0U; + rand_stack.fst[238U] = 0U; + rand_stack.fst[239U] = 0U; + rand_stack.fst[240U] = 0U; + rand_stack.fst[241U] = 0U; + rand_stack.fst[242U] = 0U; + rand_stack.fst[243U] = 0U; + rand_stack.fst[244U] = 0U; + rand_stack.fst[245U] = 0U; + rand_stack.fst[246U] = 0U; + rand_stack.fst[247U] = 0U; + rand_stack.fst[248U] = 0U; + rand_stack.fst[249U] = 0U; + rand_stack.fst[250U] = 0U; + rand_stack.fst[251U] = 0U; + rand_stack.fst[252U] = 0U; + rand_stack.fst[253U] = 0U; + rand_stack.fst[254U] = 0U; + rand_stack.fst[255U] = 0U; + rand_stack.fst[256U] = 0U; + rand_stack.fst[257U] = 0U; + rand_stack.fst[258U] = 0U; + rand_stack.fst[259U] = 0U; + rand_stack.fst[260U] = 0U; + rand_stack.fst[261U] = 0U; + rand_stack.fst[262U] = 0U; + rand_stack.fst[263U] = 0U; + rand_stack.fst[264U] = 0U; + rand_stack.fst[265U] = 0U; + rand_stack.fst[266U] = 0U; + rand_stack.fst[267U] = 0U; + rand_stack.fst[268U] = 0U; + rand_stack.fst[269U] = 0U; + rand_stack.fst[270U] = 0U; + rand_stack.fst[271U] = 0U; + rand_stack.fst[272U] = 0U; + rand_stack.fst[273U] = 0U; + rand_stack.fst[274U] = 0U; + rand_stack.fst[275U] = 0U; + rand_stack.fst[276U] = 0U; + rand_stack.fst[277U] = 0U; + rand_stack.fst[278U] = 0U; + rand_stack.fst[279U] = 0U; + rand_stack.fst[280U] = 0U; + rand_stack.fst[281U] = 0U; + rand_stack.fst[282U] = 0U; + rand_stack.fst[283U] = 0U; + rand_stack.fst[284U] = 0U; + rand_stack.fst[285U] = 0U; + rand_stack.fst[286U] = 0U; + rand_stack.fst[287U] = 0U; + rand_stack.fst[288U] = 0U; + rand_stack.fst[289U] = 0U; + rand_stack.fst[290U] = 0U; + rand_stack.fst[291U] = 0U; + rand_stack.fst[292U] = 0U; + rand_stack.fst[293U] = 0U; + rand_stack.fst[294U] = 0U; + rand_stack.fst[295U] = 0U; + rand_stack.fst[296U] = 0U; + rand_stack.fst[297U] = 0U; + rand_stack.fst[298U] = 0U; + rand_stack.fst[299U] = 0U; + rand_stack.fst[300U] = 0U; + rand_stack.fst[301U] = 0U; + rand_stack.fst[302U] = 0U; + rand_stack.fst[303U] = 0U; + rand_stack.fst[304U] = 0U; + rand_stack.fst[305U] = 0U; + rand_stack.fst[306U] = 0U; + rand_stack.fst[307U] = 0U; + rand_stack.fst[308U] = 0U; + rand_stack.fst[309U] = 0U; + rand_stack.fst[310U] = 0U; + rand_stack.fst[311U] = 0U; + rand_stack.fst[312U] = 0U; + rand_stack.fst[313U] = 0U; + rand_stack.fst[314U] = 0U; + rand_stack.fst[315U] = 0U; + rand_stack.fst[316U] = 0U; + rand_stack.fst[317U] = 0U; + rand_stack.fst[318U] = 0U; + rand_stack.fst[319U] = 0U; + rand_stack.fst[320U] = 0U; + rand_stack.fst[321U] = 0U; + rand_stack.fst[322U] = 0U; + rand_stack.fst[323U] = 0U; + rand_stack.fst[324U] = 0U; + rand_stack.fst[325U] = 0U; + rand_stack.fst[326U] = 0U; + rand_stack.fst[327U] = 0U; + rand_stack.fst[328U] = 0U; + rand_stack.fst[329U] = 0U; + rand_stack.fst[330U] = 0U; + rand_stack.fst[331U] = 0U; + rand_stack.fst[332U] = 0U; + rand_stack.fst[333U] = 0U; + rand_stack.fst[334U] = 0U; + rand_stack.fst[335U] = 0U; + rand_stack.fst[336U] = 0U; + rand_stack.fst[337U] = 0U; + rand_stack.fst[338U] = 0U; + rand_stack.fst[339U] = 0U; + rand_stack.fst[340U] = 0U; + rand_stack.fst[341U] = 0U; + rand_stack.fst[342U] = 0U; + rand_stack.fst[343U] = 0U; + rand_stack.fst[344U] = 0U; + rand_stack.fst[345U] = 0U; + rand_stack.fst[346U] = 0U; + rand_stack.fst[347U] = 0U; + rand_stack.fst[348U] = 0U; + rand_stack.fst[349U] = 0U; + rand_stack.fst[350U] = 0U; + rand_stack.fst[351U] = 0U; + rand_stack.fst[352U] = 0U; + rand_stack.fst[353U] = 0U; + rand_stack.fst[354U] = 0U; + rand_stack.fst[355U] = 0U; + rand_stack.fst[356U] = 0U; + rand_stack.fst[357U] = 0U; + rand_stack.fst[358U] = 0U; + rand_stack.fst[359U] = 0U; + rand_stack.fst[360U] = 0U; + rand_stack.fst[361U] = 0U; + rand_stack.fst[362U] = 0U; + rand_stack.fst[363U] = 0U; + rand_stack.fst[364U] = 0U; + rand_stack.fst[365U] = 0U; + rand_stack.fst[366U] = 0U; + rand_stack.fst[367U] = 0U; + rand_stack.fst[368U] = 0U; + rand_stack.fst[369U] = 0U; + rand_stack.fst[370U] = 0U; + rand_stack.fst[371U] = 0U; + rand_stack.fst[372U] = 0U; + rand_stack.fst[373U] = 0U; + rand_stack.fst[374U] = 0U; + rand_stack.fst[375U] = 0U; + rand_stack.fst[376U] = 0U; + rand_stack.fst[377U] = 0U; + rand_stack.fst[378U] = 0U; + rand_stack.fst[379U] = 0U; + rand_stack.fst[380U] = 0U; + rand_stack.fst[381U] = 0U; + rand_stack.fst[382U] = 0U; + rand_stack.fst[383U] = 0U; + rand_stack.fst[384U] = 0U; + rand_stack.fst[385U] = 0U; + rand_stack.fst[386U] = 0U; + rand_stack.fst[387U] = 0U; + rand_stack.fst[388U] = 0U; + rand_stack.fst[389U] = 0U; + rand_stack.fst[390U] = 0U; + rand_stack.fst[391U] = 0U; + rand_stack.fst[392U] = 0U; + rand_stack.fst[393U] = 0U; + rand_stack.fst[394U] = 0U; + rand_stack.fst[395U] = 0U; + rand_stack.fst[396U] = 0U; + rand_stack.fst[397U] = 0U; + rand_stack.fst[398U] = 0U; + rand_stack.fst[399U] = 0U; + rand_stack.fst[400U] = 0U; + rand_stack.fst[401U] = 0U; + rand_stack.fst[402U] = 0U; + rand_stack.fst[403U] = 0U; + rand_stack.fst[404U] = 0U; + rand_stack.fst[405U] = 0U; + rand_stack.fst[406U] = 0U; + rand_stack.fst[407U] = 0U; + rand_stack.fst[408U] = 0U; + rand_stack.fst[409U] = 0U; + rand_stack.fst[410U] = 0U; + rand_stack.fst[411U] = 0U; + rand_stack.fst[412U] = 0U; + rand_stack.fst[413U] = 0U; + rand_stack.fst[414U] = 0U; + rand_stack.fst[415U] = 0U; + rand_stack.fst[416U] = 0U; + rand_stack.fst[417U] = 0U; + rand_stack.fst[418U] = 0U; + rand_stack.fst[419U] = 0U; + rand_stack.fst[420U] = 0U; + rand_stack.fst[421U] = 0U; + rand_stack.fst[422U] = 0U; + rand_stack.fst[423U] = 0U; + rand_stack.fst[424U] = 0U; + rand_stack.fst[425U] = 0U; + rand_stack.fst[426U] = 0U; + rand_stack.fst[427U] = 0U; + rand_stack.fst[428U] = 0U; + rand_stack.fst[429U] = 0U; + rand_stack.fst[430U] = 0U; + rand_stack.fst[431U] = 0U; + rand_stack.fst[432U] = 0U; + rand_stack.fst[433U] = 0U; + rand_stack.fst[434U] = 0U; + rand_stack.fst[435U] = 0U; + rand_stack.fst[436U] = 0U; + rand_stack.fst[437U] = 0U; + rand_stack.fst[438U] = 0U; + rand_stack.fst[439U] = 0U; + rand_stack.fst[440U] = 0U; + rand_stack.fst[441U] = 0U; + rand_stack.fst[442U] = 0U; + rand_stack.fst[443U] = 0U; + rand_stack.fst[444U] = 0U; + rand_stack.fst[445U] = 0U; + rand_stack.fst[446U] = 0U; + rand_stack.fst[447U] = 0U; + rand_stack.fst[448U] = 0U; + rand_stack.fst[449U] = 0U; + rand_stack.fst[450U] = 0U; + rand_stack.fst[451U] = 0U; + rand_stack.fst[452U] = 0U; + rand_stack.fst[453U] = 0U; + rand_stack.fst[454U] = 0U; + rand_stack.fst[455U] = 0U; + rand_stack.fst[456U] = 0U; + rand_stack.fst[457U] = 0U; + rand_stack.fst[458U] = 0U; + rand_stack.fst[459U] = 0U; + rand_stack.fst[460U] = 0U; + rand_stack.fst[461U] = 0U; + rand_stack.fst[462U] = 0U; + rand_stack.fst[463U] = 0U; + rand_stack.fst[464U] = 0U; + rand_stack.fst[465U] = 0U; + rand_stack.fst[466U] = 0U; + rand_stack.fst[467U] = 0U; + rand_stack.fst[468U] = 0U; + rand_stack.fst[469U] = 0U; + rand_stack.fst[470U] = 0U; + rand_stack.fst[471U] = 0U; + rand_stack.fst[472U] = 0U; + rand_stack.fst[473U] = 0U; + rand_stack.fst[474U] = 0U; + rand_stack.fst[475U] = 0U; + rand_stack.fst[476U] = 0U; + rand_stack.fst[477U] = 0U; + rand_stack.fst[478U] = 0U; + rand_stack.fst[479U] = 0U; + rand_stack.fst[480U] = 0U; + rand_stack.fst[481U] = 0U; + rand_stack.fst[482U] = 0U; + rand_stack.fst[483U] = 0U; + rand_stack.fst[484U] = 0U; + rand_stack.fst[485U] = 0U; + rand_stack.fst[486U] = 0U; + rand_stack.fst[487U] = 0U; + rand_stack.fst[488U] = 0U; + rand_stack.fst[489U] = 0U; + rand_stack.fst[490U] = 0U; + rand_stack.fst[491U] = 0U; + rand_stack.fst[492U] = 0U; + rand_stack.fst[493U] = 0U; + rand_stack.fst[494U] = 0U; + rand_stack.fst[495U] = 0U; + rand_stack.fst[496U] = 0U; + rand_stack.fst[497U] = 0U; + rand_stack.fst[498U] = 0U; + rand_stack.fst[499U] = 0U; + rand_stack.fst[500U] = 0U; + rand_stack.fst[501U] = 0U; + rand_stack.fst[502U] = 0U; + rand_stack.fst[503U] = 0U; + rand_stack.fst[504U] = 0U; + rand_stack.fst[505U] = 0U; + rand_stack.fst[506U] = 0U; + rand_stack.fst[507U] = 0U; + rand_stack.fst[508U] = 0U; + rand_stack.fst[509U] = 0U; + rand_stack.fst[510U] = 0U; + rand_stack.fst[511U] = 0U; + rand_stack.fst[512U] = 0U; + rand_stack.fst[513U] = 0U; + rand_stack.fst[514U] = 0U; + rand_stack.fst[515U] = 0U; + rand_stack.fst[516U] = 0U; + rand_stack.fst[517U] = 0U; + rand_stack.fst[518U] = 0U; + rand_stack.fst[519U] = 0U; + rand_stack.fst[520U] = 0U; + rand_stack.fst[521U] = 0U; + rand_stack.fst[522U] = 0U; + rand_stack.fst[523U] = 0U; + rand_stack.fst[524U] = 0U; + rand_stack.fst[525U] = 0U; + rand_stack.fst[526U] = 0U; + rand_stack.fst[527U] = 0U; + rand_stack.fst[528U] = 0U; + rand_stack.fst[529U] = 0U; + rand_stack.fst[530U] = 0U; + rand_stack.fst[531U] = 0U; + rand_stack.fst[532U] = 0U; + rand_stack.fst[533U] = 0U; + rand_stack.fst[534U] = 0U; + rand_stack.fst[535U] = 0U; + rand_stack.fst[536U] = 0U; + rand_stack.fst[537U] = 0U; + rand_stack.fst[538U] = 0U; + rand_stack.fst[539U] = 0U; + rand_stack.fst[540U] = 0U; + rand_stack.fst[541U] = 0U; + rand_stack.fst[542U] = 0U; + rand_stack.fst[543U] = 0U; + rand_stack.fst[544U] = 0U; + rand_stack.fst[545U] = 0U; + rand_stack.fst[546U] = 0U; + rand_stack.fst[547U] = 0U; + rand_stack.fst[548U] = 0U; + rand_stack.fst[549U] = 0U; + rand_stack.fst[550U] = 0U; + rand_stack.fst[551U] = 0U; + rand_stack.fst[552U] = 0U; + rand_stack.fst[553U] = 0U; + rand_stack.fst[554U] = 0U; + rand_stack.fst[555U] = 0U; + rand_stack.fst[556U] = 0U; + rand_stack.fst[557U] = 0U; + rand_stack.fst[558U] = 0U; + rand_stack.fst[559U] = 0U; + rand_stack.fst[560U] = 0U; + rand_stack.fst[561U] = 0U; + rand_stack.fst[562U] = 0U; + rand_stack.fst[563U] = 0U; + rand_stack.fst[564U] = 0U; + rand_stack.fst[565U] = 0U; + rand_stack.fst[566U] = 0U; + rand_stack.fst[567U] = 0U; + rand_stack.fst[568U] = 0U; + rand_stack.fst[569U] = 0U; + rand_stack.fst[570U] = 0U; + rand_stack.fst[571U] = 0U; + rand_stack.fst[572U] = 0U; + rand_stack.fst[573U] = 0U; + rand_stack.fst[574U] = 0U; + rand_stack.fst[575U] = 0U; + rand_stack.fst[576U] = 0U; + rand_stack.fst[577U] = 0U; + rand_stack.fst[578U] = 0U; + rand_stack.fst[579U] = 0U; + rand_stack.fst[580U] = 0U; + rand_stack.fst[581U] = 0U; + rand_stack.fst[582U] = 0U; + rand_stack.fst[583U] = 0U; + rand_stack.fst[584U] = 0U; + rand_stack.fst[585U] = 0U; + rand_stack.fst[586U] = 0U; + rand_stack.fst[587U] = 0U; + rand_stack.fst[588U] = 0U; + rand_stack.fst[589U] = 0U; + rand_stack.fst[590U] = 0U; + rand_stack.fst[591U] = 0U; + rand_stack.fst[592U] = 0U; + rand_stack.fst[593U] = 0U; + rand_stack.fst[594U] = 0U; + rand_stack.fst[595U] = 0U; + rand_stack.fst[596U] = 0U; + rand_stack.fst[597U] = 0U; + rand_stack.fst[598U] = 0U; + rand_stack.fst[599U] = 0U; + rand_stack.fst[600U] = 0U; + rand_stack.fst[601U] = 0U; + rand_stack.fst[602U] = 0U; + rand_stack.fst[603U] = 0U; + rand_stack.fst[604U] = 0U; + rand_stack.fst[605U] = 0U; + rand_stack.fst[606U] = 0U; + rand_stack.fst[607U] = 0U; + rand_stack.fst[608U] = 0U; + rand_stack.fst[609U] = 0U; + rand_stack.fst[610U] = 0U; + rand_stack.fst[611U] = 0U; + rand_stack.fst[612U] = 0U; + rand_stack.fst[613U] = 0U; + rand_stack.fst[614U] = 0U; + rand_stack.fst[615U] = 0U; + rand_stack.fst[616U] = 0U; + rand_stack.fst[617U] = 0U; + rand_stack.fst[618U] = 0U; + rand_stack.fst[619U] = 0U; + rand_stack.fst[620U] = 0U; + rand_stack.fst[621U] = 0U; + rand_stack.fst[622U] = 0U; + rand_stack.fst[623U] = 0U; + rand_stack.fst[624U] = 0U; + rand_stack.fst[625U] = 0U; + rand_stack.fst[626U] = 0U; + rand_stack.fst[627U] = 0U; + rand_stack.fst[628U] = 0U; + rand_stack.fst[629U] = 0U; + rand_stack.fst[630U] = 0U; + rand_stack.fst[631U] = 0U; + rand_stack.fst[632U] = 0U; + rand_stack.fst[633U] = 0U; + rand_stack.fst[634U] = 0U; + rand_stack.fst[635U] = 0U; + rand_stack.fst[636U] = 0U; + rand_stack.fst[637U] = 0U; + rand_stack.fst[638U] = 0U; + rand_stack.fst[639U] = 0U; + rand_stack.fst[640U] = 0U; + rand_stack.fst[641U] = 0U; + rand_stack.fst[642U] = 0U; + rand_stack.fst[643U] = 0U; + rand_stack.fst[644U] = 0U; + rand_stack.fst[645U] = 0U; + rand_stack.fst[646U] = 0U; + rand_stack.fst[647U] = 0U; + rand_stack.fst[648U] = 0U; + rand_stack.fst[649U] = 0U; + rand_stack.fst[650U] = 0U; + rand_stack.fst[651U] = 0U; + rand_stack.fst[652U] = 0U; + rand_stack.fst[653U] = 0U; + rand_stack.fst[654U] = 0U; + rand_stack.fst[655U] = 0U; + rand_stack.fst[656U] = 0U; + rand_stack.fst[657U] = 0U; + rand_stack.fst[658U] = 0U; + rand_stack.fst[659U] = 0U; + rand_stack.fst[660U] = 0U; + rand_stack.fst[661U] = 0U; + rand_stack.fst[662U] = 0U; + rand_stack.fst[663U] = 0U; + rand_stack.fst[664U] = 0U; + rand_stack.fst[665U] = 0U; + rand_stack.fst[666U] = 0U; + rand_stack.fst[667U] = 0U; + rand_stack.fst[668U] = 0U; + rand_stack.fst[669U] = 0U; + rand_stack.fst[670U] = 0U; + rand_stack.fst[671U] = 0U; + rand_stack.fst[672U] = 0U; + rand_stack.fst[673U] = 0U; + rand_stack.fst[674U] = 0U; + rand_stack.fst[675U] = 0U; + rand_stack.fst[676U] = 0U; + rand_stack.fst[677U] = 0U; + rand_stack.fst[678U] = 0U; + rand_stack.fst[679U] = 0U; + rand_stack.fst[680U] = 0U; + rand_stack.fst[681U] = 0U; + rand_stack.fst[682U] = 0U; + rand_stack.fst[683U] = 0U; + rand_stack.fst[684U] = 0U; + rand_stack.fst[685U] = 0U; + rand_stack.fst[686U] = 0U; + rand_stack.fst[687U] = 0U; + rand_stack.fst[688U] = 0U; + rand_stack.fst[689U] = 0U; + rand_stack.fst[690U] = 0U; + rand_stack.fst[691U] = 0U; + rand_stack.fst[692U] = 0U; + rand_stack.fst[693U] = 0U; + rand_stack.fst[694U] = 0U; + rand_stack.fst[695U] = 0U; + rand_stack.fst[696U] = 0U; + rand_stack.fst[697U] = 0U; + rand_stack.fst[698U] = 0U; + rand_stack.fst[699U] = 0U; + rand_stack.fst[700U] = 0U; + rand_stack.fst[701U] = 0U; + rand_stack.fst[702U] = 0U; + rand_stack.fst[703U] = 0U; + rand_stack.fst[704U] = 0U; + rand_stack.fst[705U] = 0U; + rand_stack.fst[706U] = 0U; + rand_stack.fst[707U] = 0U; + rand_stack.fst[708U] = 0U; + rand_stack.fst[709U] = 0U; + rand_stack.fst[710U] = 0U; + rand_stack.fst[711U] = 0U; + rand_stack.fst[712U] = 0U; + rand_stack.fst[713U] = 0U; + rand_stack.fst[714U] = 0U; + rand_stack.fst[715U] = 0U; + rand_stack.fst[716U] = 0U; + rand_stack.fst[717U] = 0U; + rand_stack.fst[718U] = 0U; + rand_stack.fst[719U] = 0U; + rand_stack.fst[720U] = 0U; + rand_stack.fst[721U] = 0U; + rand_stack.fst[722U] = 0U; + rand_stack.fst[723U] = 0U; + rand_stack.fst[724U] = 0U; + rand_stack.fst[725U] = 0U; + rand_stack.fst[726U] = 0U; + rand_stack.fst[727U] = 0U; + rand_stack.fst[728U] = 0U; + rand_stack.fst[729U] = 0U; + rand_stack.fst[730U] = 0U; + rand_stack.fst[731U] = 0U; + rand_stack.fst[732U] = 0U; + rand_stack.fst[733U] = 0U; + rand_stack.fst[734U] = 0U; + rand_stack.fst[735U] = 0U; + rand_stack.fst[736U] = 0U; + rand_stack.fst[737U] = 0U; + rand_stack.fst[738U] = 0U; + rand_stack.fst[739U] = 0U; + rand_stack.fst[740U] = 0U; + rand_stack.fst[741U] = 0U; + rand_stack.fst[742U] = 0U; + rand_stack.fst[743U] = 0U; + rand_stack.fst[744U] = 0U; + rand_stack.fst[745U] = 0U; + rand_stack.fst[746U] = 0U; + rand_stack.fst[747U] = 0U; + rand_stack.fst[748U] = 0U; + rand_stack.fst[749U] = 0U; + rand_stack.fst[750U] = 0U; + rand_stack.fst[751U] = 0U; + rand_stack.fst[752U] = 0U; + rand_stack.fst[753U] = 0U; + rand_stack.fst[754U] = 0U; + rand_stack.fst[755U] = 0U; + rand_stack.fst[756U] = 0U; + rand_stack.fst[757U] = 0U; + rand_stack.fst[758U] = 0U; + rand_stack.fst[759U] = 0U; + rand_stack.fst[760U] = 0U; + rand_stack.fst[761U] = 0U; + rand_stack.fst[762U] = 0U; + rand_stack.fst[763U] = 0U; + rand_stack.fst[764U] = 0U; + rand_stack.fst[765U] = 0U; + rand_stack.fst[766U] = 0U; + rand_stack.fst[767U] = 0U; + rand_stack.fst[768U] = 0U; + rand_stack.fst[769U] = 0U; + rand_stack.fst[770U] = 0U; + rand_stack.fst[771U] = 0U; + rand_stack.fst[772U] = 0U; + rand_stack.fst[773U] = 0U; + rand_stack.fst[774U] = 0U; + rand_stack.fst[775U] = 0U; + rand_stack.fst[776U] = 0U; + rand_stack.fst[777U] = 0U; + rand_stack.fst[778U] = 0U; + rand_stack.fst[779U] = 0U; + rand_stack.fst[780U] = 0U; + rand_stack.fst[781U] = 0U; + rand_stack.fst[782U] = 0U; + rand_stack.fst[783U] = 0U; + rand_stack.fst[784U] = 0U; + rand_stack.fst[785U] = 0U; + rand_stack.fst[786U] = 0U; + rand_stack.fst[787U] = 0U; + rand_stack.fst[788U] = 0U; + rand_stack.fst[789U] = 0U; + rand_stack.fst[790U] = 0U; + rand_stack.fst[791U] = 0U; + rand_stack.fst[792U] = 0U; + rand_stack.fst[793U] = 0U; + rand_stack.fst[794U] = 0U; + rand_stack.fst[795U] = 0U; + rand_stack.fst[796U] = 0U; + rand_stack.fst[797U] = 0U; + rand_stack.fst[798U] = 0U; + rand_stack.fst[799U] = 0U; + rand_stack.fst[800U] = 0U; + rand_stack.fst[801U] = 0U; + rand_stack.fst[802U] = 0U; + rand_stack.fst[803U] = 0U; + rand_stack.fst[804U] = 0U; + rand_stack.fst[805U] = 0U; + rand_stack.fst[806U] = 0U; + rand_stack.fst[807U] = 0U; + rand_stack.fst[808U] = 0U; + rand_stack.fst[809U] = 0U; + rand_stack.fst[810U] = 0U; + rand_stack.fst[811U] = 0U; + rand_stack.fst[812U] = 0U; + rand_stack.fst[813U] = 0U; + rand_stack.fst[814U] = 0U; + rand_stack.fst[815U] = 0U; + rand_stack.fst[816U] = 0U; + rand_stack.fst[817U] = 0U; + rand_stack.fst[818U] = 0U; + rand_stack.fst[819U] = 0U; + rand_stack.fst[820U] = 0U; + rand_stack.fst[821U] = 0U; + rand_stack.fst[822U] = 0U; + rand_stack.fst[823U] = 0U; + rand_stack.fst[824U] = 0U; + rand_stack.fst[825U] = 0U; + rand_stack.fst[826U] = 0U; + rand_stack.fst[827U] = 0U; + rand_stack.fst[828U] = 0U; + rand_stack.fst[829U] = 0U; + rand_stack.fst[830U] = 0U; + rand_stack.fst[831U] = 0U; + rand_stack.fst[832U] = 0U; + rand_stack.fst[833U] = 0U; + rand_stack.fst[834U] = 0U; + rand_stack.fst[835U] = 0U; + rand_stack.fst[836U] = 0U; + rand_stack.fst[837U] = 0U; + rand_stack.fst[838U] = 0U; + rand_stack.fst[839U] = 0U; + memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t)); + memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t)); + rand_stack.f3[0U] = 0U; + rand_stack.f3[1U] = 0U; + rand_stack.f3[2U] = 0U; + rand_stack.f3[3U] = 0U; + rand_stack.f3[4U] = 0U; + rand_stack.f3[5U] = 0U; + rand_stack.f3[6U] = 0U; + rand_stack.f3[7U] = 0U; + rand_stack.f3[8U] = 0U; + rand_stack.f3[9U] = 0U; + rand_stack.f3[10U] = 0U; + rand_stack.f3[11U] = 0U; + rand_stack.f3[12U] = 0U; + rand_stack.f3[13U] = 0U; + rand_stack.f3[14U] = 0U; + rand_stack.f3[15U] = 0U; + rand_stack.f3[16U] = 0U; + rand_stack.f3[17U] = 0U; + rand_stack.f3[18U] = 0U; + rand_stack.f3[19U] = 0U; + rand_stack.f3[20U] = 0U; + rand_stack.f3[21U] = 0U; + rand_stack.f3[22U] = 0U; + rand_stack.f3[23U] = 0U; + rand_stack.f3[24U] = 0U; + rand_stack.f3[25U] = 0U; + rand_stack.f3[26U] = 0U; + rand_stack.f3[27U] = 0U; + rand_stack.f3[28U] = 0U; + rand_stack.f3[29U] = 0U; + rand_stack.f3[30U] = 0U; + rand_stack.f3[31U] = 0U; + rand_stack.f3[32U] = 0U; + rand_stack.f3[33U] = 0U; + rand_stack.f3[34U] = 0U; + rand_stack.f3[35U] = 0U; + rand_stack.f3[36U] = 0U; + rand_stack.f3[37U] = 0U; + rand_stack.f3[38U] = 0U; + rand_stack.f3[39U] = 0U; + rand_stack.f3[40U] = 0U; + rand_stack.f3[41U] = 0U; + rand_stack.f3[42U] = 0U; + rand_stack.f3[43U] = 0U; + rand_stack.f3[44U] = 0U; + rand_stack.f3[45U] = 0U; + rand_stack.f3[46U] = 0U; + rand_stack.f3[47U] = 0U; + rand_stack.f3[48U] = 0U; + rand_stack.f3[49U] = 0U; + rand_stack.f3[50U] = 0U; + rand_stack.f3[51U] = 0U; + rand_stack.f3[52U] = 0U; + rand_stack.f3[53U] = 0U; + rand_stack.f3[54U] = 0U; + rand_stack.f3[55U] = 0U; + rand_stack.f3[56U] = 0U; + rand_stack.f3[57U] = 0U; + rand_stack.f3[58U] = 0U; + rand_stack.f3[59U] = 0U; + rand_stack.f3[60U] = 0U; + rand_stack.f3[61U] = 0U; + rand_stack.f3[62U] = 0U; + rand_stack.f3[63U] = 0U; + rand_stack.f3[64U] = 0U; + rand_stack.f3[65U] = 0U; + rand_stack.f3[66U] = 0U; + rand_stack.f3[67U] = 0U; + rand_stack.f3[68U] = 0U; + rand_stack.f3[69U] = 0U; + rand_stack.f3[70U] = 0U; + rand_stack.f3[71U] = 0U; + rand_stack.f3[72U] = 0U; + rand_stack.f3[73U] = 0U; + rand_stack.f3[74U] = 0U; + rand_stack.f3[75U] = 0U; + rand_stack.f3[76U] = 0U; + rand_stack.f3[77U] = 0U; + rand_stack.f3[78U] = 0U; + rand_stack.f3[79U] = 0U; + rand_stack.f3[80U] = 0U; + rand_stack.f3[81U] = 0U; + rand_stack.f3[82U] = 0U; + rand_stack.f3[83U] = 0U; + rand_stack.f3[84U] = 0U; + rand_stack.f3[85U] = 0U; + rand_stack.f3[86U] = 0U; + rand_stack.f3[87U] = 0U; + rand_stack.f3[88U] = 0U; + rand_stack.f3[89U] = 0U; + rand_stack.f3[90U] = 0U; + rand_stack.f3[91U] = 0U; + rand_stack.f3[92U] = 0U; + rand_stack.f3[93U] = 0U; + rand_stack.f3[94U] = 0U; + rand_stack.f3[95U] = 0U; + rand_stack.f3[96U] = 0U; + rand_stack.f3[97U] = 0U; + rand_stack.f3[98U] = 0U; + rand_stack.f3[99U] = 0U; + rand_stack.f3[100U] = 0U; + rand_stack.f3[101U] = 0U; + rand_stack.f3[102U] = 0U; + rand_stack.f3[103U] = 0U; + rand_stack.f3[104U] = 0U; + rand_stack.f3[105U] = 0U; + rand_stack.f3[106U] = 0U; + rand_stack.f3[107U] = 0U; + rand_stack.f3[108U] = 0U; + rand_stack.f3[109U] = 0U; + rand_stack.f3[110U] = 0U; + rand_stack.f3[111U] = 0U; + rand_stack.f3[112U] = 0U; + rand_stack.f3[113U] = 0U; + rand_stack.f3[114U] = 0U; + rand_stack.f3[115U] = 0U; + rand_stack.f3[116U] = 0U; + rand_stack.f3[117U] = 0U; + rand_stack.f3[118U] = 0U; + rand_stack.f3[119U] = 0U; + rand_stack.f3[120U] = 0U; + rand_stack.f3[121U] = 0U; + rand_stack.f3[122U] = 0U; + rand_stack.f3[123U] = 0U; + rand_stack.f3[124U] = 0U; + rand_stack.f3[125U] = 0U; + rand_stack.f3[126U] = 0U; + rand_stack.f3[127U] = 0U; + rand_stack.f3[128U] = 0U; + rand_stack.f3[129U] = 0U; + rand_stack.f3[130U] = 0U; + rand_stack.f3[131U] = 0U; + rand_stack.f3[132U] = 0U; + rand_stack.f3[133U] = 0U; + rand_stack.f3[134U] = 0U; + rand_stack.f3[135U] = 0U; + rand_stack.f3[136U] = 0U; + rand_stack.f3[137U] = 0U; + rand_stack.f3[138U] = 0U; + rand_stack.f3[139U] = 0U; + rand_stack.f3[140U] = 0U; + rand_stack.f3[141U] = 0U; + rand_stack.f3[142U] = 0U; + rand_stack.f3[143U] = 0U; + rand_stack.f3[144U] = 0U; + rand_stack.f3[145U] = 0U; + rand_stack.f3[146U] = 0U; + rand_stack.f3[147U] = 0U; + rand_stack.f3[148U] = 0U; + rand_stack.f3[149U] = 0U; + rand_stack.f3[150U] = 0U; + rand_stack.f3[151U] = 0U; + rand_stack.f3[152U] = 0U; + rand_stack.f3[153U] = 0U; + rand_stack.f3[154U] = 0U; + rand_stack.f3[155U] = 0U; + rand_stack.f3[156U] = 0U; + rand_stack.f3[157U] = 0U; + rand_stack.f3[158U] = 0U; + rand_stack.f3[159U] = 0U; + rand_stack.f3[160U] = 0U; + rand_stack.f3[161U] = 0U; + rand_stack.f3[162U] = 0U; + rand_stack.f3[163U] = 0U; + rand_stack.f3[164U] = 0U; + rand_stack.f3[165U] = 0U; + rand_stack.f3[166U] = 0U; + rand_stack.f3[167U] = 0U; + rand_stack.f3[168U] = 0U; + rand_stack.f3[169U] = 0U; + rand_stack.f3[170U] = 0U; + rand_stack.f3[171U] = 0U; + rand_stack.f3[172U] = 0U; + rand_stack.f3[173U] = 0U; + rand_stack.f3[174U] = 0U; + rand_stack.f3[175U] = 0U; + rand_stack.f3[176U] = 0U; + rand_stack.f3[177U] = 0U; + rand_stack.f3[178U] = 0U; + rand_stack.f3[179U] = 0U; + rand_stack.f3[180U] = 0U; + rand_stack.f3[181U] = 0U; + rand_stack.f3[182U] = 0U; + rand_stack.f3[183U] = 0U; + rand_stack.f3[184U] = 0U; + rand_stack.f3[185U] = 0U; + rand_stack.f3[186U] = 0U; + rand_stack.f3[187U] = 0U; + rand_stack.f3[188U] = 0U; + rand_stack.f3[189U] = 0U; + rand_stack.f3[190U] = 0U; + rand_stack.f3[191U] = 0U; + rand_stack.f3[192U] = 0U; + rand_stack.f3[193U] = 0U; + rand_stack.f3[194U] = 0U; + rand_stack.f3[195U] = 0U; + rand_stack.f3[196U] = 0U; + rand_stack.f3[197U] = 0U; + rand_stack.f3[198U] = 0U; + rand_stack.f3[199U] = 0U; + rand_stack.f3[200U] = 0U; + rand_stack.f3[201U] = 0U; + rand_stack.f3[202U] = 0U; + rand_stack.f3[203U] = 0U; + rand_stack.f3[204U] = 0U; + rand_stack.f3[205U] = 0U; + rand_stack.f3[206U] = 0U; + rand_stack.f3[207U] = 0U; + rand_stack.f3[208U] = 0U; + rand_stack.f3[209U] = 0U; + rand_stack.f3[210U] = 0U; + rand_stack.f3[211U] = 0U; + rand_stack.f3[212U] = 0U; + rand_stack.f3[213U] = 0U; + rand_stack.f3[214U] = 0U; + rand_stack.f3[215U] = 0U; + rand_stack.f3[216U] = 0U; + rand_stack.f3[217U] = 0U; + rand_stack.f3[218U] = 0U; + rand_stack.f3[219U] = 0U; + rand_stack.f3[220U] = 0U; + rand_stack.f3[221U] = 0U; + rand_stack.f3[222U] = 0U; + rand_stack.f3[223U] = 0U; + rand_stack.f3[224U] = 0U; + rand_stack.f3[225U] = 0U; + rand_stack.f3[226U] = 0U; + rand_stack.f3[227U] = 0U; + rand_stack.f3[228U] = 0U; + rand_stack.f3[229U] = 0U; + rand_stack.f3[230U] = 0U; + rand_stack.f3[231U] = 0U; + rand_stack.f3[232U] = 0U; + rand_stack.f3[233U] = 0U; + rand_stack.f3[234U] = 0U; + rand_stack.f3[235U] = 0U; + rand_stack.f3[236U] = 0U; + rand_stack.f3[237U] = 0U; + rand_stack.f3[238U] = 0U; + rand_stack.f3[239U] = 0U; + rand_stack.f3[240U] = 0U; + rand_stack.f3[241U] = 0U; + rand_stack.f3[242U] = 0U; + rand_stack.f3[243U] = 0U; + rand_stack.f3[244U] = 0U; + rand_stack.f3[245U] = 0U; + rand_stack.f3[246U] = 0U; + rand_stack.f3[247U] = 0U; + rand_stack.f3[248U] = 0U; + rand_stack.f3[249U] = 0U; + rand_stack.f3[250U] = 0U; + rand_stack.f3[251U] = 0U; + rand_stack.f3[252U] = 0U; + rand_stack.f3[253U] = 0U; + rand_stack.f3[254U] = 0U; + rand_stack.f3[255U] = 0U; + rand_stack.f3[256U] = 0U; + rand_stack.f3[257U] = 0U; + rand_stack.f3[258U] = 0U; + rand_stack.f3[259U] = 0U; + rand_stack.f3[260U] = 0U; + rand_stack.f3[261U] = 0U; + rand_stack.f3[262U] = 0U; + rand_stack.f3[263U] = 0U; + rand_stack.f3[264U] = 0U; + rand_stack.f3[265U] = 0U; + rand_stack.f3[266U] = 0U; + rand_stack.f3[267U] = 0U; + rand_stack.f3[268U] = 0U; + rand_stack.f3[269U] = 0U; + rand_stack.f3[270U] = 0U; + rand_stack.f3[271U] = 0U; + rand_stack.f3[272U] = 0U; + rand_stack.f3[273U] = 0U; + rand_stack.f3[274U] = 0U; + rand_stack.f3[275U] = 0U; + rand_stack.f3[276U] = 0U; + rand_stack.f3[277U] = 0U; + rand_stack.f3[278U] = 0U; + rand_stack.f3[279U] = 0U; + rand_stack.f3[280U] = 0U; + rand_stack.f3[281U] = 0U; + rand_stack.f3[282U] = 0U; + rand_stack.f3[283U] = 0U; + rand_stack.f3[284U] = 0U; + rand_stack.f3[285U] = 0U; + rand_stack.f3[286U] = 0U; + rand_stack.f3[287U] = 0U; + rand_stack.f3[288U] = 0U; + rand_stack.f3[289U] = 0U; + rand_stack.f3[290U] = 0U; + rand_stack.f3[291U] = 0U; + rand_stack.f3[292U] = 0U; + rand_stack.f3[293U] = 0U; + rand_stack.f3[294U] = 0U; + rand_stack.f3[295U] = 0U; + rand_stack.f3[296U] = 0U; + rand_stack.f3[297U] = 0U; + rand_stack.f3[298U] = 0U; + rand_stack.f3[299U] = 0U; + rand_stack.f3[300U] = 0U; + rand_stack.f3[301U] = 0U; + rand_stack.f3[302U] = 0U; + rand_stack.f3[303U] = 0U; + rand_stack.f3[304U] = 0U; + rand_stack.f3[305U] = 0U; + rand_stack.f3[306U] = 0U; + rand_stack.f3[307U] = 0U; + rand_stack.f3[308U] = 0U; + rand_stack.f3[309U] = 0U; + rand_stack.f3[310U] = 0U; + rand_stack.f3[311U] = 0U; + rand_stack.f3[312U] = 0U; + rand_stack.f3[313U] = 0U; + rand_stack.f3[314U] = 0U; + rand_stack.f3[315U] = 0U; + rand_stack.f3[316U] = 0U; + rand_stack.f3[317U] = 0U; + rand_stack.f3[318U] = 0U; + rand_stack.f3[319U] = 0U; + rand_stack.f3[320U] = 0U; + rand_stack.f3[321U] = 0U; + rand_stack.f3[322U] = 0U; + rand_stack.f3[323U] = 0U; + rand_stack.f3[324U] = 0U; + rand_stack.f3[325U] = 0U; + rand_stack.f3[326U] = 0U; + rand_stack.f3[327U] = 0U; + rand_stack.f3[328U] = 0U; + rand_stack.f3[329U] = 0U; + rand_stack.f3[330U] = 0U; + rand_stack.f3[331U] = 0U; + rand_stack.f3[332U] = 0U; + rand_stack.f3[333U] = 0U; + rand_stack.f3[334U] = 0U; + rand_stack.f3[335U] = 0U; + rand_stack.f3[336U] = 0U; + rand_stack.f3[337U] = 0U; + rand_stack.f3[338U] = 0U; + rand_stack.f3[339U] = 0U; + rand_stack.f3[340U] = 0U; + rand_stack.f3[341U] = 0U; + rand_stack.f3[342U] = 0U; + rand_stack.f3[343U] = 0U; + rand_stack.f3[344U] = 0U; + rand_stack.f3[345U] = 0U; + rand_stack.f3[346U] = 0U; + rand_stack.f3[347U] = 0U; + rand_stack.f3[348U] = 0U; + rand_stack.f3[349U] = 0U; + rand_stack.f3[350U] = 0U; + rand_stack.f3[351U] = 0U; + rand_stack.f3[352U] = 0U; + rand_stack.f3[353U] = 0U; + rand_stack.f3[354U] = 0U; + rand_stack.f3[355U] = 0U; + rand_stack.f3[356U] = 0U; + rand_stack.f3[357U] = 0U; + rand_stack.f3[358U] = 0U; + rand_stack.f3[359U] = 0U; + rand_stack.f3[360U] = 0U; + rand_stack.f3[361U] = 0U; + rand_stack.f3[362U] = 0U; + rand_stack.f3[363U] = 0U; + rand_stack.f3[364U] = 0U; + rand_stack.f3[365U] = 0U; + rand_stack.f3[366U] = 0U; + rand_stack.f3[367U] = 0U; + rand_stack.f3[368U] = 0U; + rand_stack.f3[369U] = 0U; + rand_stack.f3[370U] = 0U; + rand_stack.f3[371U] = 0U; + rand_stack.f3[372U] = 0U; + rand_stack.f3[373U] = 0U; + rand_stack.f3[374U] = 0U; + rand_stack.f3[375U] = 0U; + rand_stack.f3[376U] = 0U; + rand_stack.f3[377U] = 0U; + rand_stack.f3[378U] = 0U; + rand_stack.f3[379U] = 0U; + rand_stack.f3[380U] = 0U; + rand_stack.f3[381U] = 0U; + rand_stack.f3[382U] = 0U; + rand_stack.f3[383U] = 0U; + rand_stack.f3[384U] = 0U; + rand_stack.f3[385U] = 0U; + rand_stack.f3[386U] = 0U; + rand_stack.f3[387U] = 0U; + rand_stack.f3[388U] = 0U; + rand_stack.f3[389U] = 0U; + rand_stack.f3[390U] = 0U; + rand_stack.f3[391U] = 0U; + rand_stack.f3[392U] = 0U; + rand_stack.f3[393U] = 0U; + rand_stack.f3[394U] = 0U; + rand_stack.f3[395U] = 0U; + rand_stack.f3[396U] = 0U; + rand_stack.f3[397U] = 0U; + rand_stack.f3[398U] = 0U; + rand_stack.f3[399U] = 0U; + rand_stack.f3[400U] = 0U; + rand_stack.f3[401U] = 0U; + rand_stack.f3[402U] = 0U; + rand_stack.f3[403U] = 0U; + rand_stack.f3[404U] = 0U; + rand_stack.f3[405U] = 0U; + rand_stack.f3[406U] = 0U; + rand_stack.f3[407U] = 0U; + rand_stack.f3[408U] = 0U; + rand_stack.f3[409U] = 0U; + rand_stack.f3[410U] = 0U; + rand_stack.f3[411U] = 0U; + rand_stack.f3[412U] = 0U; + rand_stack.f3[413U] = 0U; + rand_stack.f3[414U] = 0U; + rand_stack.f3[415U] = 0U; + rand_stack.f3[416U] = 0U; + rand_stack.f3[417U] = 0U; + rand_stack.f3[418U] = 0U; + rand_stack.f3[419U] = 0U; + rand_stack.f3[420U] = 0U; + rand_stack.f3[421U] = 0U; + rand_stack.f3[422U] = 0U; + rand_stack.f3[423U] = 0U; + rand_stack.f3[424U] = 0U; + rand_stack.f3[425U] = 0U; + rand_stack.f3[426U] = 0U; + rand_stack.f3[427U] = 0U; + rand_stack.f3[428U] = 0U; + rand_stack.f3[429U] = 0U; + rand_stack.f3[430U] = 0U; + rand_stack.f3[431U] = 0U; + rand_stack.f3[432U] = 0U; + rand_stack.f3[433U] = 0U; + rand_stack.f3[434U] = 0U; + rand_stack.f3[435U] = 0U; + rand_stack.f3[436U] = 0U; + rand_stack.f3[437U] = 0U; + rand_stack.f3[438U] = 0U; + rand_stack.f3[439U] = 0U; + rand_stack.f3[440U] = 0U; + rand_stack.f3[441U] = 0U; + rand_stack.f3[442U] = 0U; + rand_stack.f3[443U] = 0U; + rand_stack.f3[444U] = 0U; + rand_stack.f3[445U] = 0U; + rand_stack.f3[446U] = 0U; + rand_stack.f3[447U] = 0U; + rand_stack.f3[448U] = 0U; + rand_stack.f3[449U] = 0U; + rand_stack.f3[450U] = 0U; + rand_stack.f3[451U] = 0U; + rand_stack.f3[452U] = 0U; + rand_stack.f3[453U] = 0U; + rand_stack.f3[454U] = 0U; + rand_stack.f3[455U] = 0U; + rand_stack.f3[456U] = 0U; + rand_stack.f3[457U] = 0U; + rand_stack.f3[458U] = 0U; + rand_stack.f3[459U] = 0U; + rand_stack.f3[460U] = 0U; + rand_stack.f3[461U] = 0U; + rand_stack.f3[462U] = 0U; + rand_stack.f3[463U] = 0U; + rand_stack.f3[464U] = 0U; + rand_stack.f3[465U] = 0U; + rand_stack.f3[466U] = 0U; + rand_stack.f3[467U] = 0U; + rand_stack.f3[468U] = 0U; + rand_stack.f3[469U] = 0U; + rand_stack.f3[470U] = 0U; + rand_stack.f3[471U] = 0U; + rand_stack.f3[472U] = 0U; + rand_stack.f3[473U] = 0U; + rand_stack.f3[474U] = 0U; + rand_stack.f3[475U] = 0U; + rand_stack.f3[476U] = 0U; + rand_stack.f3[477U] = 0U; + rand_stack.f3[478U] = 0U; + rand_stack.f3[479U] = 0U; + rand_stack.f3[480U] = 0U; + rand_stack.f3[481U] = 0U; + rand_stack.f3[482U] = 0U; + rand_stack.f3[483U] = 0U; + rand_stack.f3[484U] = 0U; + rand_stack.f3[485U] = 0U; + rand_stack.f3[486U] = 0U; + rand_stack.f3[487U] = 0U; + rand_stack.f3[488U] = 0U; + rand_stack.f3[489U] = 0U; + rand_stack.f3[490U] = 0U; + rand_stack.f3[491U] = 0U; + rand_stack.f3[492U] = 0U; + rand_stack.f3[493U] = 0U; + rand_stack.f3[494U] = 0U; + rand_stack.f3[495U] = 0U; + rand_stack.f3[496U] = 0U; + rand_stack.f3[497U] = 0U; + rand_stack.f3[498U] = 0U; + rand_stack.f3[499U] = 0U; + rand_stack.f3[500U] = 0U; + rand_stack.f3[501U] = 0U; + rand_stack.f3[502U] = 0U; + rand_stack.f3[503U] = 0U; + rand_stack.f3[504U] = 0U; + rand_stack.f3[505U] = 0U; + rand_stack.f3[506U] = 0U; + rand_stack.f3[507U] = 0U; + rand_stack.f3[508U] = 0U; + rand_stack.f3[509U] = 0U; + rand_stack.f3[510U] = 0U; + rand_stack.f3[511U] = 0U; + rand_stack.f3[512U] = 0U; + rand_stack.f3[513U] = 0U; + rand_stack.f3[514U] = 0U; + rand_stack.f3[515U] = 0U; + rand_stack.f3[516U] = 0U; + rand_stack.f3[517U] = 0U; + rand_stack.f3[518U] = 0U; + rand_stack.f3[519U] = 0U; + rand_stack.f3[520U] = 0U; + rand_stack.f3[521U] = 0U; + rand_stack.f3[522U] = 0U; + rand_stack.f3[523U] = 0U; + rand_stack.f3[524U] = 0U; + rand_stack.f3[525U] = 0U; + rand_stack.f3[526U] = 0U; + rand_stack.f3[527U] = 0U; + rand_stack.f3[528U] = 0U; + rand_stack.f3[529U] = 0U; + rand_stack.f3[530U] = 0U; + rand_stack.f3[531U] = 0U; + rand_stack.f3[532U] = 0U; + rand_stack.f3[533U] = 0U; + rand_stack.f3[534U] = 0U; + rand_stack.f3[535U] = 0U; + rand_stack.f3[536U] = 0U; + rand_stack.f3[537U] = 0U; + rand_stack.f3[538U] = 0U; + rand_stack.f3[539U] = 0U; + rand_stack.f3[540U] = 0U; + rand_stack.f3[541U] = 0U; + rand_stack.f3[542U] = 0U; + rand_stack.f3[543U] = 0U; + rand_stack.f3[544U] = 0U; + rand_stack.f3[545U] = 0U; + rand_stack.f3[546U] = 0U; + rand_stack.f3[547U] = 0U; + rand_stack.f3[548U] = 0U; + rand_stack.f3[549U] = 0U; + rand_stack.f3[550U] = 0U; + rand_stack.f3[551U] = 0U; + rand_stack.f3[552U] = 0U; + rand_stack.f3[553U] = 0U; + rand_stack.f3[554U] = 0U; + rand_stack.f3[555U] = 0U; + rand_stack.f3[556U] = 0U; + rand_stack.f3[557U] = 0U; + rand_stack.f3[558U] = 0U; + rand_stack.f3[559U] = 0U; + rand_stack.f3[560U] = 0U; + rand_stack.f3[561U] = 0U; + rand_stack.f3[562U] = 0U; + rand_stack.f3[563U] = 0U; + rand_stack.f3[564U] = 0U; + rand_stack.f3[565U] = 0U; + rand_stack.f3[566U] = 0U; + rand_stack.f3[567U] = 0U; + rand_stack.f3[568U] = 0U; + rand_stack.f3[569U] = 0U; + rand_stack.f3[570U] = 0U; + rand_stack.f3[571U] = 0U; + rand_stack.f3[572U] = 0U; + rand_stack.f3[573U] = 0U; + rand_stack.f3[574U] = 0U; + rand_stack.f3[575U] = 0U; + rand_stack.f3[576U] = 0U; + rand_stack.f3[577U] = 0U; + rand_stack.f3[578U] = 0U; + rand_stack.f3[579U] = 0U; + rand_stack.f3[580U] = 0U; + rand_stack.f3[581U] = 0U; + rand_stack.f3[582U] = 0U; + rand_stack.f3[583U] = 0U; + rand_stack.f3[584U] = 0U; + rand_stack.f3[585U] = 0U; + rand_stack.f3[586U] = 0U; + rand_stack.f3[587U] = 0U; + rand_stack.f3[588U] = 0U; + rand_stack.f3[589U] = 0U; + rand_stack.f3[590U] = 0U; + rand_stack.f3[591U] = 0U; + rand_stack.f3[592U] = 0U; + rand_stack.f3[593U] = 0U; + rand_stack.f3[594U] = 0U; + rand_stack.f3[595U] = 0U; + rand_stack.f3[596U] = 0U; + rand_stack.f3[597U] = 0U; + rand_stack.f3[598U] = 0U; + rand_stack.f3[599U] = 0U; + rand_stack.f3[600U] = 0U; + rand_stack.f3[601U] = 0U; + rand_stack.f3[602U] = 0U; + rand_stack.f3[603U] = 0U; + rand_stack.f3[604U] = 0U; + rand_stack.f3[605U] = 0U; + rand_stack.f3[606U] = 0U; + rand_stack.f3[607U] = 0U; + rand_stack.f3[608U] = 0U; + rand_stack.f3[609U] = 0U; + rand_stack.f3[610U] = 0U; + rand_stack.f3[611U] = 0U; + rand_stack.f3[612U] = 0U; + rand_stack.f3[613U] = 0U; + rand_stack.f3[614U] = 0U; + rand_stack.f3[615U] = 0U; + rand_stack.f3[616U] = 0U; + rand_stack.f3[617U] = 0U; + rand_stack.f3[618U] = 0U; + rand_stack.f3[619U] = 0U; + rand_stack.f3[620U] = 0U; + rand_stack.f3[621U] = 0U; + rand_stack.f3[622U] = 0U; + rand_stack.f3[623U] = 0U; + rand_stack.f3[624U] = 0U; + rand_stack.f3[625U] = 0U; + rand_stack.f3[626U] = 0U; + rand_stack.f3[627U] = 0U; + rand_stack.f3[628U] = 0U; + rand_stack.f3[629U] = 0U; + rand_stack.f3[630U] = 0U; + rand_stack.f3[631U] = 0U; + rand_stack.f3[632U] = 0U; + rand_stack.f3[633U] = 0U; + rand_stack.f3[634U] = 0U; + rand_stack.f3[635U] = 0U; + rand_stack.f3[636U] = 0U; + rand_stack.f3[637U] = 0U; + rand_stack.f3[638U] = 0U; + rand_stack.f3[639U] = 0U; + rand_stack.f3[640U] = 0U; + rand_stack.f3[641U] = 0U; + rand_stack.f3[642U] = 0U; + rand_stack.f3[643U] = 0U; + rand_stack.f3[644U] = 0U; + rand_stack.f3[645U] = 0U; + rand_stack.f3[646U] = 0U; + rand_stack.f3[647U] = 0U; + rand_stack.f3[648U] = 0U; + rand_stack.f3[649U] = 0U; + rand_stack.f3[650U] = 0U; + rand_stack.f3[651U] = 0U; + rand_stack.f3[652U] = 0U; + rand_stack.f3[653U] = 0U; + rand_stack.f3[654U] = 0U; + rand_stack.f3[655U] = 0U; + rand_stack.f3[656U] = 0U; + rand_stack.f3[657U] = 0U; + rand_stack.f3[658U] = 0U; + rand_stack.f3[659U] = 0U; + rand_stack.f3[660U] = 0U; + rand_stack.f3[661U] = 0U; + rand_stack.f3[662U] = 0U; + rand_stack.f3[663U] = 0U; + rand_stack.f3[664U] = 0U; + rand_stack.f3[665U] = 0U; + rand_stack.f3[666U] = 0U; + rand_stack.f3[667U] = 0U; + rand_stack.f3[668U] = 0U; + rand_stack.f3[669U] = 0U; + rand_stack.f3[670U] = 0U; + rand_stack.f3[671U] = 0U; + rand_stack.f3[672U] = 0U; + rand_stack.f3[673U] = 0U; + rand_stack.f3[674U] = 0U; + rand_stack.f3[675U] = 0U; + rand_stack.f3[676U] = 0U; + rand_stack.f3[677U] = 0U; + rand_stack.f3[678U] = 0U; + rand_stack.f3[679U] = 0U; + rand_stack.f3[680U] = 0U; + rand_stack.f3[681U] = 0U; + rand_stack.f3[682U] = 0U; + rand_stack.f3[683U] = 0U; + rand_stack.f3[684U] = 0U; + rand_stack.f3[685U] = 0U; + rand_stack.f3[686U] = 0U; + rand_stack.f3[687U] = 0U; + rand_stack.f3[688U] = 0U; + rand_stack.f3[689U] = 0U; + rand_stack.f3[690U] = 0U; + rand_stack.f3[691U] = 0U; + rand_stack.f3[692U] = 0U; + rand_stack.f3[693U] = 0U; + rand_stack.f3[694U] = 0U; + rand_stack.f3[695U] = 0U; + rand_stack.f3[696U] = 0U; + rand_stack.f3[697U] = 0U; + rand_stack.f3[698U] = 0U; + rand_stack.f3[699U] = 0U; + rand_stack.f3[700U] = 0U; + rand_stack.f3[701U] = 0U; + rand_stack.f3[702U] = 0U; + rand_stack.f3[703U] = 0U; + rand_stack.f3[704U] = 0U; + rand_stack.f3[705U] = 0U; + rand_stack.f3[706U] = 0U; + rand_stack.f3[707U] = 0U; + rand_stack.f3[708U] = 0U; + rand_stack.f3[709U] = 0U; + rand_stack.f3[710U] = 0U; + rand_stack.f3[711U] = 0U; + rand_stack.f3[712U] = 0U; + rand_stack.f3[713U] = 0U; + rand_stack.f3[714U] = 0U; + rand_stack.f3[715U] = 0U; + rand_stack.f3[716U] = 0U; + rand_stack.f3[717U] = 0U; + rand_stack.f3[718U] = 0U; + rand_stack.f3[719U] = 0U; + rand_stack.f3[720U] = 0U; + rand_stack.f3[721U] = 0U; + rand_stack.f3[722U] = 0U; + rand_stack.f3[723U] = 0U; + rand_stack.f3[724U] = 0U; + rand_stack.f3[725U] = 0U; + rand_stack.f3[726U] = 0U; + rand_stack.f3[727U] = 0U; + rand_stack.f3[728U] = 0U; + rand_stack.f3[729U] = 0U; + rand_stack.f3[730U] = 0U; + rand_stack.f3[731U] = 0U; + rand_stack.f3[732U] = 0U; + rand_stack.f3[733U] = 0U; + rand_stack.f3[734U] = 0U; + rand_stack.f3[735U] = 0U; + rand_stack.f3[736U] = 0U; + rand_stack.f3[737U] = 0U; + rand_stack.f3[738U] = 0U; + rand_stack.f3[739U] = 0U; + rand_stack.f3[740U] = 0U; + rand_stack.f3[741U] = 0U; + rand_stack.f3[742U] = 0U; + rand_stack.f3[743U] = 0U; + rand_stack.f3[744U] = 0U; + rand_stack.f3[745U] = 0U; + rand_stack.f3[746U] = 0U; + rand_stack.f3[747U] = 0U; + rand_stack.f3[748U] = 0U; + rand_stack.f3[749U] = 0U; + rand_stack.f3[750U] = 0U; + rand_stack.f3[751U] = 0U; + rand_stack.f3[752U] = 0U; + rand_stack.f3[753U] = 0U; + rand_stack.f3[754U] = 0U; + rand_stack.f3[755U] = 0U; + rand_stack.f3[756U] = 0U; + rand_stack.f3[757U] = 0U; + rand_stack.f3[758U] = 0U; + rand_stack.f3[759U] = 0U; + rand_stack.f3[760U] = 0U; + rand_stack.f3[761U] = 0U; + rand_stack.f3[762U] = 0U; + rand_stack.f3[763U] = 0U; + rand_stack.f3[764U] = 0U; + rand_stack.f3[765U] = 0U; + rand_stack.f3[766U] = 0U; + rand_stack.f3[767U] = 0U; + rand_stack.f3[768U] = 0U; + rand_stack.f3[769U] = 0U; + rand_stack.f3[770U] = 0U; + rand_stack.f3[771U] = 0U; + rand_stack.f3[772U] = 0U; + rand_stack.f3[773U] = 0U; + rand_stack.f3[774U] = 0U; + rand_stack.f3[775U] = 0U; + rand_stack.f3[776U] = 0U; + rand_stack.f3[777U] = 0U; + rand_stack.f3[778U] = 0U; + rand_stack.f3[779U] = 0U; + rand_stack.f3[780U] = 0U; + rand_stack.f3[781U] = 0U; + rand_stack.f3[782U] = 0U; + rand_stack.f3[783U] = 0U; + rand_stack.f3[784U] = 0U; + rand_stack.f3[785U] = 0U; + rand_stack.f3[786U] = 0U; + rand_stack.f3[787U] = 0U; + rand_stack.f3[788U] = 0U; + rand_stack.f3[789U] = 0U; + rand_stack.f3[790U] = 0U; + rand_stack.f3[791U] = 0U; + rand_stack.f3[792U] = 0U; + rand_stack.f3[793U] = 0U; + rand_stack.f3[794U] = 0U; + rand_stack.f3[795U] = 0U; + rand_stack.f3[796U] = 0U; + rand_stack.f3[797U] = 0U; + rand_stack.f3[798U] = 0U; + rand_stack.f3[799U] = 0U; + rand_stack.f3[800U] = 0U; + rand_stack.f3[801U] = 0U; + rand_stack.f3[802U] = 0U; + rand_stack.f3[803U] = 0U; + rand_stack.f3[804U] = 0U; + rand_stack.f3[805U] = 0U; + rand_stack.f3[806U] = 0U; + rand_stack.f3[807U] = 0U; + rand_stack.f3[808U] = 0U; + rand_stack.f3[809U] = 0U; + rand_stack.f3[810U] = 0U; + rand_stack.f3[811U] = 0U; + rand_stack.f3[812U] = 0U; + rand_stack.f3[813U] = 0U; + rand_stack.f3[814U] = 0U; + rand_stack.f3[815U] = 0U; + rand_stack.f3[816U] = 0U; + rand_stack.f3[817U] = 0U; + rand_stack.f3[818U] = 0U; + rand_stack.f3[819U] = 0U; + rand_stack.f3[820U] = 0U; + rand_stack.f3[821U] = 0U; + rand_stack.f3[822U] = 0U; + rand_stack.f3[823U] = 0U; + rand_stack.f3[824U] = 0U; + rand_stack.f3[825U] = 0U; + rand_stack.f3[826U] = 0U; + rand_stack.f3[827U] = 0U; + rand_stack.f3[828U] = 0U; + rand_stack.f3[829U] = 0U; + rand_stack.f3[830U] = 0U; + rand_stack.f3[831U] = 0U; + rand_stack.f3[832U] = 0U; + rand_stack.f3[833U] = 0U; + rand_stack.f3[834U] = 0U; + rand_stack.f3[835U] = 0U; + rand_stack.f3[836U] = 0U; + rand_stack.f3[837U] = 0U; + rand_stack.f3[838U] = 0U; + rand_stack.f3[839U] = 0U; + int32_t tmp_stack[4U][263U] = {{0U}}; + size_t_x2 buf0[0U] = {}; + libcrux_ml_dsa_sample_SampleArgs_4e memory = libcrux_ml_dsa_sample_new_29_ab( + &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A, + Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2)); + size_t_x2 buf[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2); + uint8_t uu____2[34U]; + memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____2, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})), + &memory); + size_t_x2 buf1[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2); + uint8_t uu____3[34U]; + memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____3, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})), + &memory); + size_t_x2 buf2[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2); + uint8_t uu____4[34U]; + memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____4, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})), + &memory); + size_t_x2 buf3[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2); + uint8_t uu____5[34U]; + memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____5, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})), + &memory); + size_t_x2 buf4[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2); + uint8_t uu____6[34U]; + memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____6, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})), + &memory); + size_t_x2 buf5[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}), + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2); + uint8_t uu____7[34U]; + memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____7, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})), + &memory); + size_t_x2 buf6[4U] = { + (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})}; + memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2); + uint8_t uu____8[34U]; + memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____8, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})), + &memory); + size_t_x2 buf7[2U] = { + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}), + (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})}; + memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2); + uint8_t uu____9[34U]; + memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_sample_sample_four_ring_elements_49( + uu____9, + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})), + libcrux_ml_dsa_samplex4_generate_domain_separator( + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})), + &memory); memcpy(ret, A, (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); } /** -A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics +A monomorphic instance of libcrux_ml_dsa.samplex4.matrix_A_generic +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ -static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f( +static inline void libcrux_ml_dsa_samplex4_matrix_A_generic_49( uint8_t seed[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) { uint8_t_x2 uu____0 = {.fst = (uint8_t)(size_t)6U, .snd = (uint8_t)(size_t)5U}; switch (uu____0.fst) { - case 4U: { - switch (uu____0.snd) { - case 4U: { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_4_by_4_2f(copy_of_seed, ret0); - memcpy( - ret, ret0, - (size_t)6U * - sizeof( - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); - return; - } - default: { - } - } - break; - } case 6U: { switch (uu____0.snd) { case 5U: { @@ -5100,27 +6187,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f( uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_6_by_5_2f(copy_of_seed, ret0); - memcpy( - ret, ret0, - (size_t)6U * - sizeof( - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); - return; - } - default: { - } - } - break; - } - case 8U: { - switch (uu____0.snd) { - case 7U: { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U]; - libcrux_ml_dsa_samplex4_matrix_A_8_by_7_2f(copy_of_seed, ret0); + libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49(copy_of_seed, ret0); memcpy( ret, ret0, (size_t)6U * @@ -5141,6 +6208,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_2f( KRML_HOST_EXIT(255U); } +/** +This function found in impl {(libcrux_ml_dsa::samplex4::X4Sampler for +libcrux_ml_dsa::samplex4::portable::PortableSampler)} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.samplex4.portable.matrix_A_36 +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit +with const generics +- ROWS_IN_A= 6 +- COLUMNS_IN_A= 5 +*/ +static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f( + uint8_t seed[34U], + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret[6U][5U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b ret0[6U][5U]; + libcrux_ml_dsa_samplex4_matrix_A_generic_49(copy_of_seed, ret0); + memcpy(ret, ret0, + (size_t)6U * + sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); +} + /** A monomorphic instance of K. with types libcrux_ml_dsa_polynomial_PolynomialRingElement @@ -5154,6 +6245,14 @@ typedef struct tuple_ce_s { libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd[6U]; } tuple_ce; +typedef struct + libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4_s { + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b fst; + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b snd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b thd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f3; +} libcrux_ml_dsa_polynomial_PolynomialRingElement_libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit_x4; + /** A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_eta_equals_2 with types @@ -5233,6 +6332,37 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73( randomness, sampled, out); } +/** +This function found in impl +{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit +with const generics + +*/ +static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b +libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) { + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result = + libcrux_ml_dsa_polynomial_ZERO_ff_ba(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 = + libcrux_ml_dsa_simd_portable_from_coefficient_array_36( + Eurydice_slice_subslice2( + array, + i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + (i0 + (size_t)1U) * + LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + int32_t)); + result.simd_units[i0] = uu____0; + } + return result; +} + /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, @@ -6075,6 +7205,7 @@ libcrux_ml_dsa_encoding_signing_key_generate_serialized_d2( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.generate_key_pair with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -6087,7 +7218,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics - VERIFICATION_KEY_SIZE= 1952 */ static KRML_MUSTINLINE tuple_a0 -libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(uint8_t randomness[32U]) { +libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_c3(uint8_t randomness[32U]) { uint8_t seed_expanded0[128U] = {0U}; libcrux_sha3_portable_incremental_Shake256Xof shake = libcrux_ml_dsa_hash_functions_portable_init_83(); @@ -6112,7 +7243,7 @@ libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(uint8_t randomness[32U]) { libcrux_ml_dsa_polynomial_PolynomialRingElement_9b a_as_ntt[6U][5U]; uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6(seed_for_a, ret); - libcrux_ml_dsa_samplex4_matrix_A_2f(ret, a_as_ntt); + libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, a_as_ntt); uint8_t ret0[66U]; libcrux_ml_dsa_utils_into_padded_array_20(seed_for_error_vectors, ret0); tuple_ce uu____2 = libcrux_ml_dsa_samplex4_sample_s1_and_s2_fe(ret0); @@ -6209,7 +7340,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_generate_key_pair_52( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_5a(copy_of_randomness); + return libcrux_ml_dsa_ml_dsa_generic_generate_key_pair_c3(copy_of_randomness); } /** @@ -6259,7 +7390,7 @@ with types libcrux_ml_dsa_pre_hash_DomainSeparationContext */ typedef struct Option_84_s { - Option_d8_tags tag; + Option_08_tags tag; libcrux_ml_dsa_pre_hash_DomainSeparationContext f0; } Option_84; @@ -6635,7 +7766,7 @@ libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t] */ typedef struct Option_f3_s { - Option_d8_tags tag; + Option_08_tags tag; libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f0[5U]; } Option_f3; @@ -7775,6 +8906,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_encoding_signature_serialize_92_76( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_internal with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -7794,7 +8926,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics - SIGNING_KEY_SIZE= 4032 - SIGNATURE_SIZE= 3309 */ -static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05( +static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f( uint8_t *signing_key, Eurydice_slice message, Option_84 domain_separation_context, uint8_t randomness[32U]) { tuple_f0 uu____0 = @@ -7821,7 +8953,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05( uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6( Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret); - libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt); + libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, A_as_ntt); uint8_t message_representative[64U] = {0U}; uint8_t uu____1[64U]; memcpy(uu____1, verification_key_hash, (size_t)64U * sizeof(uint8_t)); @@ -8090,6 +9222,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_internal_05( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof, @@ -8109,7 +9242,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256X4 with const generics - SIGNING_KEY_SIZE= 4032 - SIGNATURE_SIZE= 3309 */ -static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05( +static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_3f( uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45( @@ -8125,7 +9258,7 @@ static KRML_MUSTINLINE Result_2e libcrux_ml_dsa_ml_dsa_generic_sign_05( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05( + uu____1 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f( uu____2, uu____3, uu____4, copy_of_randomness); } else { uu____1 = (CLITERAL(Result_2e){ @@ -8166,7 +9299,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_sign_05(uu____0, uu____1, uu____2, + return libcrux_ml_dsa_ml_dsa_generic_sign_3f(uu____0, uu____1, uu____2, copy_of_randomness); } @@ -8180,7 +9313,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_f3( static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign( libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { - uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key); + uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key); Eurydice_slice uu____1 = message; Eurydice_slice uu____2 = context; /* Passing arrays by value in Rust generates a copy in C */ @@ -8236,6 +9369,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_pre_hash_hash_bd_54( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.sign_pre_hashed with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, @@ -8259,7 +9393,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics - SIGNATURE_SIZE= 3309 */ static KRML_MUSTINLINE Result_2e -libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key, +libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_da(uint8_t *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { @@ -8290,7 +9424,7 @@ libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d(uint8_t *signing_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_05( + uu____0 = libcrux_ml_dsa_ml_dsa_generic_sign_internal_3f( uu____3, uu____4, uu____5, copy_of_randomness); } else { uu____0 = (CLITERAL(Result_2e){ @@ -8333,7 +9467,7 @@ libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_sign_pre_hashed_shake128_f /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_0d( + return libcrux_ml_dsa_ml_dsa_generic_sign_pre_hashed_da( uu____0, uu____1, uu____2, copy_of_randomness); } @@ -8348,7 +9482,7 @@ static inline Result_2e libcrux_ml_dsa_ml_dsa_65_portable_sign_pre_hashed_shake128( libcrux_ml_dsa_types_MLDSASigningKey_22 *signing_key, Eurydice_slice message, Eurydice_slice context, uint8_t randomness[32U]) { - uint8_t *uu____0 = libcrux_ml_dsa_types_as_raw_9b_09(signing_key); + uint8_t *uu____0 = libcrux_ml_dsa_types_as_ref_9b_09(signing_key); Eurydice_slice uu____1 = message; Eurydice_slice uu____2 = context; /* Passing arrays by value in Rust generates a copy in C */ @@ -8963,6 +10097,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_arithmetic_use_hint_2f( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_internal with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics @@ -8981,7 +10116,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics - MAX_ONES_IN_HINT= 55 */ static KRML_MUSTINLINE Result_41 -libcrux_ml_dsa_ml_dsa_generic_verify_internal_99( +libcrux_ml_dsa_ml_dsa_generic_verify_internal_51( uint8_t *verification_key_serialized, Eurydice_slice message, Option_84 domain_separation_context, uint8_t *signature_serialized) { tuple_93 uu____0 = libcrux_ml_dsa_encoding_verification_key_deserialize_2f( @@ -9012,7 +10147,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_99( uint8_t ret[34U]; libcrux_ml_dsa_utils_into_padded_array_b6( Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), ret); - libcrux_ml_dsa_samplex4_matrix_A_2f(ret, A_as_ntt); + libcrux_ml_dsa_samplex4_portable_matrix_A_36_2f(ret, A_as_ntt); uint8_t verification_key_hash[64U] = {0U}; libcrux_ml_dsa_hash_functions_portable_shake256_5c_24( Eurydice_array_to_slice((size_t)1952U, verification_key_serialized, @@ -9094,6 +10229,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_internal_99( /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics @@ -9111,7 +10247,7 @@ libcrux_ml_dsa_hash_functions_portable_Shake256Xof with const generics - ONES_IN_VERIFIER_CHALLENGE= 49 - MAX_ONES_IN_HINT= 55 */ -static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99( +static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_51( uint8_t *verification_key_serialized, Eurydice_slice message, Eurydice_slice context, uint8_t *signature_serialized) { Result_a8 uu____0 = libcrux_ml_dsa_pre_hash_new_45( @@ -9121,7 +10257,7 @@ static KRML_MUSTINLINE Result_41 libcrux_ml_dsa_ml_dsa_generic_verify_99( libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____0.val.case_Ok; libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context = dsc; - uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99( + uu____1 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_51( verification_key_serialized, message, (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}), signature_serialized); @@ -9157,7 +10293,7 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01( uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context, uint8_t *signature) { - return libcrux_ml_dsa_ml_dsa_generic_verify_99(verification_key, message, + return libcrux_ml_dsa_ml_dsa_generic_verify_51(verification_key, message, context, signature); } @@ -9173,13 +10309,14 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_65_portable_verify( Eurydice_slice message, Eurydice_slice context, libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) { return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_01( - libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context, - libcrux_ml_dsa_types_as_raw_8f_fa(signature)); + libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context, + libcrux_ml_dsa_types_as_ref_8f_fa(signature)); } /** A monomorphic instance of libcrux_ml_dsa.ml_dsa_generic.verify_pre_hashed with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, +libcrux_ml_dsa_samplex4_portable_PortableSampler, libcrux_ml_dsa_hash_functions_portable_Shake128, libcrux_ml_dsa_hash_functions_portable_Shake128X4, libcrux_ml_dsa_hash_functions_portable_Shake256, @@ -9201,7 +10338,7 @@ libcrux_ml_dsa_pre_hash_SHAKE128_PH with const generics - MAX_ONES_IN_HINT= 55 */ static KRML_MUSTINLINE Result_41 -libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae( +libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_3b( uint8_t *verification_key_serialized, Eurydice_slice message, Eurydice_slice context, uint8_t *signature_serialized) { uint8_t pre_hashed_message[256U]; @@ -9218,7 +10355,7 @@ libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae( libcrux_ml_dsa_pre_hash_DomainSeparationContext dsc = uu____1.val.case_Ok; libcrux_ml_dsa_pre_hash_DomainSeparationContext domain_separation_context = dsc; - uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_99( + uu____2 = libcrux_ml_dsa_ml_dsa_generic_verify_internal_51( verification_key_serialized, Eurydice_array_to_slice((size_t)256U, pre_hashed_message, uint8_t), (CLITERAL(Option_84){.tag = Some, .f0 = domain_separation_context}), @@ -9256,7 +10393,7 @@ static inline Result_41 libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01( uint8_t *verification_key, Eurydice_slice message, Eurydice_slice context, uint8_t *signature) { - return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_ae( + return libcrux_ml_dsa_ml_dsa_generic_verify_pre_hashed_3b( verification_key, message, context, signature); } @@ -9273,8 +10410,8 @@ libcrux_ml_dsa_ml_dsa_65_portable_verify_pre_hashed_shake128( Eurydice_slice message, Eurydice_slice context, libcrux_ml_dsa_ml_dsa_65_MLDSA65Signature *signature) { return libcrux_ml_dsa_ml_dsa_generic_instantiations_portable_verify_pre_hashed_shake128_01( - libcrux_ml_dsa_types_as_raw_66_97(verification_key), message, context, - libcrux_ml_dsa_types_as_raw_8f_fa(signature)); + libcrux_ml_dsa_types_as_ref_66_97(verification_key), message, context, + libcrux_ml_dsa_types_as_ref_8f_fa(signature)); } #define LIBCRUX_ML_DSA_PRE_HASH_PRE_HASH_OID_LEN ((size_t)11U) @@ -9318,6 +10455,9 @@ typedef int32_t libcrux_ml_dsa_simd_portable_vector_type_FieldElement; typedef Result_a8 libcrux_ml_dsa_pre_hash_PreHashResult; +typedef struct libcrux_ml_dsa_hash_functions_portable_Shake128_s { +} libcrux_ml_dsa_hash_functions_portable_Shake128; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h index ed58cea67..d0deb87d1 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h index dabbeb171..283cdac39 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 87497297c8d9a6be6127d9daae13a942b5439e74 + * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 */ #ifndef __libcrux_sha3_portable_H From 192edaf802604e2a52d47edca43cf9dc495a4721 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 17 Dec 2024 14:38:19 +0100 Subject: [PATCH 08/25] Avoid iterator --- libcrux-ml-dsa/src/sample.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 95ce8a771..2e68339ea 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -196,9 +196,9 @@ pub(crate) fn sample_four_ring_elements< } } - for (k, (i, j)) in memory.indices.iter().enumerate() { - memory.out[*i][*j] = - PolynomialRingElement::::from_i32_array(&memory.tmp_stack[k]); + for k in 0..memory.indices.len() { + let (i, j) = memory.indices[k]; + memory.out[i][j] = PolynomialRingElement::::from_i32_array(&memory.tmp_stack[k]); } } From 29b8c9729681b7e5ea8e98a6c8c0f2eb830abc98 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Tue, 17 Dec 2024 14:41:35 +0100 Subject: [PATCH 09/25] Update C extraction --- libcrux-ml-dsa/cg/code_gen.txt | 2 +- libcrux-ml-dsa/cg/header.txt | 2 +- libcrux-ml-dsa/cg/libcrux_core.h | 12 +- libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h | 344 ++++++++++++++++-- libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 350 ++++++++++++++++--- libcrux-ml-dsa/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-dsa/cg/libcrux_sha3_portable.h | 2 +- 7 files changed, 625 insertions(+), 89 deletions(-) diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt index 2534e4163..3d7b1d30b 100644 --- a/libcrux-ml-dsa/cg/code_gen.txt +++ b/libcrux-ml-dsa/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 F*: b0961063393215ca65927f017720cb365a193833-dirty -Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 +Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt index 3d06fc7fc..d76b62aa4 100644 --- a/libcrux-ml-dsa/cg/header.txt +++ b/libcrux-ml-dsa/cg/header.txt @@ -8,5 +8,5 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h index fcb82cc0a..b31608d46 100644 --- a/libcrux-ml-dsa/cg/libcrux_core.h +++ b/libcrux-ml-dsa/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ #ifndef __libcrux_core_H @@ -42,7 +42,7 @@ typedef uint8_t Result_a9_tags; #define None 0 #define Some 1 -typedef uint8_t Option_08_tags; +typedef uint8_t Option_d8_tags; /** A monomorphic instance of core.option.Option @@ -50,7 +50,7 @@ with types size_t */ typedef struct Option_08_s { - Option_08_tags tag; + Option_d8_tags tag; size_t f0; } Option_08; @@ -231,7 +231,7 @@ with types int32_t[256size_t][6size_t] */ typedef struct Option_f0_s { - Option_08_tags tag; + Option_d8_tags tag; int32_t f0[6U][256U]; } Option_f0; @@ -241,7 +241,7 @@ with types uint8_t[48size_t] */ typedef struct Option_67_s { - Option_08_tags tag; + Option_d8_tags tag; uint8_t f0[48U]; } Option_67; @@ -499,7 +499,7 @@ with types uint8_t[11size_t] */ typedef struct Option_30_s { - Option_08_tags tag; + Option_d8_tags tag; uint8_t f0[11U]; } Option_30; diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h index df9227c80..673df0bcc 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ #ifndef __libcrux_mldsa65_avx2_H @@ -3333,6 +3333,69 @@ libcrux_ml_dsa_sample_new_29_4f( return lit; } +/** +A monomorphic instance of +libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types +libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) { + bool done = false; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) { + size_t _cloop_i = i; + Eurydice_slice random_bytes = + Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U, + _cloop_i * (size_t)24U + (size_t)24U, uint8_t); + if (!done) { + Eurydice_slice uu____0 = random_bytes; + size_t sampled = + libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus_a2( + uu____0, Eurydice_array_to_subslice_from((size_t)263U, out, + sampled_coefficients[0U], + int32_t, size_t)); + sampled_coefficients[0U] = sampled_coefficients[0U] + sampled; + if (sampled_coefficients[0U] >= + LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + done = true; + } + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24 +libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) { + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result = + libcrux_ml_dsa_polynomial_ZERO_ff_ea(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2( + Eurydice_slice_subslice2( + array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + (i0 + (size_t)1U) * + LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + int32_t)); + } + return result; +} + /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, @@ -3345,13 +3408,247 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, uint16_t domain_seperator2, uint16_t domain_separator3, libcrux_ml_dsa_sample_SampleArgs_c5 *memory) { - KRML_HOST_EPRINTF( - "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "Eurydice error: Failure(\"Error looking trait impl: " - "core::slice::iter::{core::iter::traits::iterator::Iterator for " - "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, " - "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n"); - KRML_HOST_EXIT(255U); + seed0[32U] = (uint8_t)domain_separator0; + seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); + uint8_t seed1[34U]; + memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t)); + seed1[32U] = (uint8_t)domain_separator1; + seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); + uint8_t seed2[34U]; + memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); + seed2[32U] = (uint8_t)domain_seperator2; + seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); + uint8_t seed3[34U]; + memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); + seed3[32U] = (uint8_t)domain_separator3; + seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U); + libcrux_sha3_avx2_x4_incremental_KeccakState state = + libcrux_ml_dsa_hash_functions_simd256_init_absorb_7b( + Eurydice_array_to_slice((size_t)34U, seed0, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed1, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); + libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b( + &state, memory->rand_stack->fst, memory->rand_stack->snd, + memory->rand_stack->thd, memory->rand_stack->f3); + size_t sampled0 = (size_t)0U; + size_t sampled1 = (size_t)0U; + size_t sampled2 = (size_t)0U; + size_t sampled3 = (size_t)0U; + bool done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); + bool done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); + bool done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); + bool done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); + while (true) { + if (done0) { + if (done1) { + if (done2) { + if (done3) { + break; + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b( + &state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b( + &state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(&state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_simd256_squeeze_next_block_7b(&state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) { + size_t k = i0; + size_t uu____0 = k; + size_t i = + Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) + .fst; + size_t j = + Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) + .snd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 = + libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice( + (size_t)263U, + Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U], + int32_t(*)[263U]), + int32_t)); + memory->out[i][j] = uu____1; + } } /** @@ -5388,35 +5685,6 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_4d( randomness, sampled, out); } -/** -This function found in impl -{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_24 -libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 result = - libcrux_ml_dsa_polynomial_ZERO_ff_ea(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.simd_units[i0] = libcrux_ml_dsa_simd_avx2_from_coefficient_array_a2( - Eurydice_slice_subslice2( - array, i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - (i0 + (size_t)1U) * - LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - int32_t)); - } - return result; -} - /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, @@ -6759,7 +7027,7 @@ libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit[5size_t] */ typedef struct Option_a4_s { - Option_08_tags tag; + Option_d8_tags tag; libcrux_ml_dsa_polynomial_PolynomialRingElement_24 f0[5U]; } Option_a4; diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h index b661b4316..e1ee4a6e2 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ #ifndef __libcrux_mldsa65_portable_H @@ -4284,6 +4284,70 @@ libcrux_ml_dsa_sample_new_29_ab( return lit; } +/** +A monomorphic instance of +libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types +libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit with const generics + +*/ +static KRML_MUSTINLINE bool +libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_slice randomness, size_t *sampled_coefficients, int32_t *out) { + bool done = false; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(randomness, uint8_t) / (size_t)24U; i++) { + size_t _cloop_i = i; + Eurydice_slice random_bytes = + Eurydice_slice_subslice2(randomness, _cloop_i * (size_t)24U, + _cloop_i * (size_t)24U + (size_t)24U, uint8_t); + if (!done) { + Eurydice_slice uu____0 = random_bytes; + size_t sampled = + libcrux_ml_dsa_simd_portable_rejection_sample_less_than_field_modulus_36( + uu____0, Eurydice_array_to_subslice_from((size_t)263U, out, + sampled_coefficients[0U], + int32_t, size_t)); + sampled_coefficients[0U] = sampled_coefficients[0U] + sampled; + if (sampled_coefficients[0U] >= + LIBCRUX_ML_DSA_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + done = true; + } + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit +with const generics + +*/ +static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b +libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) { + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result = + libcrux_ml_dsa_polynomial_ZERO_ff_ba(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 = + libcrux_ml_dsa_simd_portable_from_coefficient_array_36( + Eurydice_slice_subslice2( + array, + i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + (i0 + (size_t)1U) * + LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, + int32_t)); + result.simd_units[i0] = uu____0; + } + return result; +} + /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, @@ -4295,13 +4359,248 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, uint16_t domain_seperator2, uint16_t domain_separator3, libcrux_ml_dsa_sample_SampleArgs_4e *memory) { - KRML_HOST_EPRINTF( - "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "Eurydice error: Failure(\"Error looking trait impl: " - "core::slice::iter::{core::iter::traits::iterator::Iterator for " - "core::slice::iter::Iter<\'a, T>[TraitClause@0]}#182<\'_, (usize, " - "usize)>[core::marker::Sized<(usize, usize)>] enumerate\")\n"); - KRML_HOST_EXIT(255U); + seed0[32U] = (uint8_t)domain_separator0; + seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); + uint8_t seed1[34U]; + memcpy(seed1, seed0, (size_t)34U * sizeof(uint8_t)); + seed1[32U] = (uint8_t)domain_separator1; + seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); + uint8_t seed2[34U]; + memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); + seed2[32U] = (uint8_t)domain_seperator2; + seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); + uint8_t seed3[34U]; + memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); + seed3[32U] = (uint8_t)domain_separator3; + seed3[33U] = (uint8_t)((uint32_t)domain_separator3 >> 8U); + libcrux_ml_dsa_hash_functions_portable_Shake128X4 state = + libcrux_ml_dsa_hash_functions_portable_init_absorb_ed( + Eurydice_array_to_slice((size_t)34U, seed0, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed1, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), + Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); + libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed( + &state, memory->rand_stack->fst, memory->rand_stack->snd, + memory->rand_stack->thd, memory->rand_stack->f3); + size_t sampled0 = (size_t)0U; + size_t sampled1 = (size_t)0U; + size_t sampled2 = (size_t)0U; + size_t sampled3 = (size_t)0U; + bool done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); + bool done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); + bool done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); + bool done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); + while (true) { + if (done0) { + if (done1) { + if (done2) { + if (done3) { + break; + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( + &state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( + &state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed( + &state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, + uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } else { + uint8_t_168size_t__x4 randomnesses = + libcrux_ml_dsa_hash_functions_portable_squeeze_next_block_ed(&state); + if (!done0) { + done0 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.fst, + uint8_t), + &sampled0, + Eurydice_slice_index(memory->tmp_stack, (size_t)0U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done1) { + done1 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.snd, + uint8_t), + &sampled1, + Eurydice_slice_index(memory->tmp_stack, (size_t)1U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done2) { + done2 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.thd, + uint8_t), + &sampled2, + Eurydice_slice_index(memory->tmp_stack, (size_t)2U, + int32_t[263U], int32_t(*)[263U])); + } + if (!done3) { + done3 = + libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( + Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), + &sampled3, + Eurydice_slice_index(memory->tmp_stack, (size_t)3U, + int32_t[263U], int32_t(*)[263U])); + } + } + } + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) { + size_t k = i0; + size_t uu____0 = k; + size_t i = + Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) + .fst; + size_t j = + Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) + .snd; + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 = + libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice( + (size_t)263U, + Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U], + int32_t(*)[263U]), + int32_t)); + memory->out[i][j] = uu____1; + } } /** @@ -6332,37 +6631,6 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_eta_73( randomness, sampled, out); } -/** -This function found in impl -{libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.polynomial.from_i32_array_ff -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics - -*/ -static inline libcrux_ml_dsa_polynomial_PolynomialRingElement_9b -libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) { - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b result = - libcrux_ml_dsa_polynomial_ZERO_ff_ba(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_DSA_SIMD_TRAITS_SIMD_UNITS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 = - libcrux_ml_dsa_simd_portable_from_coefficient_array_36( - Eurydice_slice_subslice2( - array, - i0 * LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - (i0 + (size_t)1U) * - LIBCRUX_ML_DSA_SIMD_TRAITS_COEFFICIENTS_IN_SIMD_UNIT, - int32_t)); - result.simd_units[i0] = uu____0; - } - return result; -} - /** A monomorphic instance of libcrux_ml_dsa.sample.sample_four_error_ring_elements with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, @@ -7390,7 +7658,7 @@ with types libcrux_ml_dsa_pre_hash_DomainSeparationContext */ typedef struct Option_84_s { - Option_08_tags tag; + Option_d8_tags tag; libcrux_ml_dsa_pre_hash_DomainSeparationContext f0; } Option_84; @@ -7766,7 +8034,7 @@ libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit[5size_t] */ typedef struct Option_f3_s { - Option_08_tags tag; + Option_d8_tags tag; libcrux_ml_dsa_polynomial_PolynomialRingElement_9b f0[5U]; } Option_f3; diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h index d0deb87d1..1241bcd5b 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h index 283cdac39..3611ecbf2 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 229548656e4eaa1324c514638f9f8d135499a5c1 + * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 */ #ifndef __libcrux_sha3_portable_H From fab0db31d3d09ff4712c2b332f921e89f1653c65 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 08:28:09 +0100 Subject: [PATCH 10/25] Fix Neon sampling --- libcrux-ml-dsa/src/samplex4.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 760041885..743108c5c 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -184,7 +184,7 @@ pub(crate) mod neon { ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { matrix_A_generic::< SIMDUnit, - crate::hash_functions::neon::Shake128X4, + crate::hash_functions::neon::Shake128x4, ROWS_IN_A, COLUMNS_IN_A, >(seed) From 656df9f4c0864927154be6f37811630b7fc6a508 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 11:25:42 +0100 Subject: [PATCH 11/25] Breaking up `SampleArgs` for hax --- libcrux-ml-dsa/src/sample.rs | 170 ++++++++---------- libcrux-ml-dsa/src/samplex4.rs | 309 ++++++++++++++++++++++++++++----- 2 files changed, 337 insertions(+), 142 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 2e68339ea..116dabc0a 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -34,63 +34,16 @@ fn rejection_sample_less_than_field_modulus( done } -/// A buffering data structure for sampling into a matrix. -/// -/// After rejection sampling the ring element at `tmp_stack[i]` will -/// be written to the indices at `indices[i]` in `out`. -pub(super) struct SampleArgs< - 'a, - SIMDUnit: Operations, - const STACK_SIZE: usize, - const ROWS_IN_A: usize, - const COLUMNS_IN_A: usize, -> { - /// Buffer for holding an initial supply of rejection sampling - /// randomness, e.g. five blocks of XoF output. - pub(super) rand_stack: &'a mut ( - [u8; STACK_SIZE], - [u8; STACK_SIZE], - [u8; STACK_SIZE], - [u8; STACK_SIZE], - ), - /// Buffers for holding coefficients of field elements as they are sampled. - pub(super) tmp_stack: &'a mut [[i32; 263]], - /// Matrix into which field elements are written from - /// `tmp_stack`, after successful rejection sampling. - pub(super) out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], - /// Indices in `out` where ring elements from `tmp_stack` should - /// be written to. - pub(super) indices: &'a [(usize, usize)], -} - -impl< - 'a, - SIMDUnit: Operations, - const STACK_SIZE: usize, - const ROWS_IN_A: usize, - const COLUMNS_IN_A: usize, - > SampleArgs<'a, SIMDUnit, STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A> -{ - pub(super) fn new( - rand_stack: &'a mut ( - [u8; STACK_SIZE], - [u8; STACK_SIZE], - [u8; STACK_SIZE], - [u8; STACK_SIZE], - ), - tmp_stack: &'a mut [[i32; 263]], - out: &'a mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], - indices: &'a [(usize, usize)], - ) -> Self { - Self { - rand_stack, - tmp_stack, - out, - indices, - } - } +#[inline(always)] +fn generate_domain_separator((row, column): (u8, u8)) -> u16 { + (column as u16) | ((row as u16) << 8) } +/// Sample and write out up to four ring elements. +/// +/// If `indices[i]` is provided, a field element with domain separated +/// seed according to the provided index is generated in `tmp_stack`. After successful rejection sampling in `tmp_stack[i]`, the ring element is written to `matrix` at the provided index in `indices[i]`. +/// `rand_stack` is a working buffer that holds initial Shake output. #[inline(always)] pub(crate) fn sample_four_ring_elements< SIMDUnit: Operations, @@ -99,12 +52,26 @@ pub(crate) fn sample_four_ring_elements< const COLUMNS_IN_A: usize, >( mut seed0: [u8; 34], - domain_separator0: u16, - domain_separator1: u16, - domain_seperator2: u16, - domain_separator3: u16, - memory: &mut SampleArgs<'_, SIMDUnit, { shake128::FIVE_BLOCKS_SIZE }, ROWS_IN_A, COLUMNS_IN_A>, + matrix: &mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], + rand_stack: &mut ( + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + [u8; shake128::FIVE_BLOCKS_SIZE], + ), + tmp_stack: &mut [[i32; 263]], + indices: &[(u8, u8)], ) { + debug_assert!(indices.len() <= 4); + + // If less than four indices are provided, the remaining slots are + // filled with dummy values and the results are not written out to + // `matrix`. + let domain_separator0 = generate_domain_separator(*indices.get(0).unwrap_or(&(0, 0))); + let domain_separator1 = generate_domain_separator(*indices.get(1).unwrap_or(&(0, 0))); + let domain_separator2 = generate_domain_separator(*indices.get(2).unwrap_or(&(0, 0))); + let domain_separator3 = generate_domain_separator(*indices.get(3).unwrap_or(&(0, 0))); + // Prepare the seeds seed0[32] = domain_separator0 as u8; seed0[33] = (domain_separator0 >> 8) as u8; @@ -114,8 +81,8 @@ pub(crate) fn sample_four_ring_elements< seed1[33] = (domain_separator1 >> 8) as u8; let mut seed2 = seed0; - seed2[32] = domain_seperator2 as u8; - seed2[33] = (domain_seperator2 >> 8) as u8; + seed2[32] = domain_separator2 as u8; + seed2[33] = (domain_separator2 >> 8) as u8; let mut seed3 = seed0; seed3[32] = domain_separator3 as u8; @@ -124,10 +91,10 @@ pub(crate) fn sample_four_ring_elements< let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3); state.squeeze_first_five_blocks( - &mut memory.rand_stack.0, - &mut memory.rand_stack.1, - &mut memory.rand_stack.2, - &mut memory.rand_stack.3, + &mut rand_stack.0, + &mut rand_stack.1, + &mut rand_stack.2, + &mut rand_stack.3, ); // Every call to |rejection_sample_less_than_field_modulus| @@ -144,24 +111,24 @@ pub(crate) fn sample_four_ring_elements< let mut sampled3 = 0; let mut done0 = rejection_sample_less_than_field_modulus::( - &mut memory.rand_stack.0, + &mut rand_stack.0, &mut sampled0, - &mut memory.tmp_stack[0], + &mut tmp_stack[0], ); let mut done1 = rejection_sample_less_than_field_modulus::( - &mut memory.rand_stack.1, + &mut rand_stack.1, &mut sampled1, - &mut memory.tmp_stack[1], + &mut tmp_stack[1], ); let mut done2 = rejection_sample_less_than_field_modulus::( - &mut memory.rand_stack.2, + &mut rand_stack.2, &mut sampled2, - &mut memory.tmp_stack[2], + &mut tmp_stack[2], ); let mut done3 = rejection_sample_less_than_field_modulus::( - &mut memory.rand_stack.3, + &mut rand_stack.3, &mut sampled3, - &mut memory.tmp_stack[3], + &mut tmp_stack[3], ); while !done0 || !done1 || !done2 || !done3 { @@ -170,35 +137,36 @@ pub(crate) fn sample_four_ring_elements< done0 = rejection_sample_less_than_field_modulus::( &randomnesses.0, &mut sampled0, - &mut memory.tmp_stack[0], + &mut tmp_stack[0], ); } if !done1 { done1 = rejection_sample_less_than_field_modulus::( &randomnesses.1, &mut sampled1, - &mut memory.tmp_stack[1], + &mut tmp_stack[1], ); } if !done2 { done2 = rejection_sample_less_than_field_modulus::( &randomnesses.2, &mut sampled2, - &mut memory.tmp_stack[2], + &mut tmp_stack[2], ); } if !done3 { done3 = rejection_sample_less_than_field_modulus::( &randomnesses.3, &mut sampled3, - &mut memory.tmp_stack[3], + &mut tmp_stack[3], ); } } - for k in 0..memory.indices.len() { - let (i, j) = memory.indices[k]; - memory.out[i][j] = PolynomialRingElement::::from_i32_array(&memory.tmp_stack[k]); + for k in 0..core::cmp::min(indices.len(), 4) { + let (i, j) = indices[k]; + matrix[i as usize][j as usize] = + PolynomialRingElement::::from_i32_array(&tmp_stack[k]); } } @@ -538,8 +506,6 @@ mod tests { simd::{self, traits::Operations}, }; - // This is just a wrapper around sample_four_ring_elements, for testing - // purposes. fn sample_ring_element_uniform( seed: [u8; 34], ) -> PolynomialRingElement { @@ -549,20 +515,36 @@ mod tests { [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], ); + + let dummy_input = [0u8; 34]; + let mut state = Shake128::init_absorb(&seed, &dummy_input, &dummy_input, &dummy_input); + state.squeeze_first_five_blocks( + &mut rand_stack.0, + &mut rand_stack.1, + &mut rand_stack.2, + &mut rand_stack.3, + ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut out = [[PolynomialRingElement::::ZERO(); 4]; 1]; - let indices = [(0, 0), (0, 1), (0, 2), (0, 3)]; - let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut out, &indices); - sample_four_ring_elements::( - seed, - ((seed[33] as u16) << 8) | (seed[32] as u16), - 0, - 0, - 0, - &mut memory, + let mut sampled = 0; + + let mut done = rejection_sample_less_than_field_modulus::( + &mut rand_stack.0, + &mut sampled, + &mut tmp_stack[0], ); - out[0][0] + while !done { + let randomnesses = state.squeeze_next_block(); + if !done { + done = rejection_sample_less_than_field_modulus::( + &randomnesses.0, + &mut sampled, + &mut tmp_stack[0], + ); + } + } + + PolynomialRingElement::::from_i32_array(&tmp_stack[0]) } // This is just a wrapper around sample_four_ring_elements, for testing diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 743108c5c..45b13d994 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,7 +1,7 @@ use crate::{ hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, - sample::{sample_four_error_ring_elements, sample_four_ring_elements, SampleArgs}, + sample::{sample_four_error_ring_elements, sample_four_ring_elements}, simd::traits::Operations, }; @@ -14,26 +14,19 @@ pub(crate) trait X4Sampler { ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; } -#[inline(always)] -fn generate_domain_separator((row, column): (u8, u8)) -> u16 { - (column as u16) | ((row as u16) << 8) -} - type Matrix = [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; /// A call to sample four ring elements from $seed into $memory at indices $a, $b /// $c, $d. macro_rules! sample_four_ring_elements_into { - ($memory:ident, $seed:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { - $memory.indices = &[$a, $b, $c, $d]; + ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { sample_four_ring_elements::( $seed, - generate_domain_separator($a), - generate_domain_separator($b), - generate_domain_separator($c), - generate_domain_separator($d), - &mut $memory, + &mut $matrix, + &mut $rand_stack, + &mut $tmp_stack, + &[$a, $b, $c, $d], ); }; } @@ -59,12 +52,47 @@ pub(crate) fn matrix_A_4_by_4< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); - sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); - sample_four_ring_elements_into!(memory, seed, (1, 0), (1, 1), (1, 2), (1, 3)); - sample_four_ring_elements_into!(memory, seed, (2, 0), (2, 1), (2, 2), (2, 3)); - sample_four_ring_elements_into!(memory, seed, (3, 0), (3, 1), (3, 2), (3, 3)); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (0, 0), + (0, 1), + (0, 2), + (0, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (1, 0), + (1, 1), + (1, 2), + (1, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (2, 0), + (2, 1), + (2, 2), + (2, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (3, 0), + (3, 1), + (3, 2), + (3, 3) + ); A } @@ -89,25 +117,85 @@ pub(crate) fn matrix_A_6_by_5< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); - sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); - sample_four_ring_elements_into!(memory, seed, (0, 4), (1, 0), (1, 1), (1, 2)); - sample_four_ring_elements_into!(memory, seed, (1, 3), (1, 4), (2, 0), (2, 1)); - sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (3, 0)); - sample_four_ring_elements_into!(memory, seed, (3, 1), (3, 2), (3, 3), (3, 4)); - sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3)); - sample_four_ring_elements_into!(memory, seed, (4, 4), (5, 0), (5, 1), (5, 2)); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (0, 0), + (0, 1), + (0, 2), + (0, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (0, 4), + (1, 0), + (1, 1), + (1, 2) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (1, 3), + (1, 4), + (2, 0), + (2, 1) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (2, 2), + (2, 3), + (2, 4), + (3, 0) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (3, 1), + (3, 2), + (3, 3), + (3, 4) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (4, 0), + (4, 1), + (4, 2), + (4, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (4, 4), + (5, 0), + (5, 1), + (5, 2) + ); // The last 2 sampled ring elements are discarded here. - memory.indices = &[(5, 3), (5, 4)]; sample_four_ring_elements::( seed, - generate_domain_separator((5, 3)), - generate_domain_separator((5, 4)), - generate_domain_separator((5, 5)), - generate_domain_separator((5, 6)), - &mut memory, + &mut A, + &mut rand_stack, + &mut tmp_stack, + &[(5, 3), (5, 4)], ); A @@ -133,22 +221,147 @@ pub(crate) fn matrix_A_8_by_7< [0u8; shake128::FIVE_BLOCKS_SIZE], ); let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - let mut memory = SampleArgs::new(&mut rand_stack, &mut tmp_stack, &mut A, &[]); - - sample_four_ring_elements_into!(memory, seed, (0, 0), (0, 1), (0, 2), (0, 3)); - sample_four_ring_elements_into!(memory, seed, (0, 4), (0, 5), (0, 6), (1, 0)); - sample_four_ring_elements_into!(memory, seed, (1, 1), (1, 2), (1, 3), (1, 4)); - sample_four_ring_elements_into!(memory, seed, (1, 5), (1, 6), (2, 0), (2, 1)); - sample_four_ring_elements_into!(memory, seed, (2, 2), (2, 3), (2, 4), (2, 5)); - sample_four_ring_elements_into!(memory, seed, (2, 6), (3, 0), (3, 1), (3, 2)); - sample_four_ring_elements_into!(memory, seed, (3, 3), (3, 4), (3, 5), (3, 6)); - sample_four_ring_elements_into!(memory, seed, (4, 0), (4, 1), (4, 2), (4, 3)); - sample_four_ring_elements_into!(memory, seed, (4, 4), (4, 5), (4, 6), (5, 0)); - sample_four_ring_elements_into!(memory, seed, (5, 1), (5, 2), (5, 3), (5, 4)); - sample_four_ring_elements_into!(memory, seed, (5, 5), (5, 6), (6, 0), (6, 1)); - sample_four_ring_elements_into!(memory, seed, (6, 2), (6, 3), (6, 4), (6, 5)); - sample_four_ring_elements_into!(memory, seed, (6, 6), (7, 0), (7, 1), (7, 2)); - sample_four_ring_elements_into!(memory, seed, (7, 3), (7, 4), (7, 5), (7, 6)); + + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (0, 0), + (0, 1), + (0, 2), + (0, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (0, 4), + (0, 5), + (0, 6), + (1, 0) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (1, 1), + (1, 2), + (1, 3), + (1, 4) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (1, 5), + (1, 6), + (2, 0), + (2, 1) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (2, 2), + (2, 3), + (2, 4), + (2, 5) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (2, 6), + (3, 0), + (3, 1), + (3, 2) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (3, 3), + (3, 4), + (3, 5), + (3, 6) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (4, 0), + (4, 1), + (4, 2), + (4, 3) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (4, 4), + (4, 5), + (4, 6), + (5, 0) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (5, 1), + (5, 2), + (5, 3), + (5, 4) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (5, 5), + (5, 6), + (6, 0), + (6, 1) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (6, 2), + (6, 3), + (6, 4), + (6, 5) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (6, 6), + (7, 0), + (7, 1), + (7, 2) + ); + sample_four_ring_elements_into!( + seed, + A, + rand_stack, + tmp_stack, + (7, 3), + (7, 4), + (7, 5), + (7, 6) + ); A } From aecb2cd116d530465d34c6857e170fd6bab281b0 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 11:34:36 +0100 Subject: [PATCH 12/25] No call to `core::cmp::min` We check the length beforehand. --- libcrux-ml-dsa/src/sample.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 116dabc0a..073a2ce4c 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -163,7 +163,7 @@ pub(crate) fn sample_four_ring_elements< } } - for k in 0..core::cmp::min(indices.len(), 4) { + for k in 0..indices.len() { let (i, j) = indices[k]; matrix[i as usize][j as usize] = PolynomialRingElement::::from_i32_array(&tmp_stack[k]); From ea8901986ab609066db01fc4af30c55fbf7cede8 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 12:10:33 +0100 Subject: [PATCH 13/25] Avoid array operations --- libcrux-ml-dsa/src/sample.rs | 29 +++++++++++++++-------------- libcrux-ml-dsa/src/samplex4.rs | 10 ++++++---- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 073a2ce4c..0b947bb0b 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -41,11 +41,14 @@ fn generate_domain_separator((row, column): (u8, u8)) -> u16 { /// Sample and write out up to four ring elements. /// -/// If `indices[i]` is provided, a field element with domain separated -/// seed according to the provided index is generated in `tmp_stack`. After successful rejection sampling in `tmp_stack[i]`, the ring element is written to `matrix` at the provided index in `indices[i]`. +/// If i <= `elements_requested`, a field element with domain separated +/// seed according to the provided index is generated in +/// `tmp_stack[i]`. After successful rejection sampling in +/// `tmp_stack[i]`, the ring element is written to `matrix` at the +/// provided index in `indices[i]`. /// `rand_stack` is a working buffer that holds initial Shake output. #[inline(always)] -pub(crate) fn sample_four_ring_elements< +pub(crate) fn sample_up_to_four_ring_elements< SIMDUnit: Operations, Shake128: shake128::XofX4, const ROWS_IN_A: usize, @@ -60,18 +63,16 @@ pub(crate) fn sample_four_ring_elements< [u8; shake128::FIVE_BLOCKS_SIZE], ), tmp_stack: &mut [[i32; 263]], - indices: &[(u8, u8)], + indices: &[(u8, u8); 4], + elements_requested: usize, ) { - debug_assert!(indices.len() <= 4); - - // If less than four indices are provided, the remaining slots are - // filled with dummy values and the results are not written out to - // `matrix`. - let domain_separator0 = generate_domain_separator(*indices.get(0).unwrap_or(&(0, 0))); - let domain_separator1 = generate_domain_separator(*indices.get(1).unwrap_or(&(0, 0))); - let domain_separator2 = generate_domain_separator(*indices.get(2).unwrap_or(&(0, 0))); - let domain_separator3 = generate_domain_separator(*indices.get(3).unwrap_or(&(0, 0))); + debug_assert!(elements_requested <= 4); + let domain_separator0 = generate_domain_separator(indices[0]); + let domain_separator1 = generate_domain_separator(indices[1]); + let domain_separator2 = generate_domain_separator(indices[2]); + let domain_separator3 = generate_domain_separator(indices[3]); + // Prepare the seeds seed0[32] = domain_separator0 as u8; seed0[33] = (domain_separator0 >> 8) as u8; @@ -163,7 +164,7 @@ pub(crate) fn sample_four_ring_elements< } } - for k in 0..indices.len() { + for k in 0..elements_requested { let (i, j) = indices[k]; matrix[i as usize][j as usize] = PolynomialRingElement::::from_i32_array(&tmp_stack[k]); diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 45b13d994..d0191c503 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,7 +1,7 @@ use crate::{ hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, - sample::{sample_four_error_ring_elements, sample_four_ring_elements}, + sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements}, simd::traits::Operations, }; @@ -21,12 +21,13 @@ type Matrix = /// $c, $d. macro_rules! sample_four_ring_elements_into { ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { - sample_four_ring_elements::( + sample_up_to_four_ring_elements::( $seed, &mut $matrix, &mut $rand_stack, &mut $tmp_stack, &[$a, $b, $c, $d], + 4, ); }; } @@ -190,12 +191,13 @@ pub(crate) fn matrix_A_6_by_5< ); // The last 2 sampled ring elements are discarded here. - sample_four_ring_elements::( + sample_up_to_four_ring_elements::( seed, &mut A, &mut rand_stack, &mut tmp_stack, - &[(5, 3), (5, 4)], + &[(5, 3), (5, 4), (5,5), (5,6)], + 2, ); A From a3dba9d64509df3d5adf5d656f4e7fee3fce8562 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 12:10:48 +0100 Subject: [PATCH 14/25] Update C extraction --- libcrux-ml-dsa/cg/code_gen.txt | 2 +- libcrux-ml-dsa/cg/header.txt | 2 +- libcrux-ml-dsa/cg/libcrux_core.h | 2 +- libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h | 424 +++++++----------- libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 430 +++++++------------ libcrux-ml-dsa/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-dsa/cg/libcrux_sha3_portable.h | 2 +- 7 files changed, 332 insertions(+), 532 deletions(-) diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt index 3d7b1d30b..b0e4f99c7 100644 --- a/libcrux-ml-dsa/cg/code_gen.txt +++ b/libcrux-ml-dsa/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 F*: b0961063393215ca65927f017720cb365a193833-dirty -Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 +Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt index d76b62aa4..bdd12b396 100644 --- a/libcrux-ml-dsa/cg/header.txt +++ b/libcrux-ml-dsa/cg/header.txt @@ -8,5 +8,5 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h index b31608d46..57c7db76c 100644 --- a/libcrux-ml-dsa/cg/libcrux_core.h +++ b/libcrux-ml-dsa/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h index 673df0bcc..8a3d324dc 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ #ifndef __libcrux_mldsa65_avx2_H @@ -3292,47 +3292,6 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ea(void) { return lit; } -/** -A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics -- $840size_t -- $6size_t -- $5size_t -*/ -typedef struct libcrux_ml_dsa_sample_SampleArgs_c5_s { - uint8_t_840size_t__x4 *rand_stack; - Eurydice_slice tmp_stack; - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U]; - Eurydice_slice indices; -} libcrux_ml_dsa_sample_SampleArgs_c5; - -/** -This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit, -STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.sample.new_29 -with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit -with const generics -- STACK_SIZE= 840 -- ROWS_IN_A= 6 -- COLUMNS_IN_A= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_dsa_sample_SampleArgs_c5 -libcrux_ml_dsa_sample_new_29_4f( - uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*out)[5U], - Eurydice_slice indices) { - libcrux_ml_dsa_sample_SampleArgs_c5 lit; - lit.rand_stack = rand_stack; - lit.tmp_stack = tmp_stack; - lit.out = out; - lit.indices = indices; - return lit; -} - /** A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types @@ -3397,17 +3356,37 @@ libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_slice array) { } /** -A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements + Sample and write out up to four ring elements. + + If i <= `elements_requested`, a field element with domain separated + seed according to the provided index is generated in + `tmp_stack[i]`. After successful rejection sampling in + `tmp_stack[i]`, the ring element is written to `matrix` at the + provided index in `indices[i]`. + `rand_stack` is a working buffer that holds initial Shake output. +*/ +/** +A monomorphic instance of libcrux_ml_dsa.sample.sample_up_to_four_ring_elements with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit, libcrux_ml_dsa_hash_functions_simd256_Shake128x4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, - uint16_t domain_seperator2, uint16_t domain_separator3, - libcrux_ml_dsa_sample_SampleArgs_c5 *memory) { +static KRML_MUSTINLINE void +libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + uint8_t seed0[34U], + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*matrix)[5U], + uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, + uint8_t_x2 *indices, size_t elements_requested) { + uint16_t domain_separator0 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]); + uint16_t domain_separator1 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[1U]); + uint16_t domain_separator2 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[2U]); + uint16_t domain_separator3 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[3U]); seed0[32U] = (uint8_t)domain_separator0; seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); uint8_t seed1[34U]; @@ -3416,8 +3395,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); uint8_t seed2[34U]; memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); - seed2[32U] = (uint8_t)domain_seperator2; - seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); + seed2[32U] = (uint8_t)domain_separator2; + seed2[33U] = (uint8_t)((uint32_t)domain_separator2 >> 8U); uint8_t seed3[34U]; memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); seed3[32U] = (uint8_t)domain_separator3; @@ -3429,39 +3408,35 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b( - &state, memory->rand_stack->fst, memory->rand_stack->snd, - memory->rand_stack->thd, memory->rand_stack->f3); + &state, rand_stack->fst, rand_stack->snd, rand_stack->thd, + rand_stack->f3); size_t sampled0 = (size_t)0U; size_t sampled1 = (size_t)0U; size_t sampled2 = (size_t)0U; size_t sampled3 = (size_t)0U; bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], int32_t(*)[263U])); bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], int32_t(*)[263U])); bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], int32_t(*)[263U])); bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], int32_t(*)[263U])); while (true) { if (done0) { @@ -3479,8 +3454,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -3488,8 +3463,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -3497,8 +3472,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -3506,8 +3481,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -3520,8 +3495,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -3529,8 +3504,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -3538,8 +3513,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -3547,8 +3522,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -3560,8 +3535,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -3569,8 +3544,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -3578,8 +3553,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -3587,8 +3562,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -3600,8 +3575,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -3609,8 +3584,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -3618,36 +3593,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_f4( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) { + for (size_t i0 = (size_t)0U; i0 < elements_requested; i0++) { size_t k = i0; size_t uu____0 = k; - size_t i = - Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) - .fst; - size_t j = - Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) - .snd; + uint8_t i = indices[uu____0].fst; + uint8_t j = indices[uu____0].snd; libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice( (size_t)263U, - Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U], - int32_t(*)[263U]), + Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]), int32_t)); - memory->out[i][j] = uu____1; + matrix[(size_t)i][(size_t)j] = uu____1; } } @@ -5356,161 +5325,94 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( rand_stack.f3[838U] = 0U; rand_stack.f3[839U] = 0U; int32_t tmp_stack[4U][263U] = {{0U}}; - size_t_x2 buf0[0U] = {}; - libcrux_ml_dsa_sample_SampleArgs_c5 memory = libcrux_ml_dsa_sample_new_29_4f( - &rand_stack, - Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A, - Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2)); - size_t_x2 buf[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2); - uint8_t uu____2[34U]; - memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____2, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})), - &memory); - size_t_x2 buf1[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2); - uint8_t uu____3[34U]; - memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____3, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})), - &memory); - size_t_x2 buf2[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2); - uint8_t uu____4[34U]; - memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____4, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})), - &memory); - size_t_x2 buf3[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2); - uint8_t uu____5[34U]; - memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____5, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})), - &memory); - size_t_x2 buf4[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2); - uint8_t uu____6[34U]; - memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____6, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})), - &memory); - size_t_x2 buf5[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2); - uint8_t uu____7[34U]; - memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____7, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})), - &memory); - size_t_x2 buf6[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2); - uint8_t uu____8[34U]; - memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____8, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})), - &memory); - size_t_x2 buf7[2U] = { - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})}; - memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2); - uint8_t uu____9[34U]; - memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_f4( - uu____9, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})), - &memory); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf0[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed0[34U]; + memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf1[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed0, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed1[34U]; + memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf2[4U] = {(CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed1, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed2[34U]; + memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf3[4U] = {(CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed2, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed3[34U]; + memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf4[4U] = {(CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed3, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed4[34U]; + memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf5[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed4, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed5[34U]; + memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf6[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed5, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed6[34U]; + memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf[4U] = {(CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( + copy_of_seed6, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf, + (size_t)2U); memcpy(ret, A, (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_24[5U])); diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h index e1ee4a6e2..f05d7b3af 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ #ifndef __libcrux_mldsa65_portable_H @@ -523,7 +523,7 @@ typedef struct uint8_t_x2_s { } uint8_t_x2; static KRML_MUSTINLINE uint16_t -libcrux_ml_dsa_samplex4_generate_domain_separator(uint8_t_x2 _) { +libcrux_ml_dsa_sample_generate_domain_separator(uint8_t_x2 _) { uint8_t row = _.fst; uint8_t column = _.snd; return (uint32_t)(uint16_t)column | (uint32_t)(uint16_t)row << 8U; @@ -4171,11 +4171,6 @@ typedef struct uint8_t_840size_t__x4_s { uint8_t f3[840U]; } uint8_t_840size_t__x4; -typedef struct size_t_x2_s { - size_t fst; - size_t snd; -} size_t_x2; - /** A monomorphic instance of K. with types uint8_t[4032size_t], uint8_t[1952size_t] @@ -4244,46 +4239,6 @@ libcrux_ml_dsa_polynomial_ZERO_ff_ba(void) { return lit; } -/** -A monomorphic instance of libcrux_ml_dsa.sample.SampleArgs -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics -- $840size_t -- $6size_t -- $5size_t -*/ -typedef struct libcrux_ml_dsa_sample_SampleArgs_4e_s { - uint8_t_840size_t__x4 *rand_stack; - Eurydice_slice tmp_stack; - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U]; - Eurydice_slice indices; -} libcrux_ml_dsa_sample_SampleArgs_4e; - -/** -This function found in impl {libcrux_ml_dsa::sample::SampleArgs<'a, SIMDUnit, -STACK_SIZE, ROWS_IN_A, COLUMNS_IN_A>[TraitClause@0, TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_dsa.sample.new_29 -with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit -with const generics -- STACK_SIZE= 840 -- ROWS_IN_A= 6 -- COLUMNS_IN_A= 5 -*/ -static inline libcrux_ml_dsa_sample_SampleArgs_4e -libcrux_ml_dsa_sample_new_29_ab( - uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*out)[5U], - Eurydice_slice indices) { - libcrux_ml_dsa_sample_SampleArgs_4e lit; - lit.rand_stack = rand_stack; - lit.tmp_stack = tmp_stack; - lit.out = out; - lit.indices = indices; - return lit; -} - /** A monomorphic instance of libcrux_ml_dsa.sample.rejection_sample_less_than_field_modulus with types @@ -4349,16 +4304,36 @@ libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_slice array) { } /** -A monomorphic instance of libcrux_ml_dsa.sample.sample_four_ring_elements + Sample and write out up to four ring elements. + + If i <= `elements_requested`, a field element with domain separated + seed according to the provided index is generated in + `tmp_stack[i]`. After successful rejection sampling in + `tmp_stack[i]`, the ring element is written to `matrix` at the + provided index in `indices[i]`. + `rand_stack` is a working buffer that holds initial Shake output. +*/ +/** +A monomorphic instance of libcrux_ml_dsa.sample.sample_up_to_four_ring_elements with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit, libcrux_ml_dsa_hash_functions_portable_Shake128X4 with const generics - ROWS_IN_A= 6 - COLUMNS_IN_A= 5 */ -static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uint8_t seed0[34U], uint16_t domain_separator0, uint16_t domain_separator1, - uint16_t domain_seperator2, uint16_t domain_separator3, - libcrux_ml_dsa_sample_SampleArgs_4e *memory) { +static KRML_MUSTINLINE void +libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + uint8_t seed0[34U], + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*matrix)[5U], + uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, + uint8_t_x2 *indices, size_t elements_requested) { + uint16_t domain_separator0 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]); + uint16_t domain_separator1 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[1U]); + uint16_t domain_separator2 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[2U]); + uint16_t domain_separator3 = + libcrux_ml_dsa_sample_generate_domain_separator(indices[3U]); seed0[32U] = (uint8_t)domain_separator0; seed0[33U] = (uint8_t)((uint32_t)domain_separator0 >> 8U); uint8_t seed1[34U]; @@ -4367,8 +4342,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( seed1[33U] = (uint8_t)((uint32_t)domain_separator1 >> 8U); uint8_t seed2[34U]; memcpy(seed2, seed0, (size_t)34U * sizeof(uint8_t)); - seed2[32U] = (uint8_t)domain_seperator2; - seed2[33U] = (uint8_t)((uint32_t)domain_seperator2 >> 8U); + seed2[32U] = (uint8_t)domain_separator2; + seed2[33U] = (uint8_t)((uint32_t)domain_separator2 >> 8U); uint8_t seed3[34U]; memcpy(seed3, seed0, (size_t)34U * sizeof(uint8_t)); seed3[32U] = (uint8_t)domain_separator3; @@ -4380,39 +4355,35 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed( - &state, memory->rand_stack->fst, memory->rand_stack->snd, - memory->rand_stack->thd, memory->rand_stack->f3); + &state, rand_stack->fst, rand_stack->snd, rand_stack->thd, + rand_stack->f3); size_t sampled0 = (size_t)0U; size_t sampled1 = (size_t)0U; size_t sampled2 = (size_t)0U; size_t sampled3 = (size_t)0U; bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->fst, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], int32_t(*)[263U])); bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->snd, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], int32_t(*)[263U])); bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->thd, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], int32_t(*)[263U])); bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, memory->rand_stack->f3, - uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, int32_t[263U], + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], int32_t(*)[263U])); while (true) { if (done0) { @@ -4430,8 +4401,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -4439,8 +4410,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -4448,8 +4419,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -4457,8 +4428,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -4471,8 +4442,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -4480,8 +4451,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -4489,8 +4460,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -4498,8 +4469,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -4512,8 +4483,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -4521,8 +4492,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -4530,8 +4501,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = @@ -4539,8 +4510,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } else { @@ -4552,8 +4523,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.fst, uint8_t), &sampled0, - Eurydice_slice_index(memory->tmp_stack, (size_t)0U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], + int32_t(*)[263U])); } if (!done1) { done1 = @@ -4561,8 +4532,8 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.snd, uint8_t), &sampled1, - Eurydice_slice_index(memory->tmp_stack, (size_t)1U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], + int32_t(*)[263U])); } if (!done2) { done2 = @@ -4570,36 +4541,30 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_four_ring_elements_49( Eurydice_array_to_slice((size_t)168U, randomnesses.thd, uint8_t), &sampled2, - Eurydice_slice_index(memory->tmp_stack, (size_t)2U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], + int32_t(*)[263U])); } if (!done3) { done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( Eurydice_array_to_slice((size_t)168U, randomnesses.f3, uint8_t), &sampled3, - Eurydice_slice_index(memory->tmp_stack, (size_t)3U, - int32_t[263U], int32_t(*)[263U])); + Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], + int32_t(*)[263U])); } } } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(memory->indices, size_t_x2); i0++) { + for (size_t i0 = (size_t)0U; i0 < elements_requested; i0++) { size_t k = i0; size_t uu____0 = k; - size_t i = - Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) - .fst; - size_t j = - Eurydice_slice_index(memory->indices, uu____0, size_t_x2, size_t_x2 *) - .snd; + uint8_t i = indices[uu____0].fst; + uint8_t j = indices[uu____0].snd; libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 = libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice( (size_t)263U, - Eurydice_slice_index(memory->tmp_stack, k, int32_t[263U], - int32_t(*)[263U]), + Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]), int32_t)); - memory->out[i][j] = uu____1; + matrix[(size_t)i][(size_t)j] = uu____1; } } @@ -6307,161 +6272,94 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( rand_stack.f3[838U] = 0U; rand_stack.f3[839U] = 0U; int32_t tmp_stack[4U][263U] = {{0U}}; - size_t_x2 buf0[0U] = {}; - libcrux_ml_dsa_sample_SampleArgs_4e memory = libcrux_ml_dsa_sample_new_29_ab( - &rand_stack, - Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), A, - Eurydice_array_to_slice((size_t)0U, buf0, size_t_x2)); - size_t_x2 buf[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf, size_t_x2); - uint8_t uu____2[34U]; - memcpy(uu____2, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____2, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})), - &memory); - size_t_x2 buf1[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf1, size_t_x2); - uint8_t uu____3[34U]; - memcpy(uu____3, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____3, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})), - &memory); - size_t_x2 buf2[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf2, size_t_x2); - uint8_t uu____4[34U]; - memcpy(uu____4, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____4, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})), - &memory); - size_t_x2 buf3[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf3, size_t_x2); - uint8_t uu____5[34U]; - memcpy(uu____5, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____5, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})), - &memory); - size_t_x2 buf4[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf4, size_t_x2); - uint8_t uu____6[34U]; - memcpy(uu____6, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____6, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})), - &memory); - size_t_x2 buf5[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}), - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf5, size_t_x2); - uint8_t uu____7[34U]; - memcpy(uu____7, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____7, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})), - &memory); - size_t_x2 buf6[4U] = { - (CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)0U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)1U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)2U})}; - memory.indices = Eurydice_array_to_slice((size_t)4U, buf6, size_t_x2); - uint8_t uu____8[34U]; - memcpy(uu____8, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____8, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})), - &memory); - size_t_x2 buf7[2U] = { - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)3U}), - (CLITERAL(size_t_x2){.fst = (size_t)5U, .snd = (size_t)4U})}; - memory.indices = Eurydice_array_to_slice((size_t)2U, buf7, size_t_x2); - uint8_t uu____9[34U]; - memcpy(uu____9, seed, (size_t)34U * sizeof(uint8_t)); - libcrux_ml_dsa_sample_sample_four_ring_elements_49( - uu____9, - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U})), - libcrux_ml_dsa_samplex4_generate_domain_separator( - (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})), - &memory); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf0[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed0[34U]; + memcpy(copy_of_seed0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf1[4U] = {(CLITERAL(uint8_t_x2){.fst = 0U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed0, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed1[34U]; + memcpy(copy_of_seed1, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf2[4U] = {(CLITERAL(uint8_t_x2){.fst = 1U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed1, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed2[34U]; + memcpy(copy_of_seed2, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf3[4U] = {(CLITERAL(uint8_t_x2){.fst = 2U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed2, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed3[34U]; + memcpy(copy_of_seed3, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf4[4U] = {(CLITERAL(uint8_t_x2){.fst = 3U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed3, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed4[34U]; + memcpy(copy_of_seed4, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf5[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}), + (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed4, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed5[34U]; + memcpy(copy_of_seed5, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf6[4U] = {(CLITERAL(uint8_t_x2){.fst = 4U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 0U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed5, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6, + (size_t)4U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed6[34U]; + memcpy(copy_of_seed6, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t_x2 buf[4U] = {(CLITERAL(uint8_t_x2){.fst = 5U, .snd = 3U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 4U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}), + (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})}; + libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( + copy_of_seed6, A, &rand_stack, + Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf, + (size_t)2U); memcpy(ret, A, (size_t)6U * sizeof(libcrux_ml_dsa_polynomial_PolynomialRingElement_9b[5U])); diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h index 1241bcd5b..b786152bb 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h index 3611ecbf2..c12c02ac6 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: 192edaf802604e2a52d47edca43cf9dc495a4721 + * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 */ #ifndef __libcrux_sha3_portable_H From 95c30a208bc28f06e462cc2dbb62e1f8fb81c839 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 12:13:35 +0100 Subject: [PATCH 15/25] Use `opaque` instead of `opaque_type` --- libcrux-ml-dsa/src/hash_functions.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-dsa/src/hash_functions.rs b/libcrux-ml-dsa/src/hash_functions.rs index 84ca5fbe9..2be51bd30 100644 --- a/libcrux-ml-dsa/src/hash_functions.rs +++ b/libcrux-ml-dsa/src/hash_functions.rs @@ -101,7 +101,7 @@ pub(crate) mod portable { /// Portable SHAKE 128 x4 state. /// /// We're using a portable implementation so this is actually sequential. - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake128X4 { state0: KeccakState, state1: KeccakState, @@ -197,7 +197,7 @@ pub(crate) mod portable { } /// Portable SHAKE 128 state - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake128 {} #[inline(always)] @@ -213,7 +213,7 @@ pub(crate) mod portable { } /// Portable SHAKE 256 state - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256 { state: KeccakState, } @@ -269,7 +269,7 @@ pub(crate) mod portable { /// Portable SHAKE 256 x4 state. /// /// We're using a portable implementation so this is actually sequential. - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256X4 { state0: libcrux_sha3::portable::KeccakState, state1: libcrux_sha3::portable::KeccakState, @@ -389,7 +389,7 @@ pub(crate) mod portable { } } - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256Xof { state: incremental::Shake256Xof, } @@ -426,7 +426,7 @@ pub(crate) mod simd256 { /// /// This only implements the XofX4 API. For the single Xof, the portable /// version is used. - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake128x4 { state: libcrux_sha3::avx2::x4::incremental::KeccakState, } @@ -512,7 +512,7 @@ pub(crate) mod simd256 { } /// AVX2 SHAKE 256 state - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256 { state: libcrux_sha3::portable::KeccakState, } @@ -573,7 +573,7 @@ pub(crate) mod simd256 { } /// AVX2 SHAKE 256 x4 state. - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256x4 { state: libcrux_sha3::avx2::x4::incremental::KeccakState, } @@ -699,10 +699,10 @@ pub(crate) mod neon { use super::{shake128, shake256}; use libcrux_sha3::neon::x2; - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) type KeccakState = x2::incremental::KeccakState; - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake128x4 { state: [KeccakState; 2], } @@ -773,7 +773,7 @@ pub(crate) mod neon { } /// Neon SHAKE 256 x4 state - #[cfg_attr(hax, hax_lib::opaque_type)] + #[cfg_attr(hax, hax_lib::opaque)] pub(crate) struct Shake256x4 { state: [KeccakState; 2], } From a9714a49b61929b267e95bbf799c0c0a8ac8a5b1 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 12:13:53 +0100 Subject: [PATCH 16/25] Update hax extraction --- .../Libcrux_ml_dsa.Encoding.Signature.fst | 2 +- .../Libcrux_ml_dsa.Encoding.Signature.fsti | 2 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fsti | 4 +- ...ibcrux_ml_dsa.Hash_functions.Portable.fsti | 10 +- ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti | 10 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst | 12 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst | 12 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst | 12 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst | 12 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst | 12 +- ...neric.Instantiations.Avx2.Avx2_feature.fst | 12 +- ...eric.Instantiations.Avx2.Avx2_feature.fsti | 2 + ...dsa.Ml_dsa_generic.Instantiations.Neon.fst | 12 +- ...sa.Ml_dsa_generic.Instantiations.Neon.fsti | 2 + ...Ml_dsa_generic.Instantiations.Portable.fst | 7 + ...l_dsa_generic.Instantiations.Portable.fsti | 2 + .../Libcrux_ml_dsa.Ml_dsa_generic.fst | 812 ++++---- .../Libcrux_ml_dsa.Ml_dsa_generic.fsti | 179 +- .../extraction/Libcrux_ml_dsa.Polynomial.fst | 42 +- .../extraction/Libcrux_ml_dsa.Polynomial.fsti | 24 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 735 +++---- .../extraction/Libcrux_ml_dsa.Sample.fsti | 45 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 1681 +++++++++-------- .../extraction/Libcrux_ml_dsa.Samplex4.fsti | 67 +- .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst | 12 + .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti | 6 + ...bcrux_ml_dsa.Simd.Portable.Vector_type.fst | 12 + ...crux_ml_dsa.Simd.Portable.Vector_type.fsti | 6 + .../fstar/extraction/Libcrux_ml_dsa.Types.fst | 36 +- .../extraction/Libcrux_ml_dsa.Types.fsti | 21 +- .../extraction/Libcrux_platform.X86.fsti | 6 + 38 files changed, 2063 insertions(+), 1830 deletions(-) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst index 096a14a68..c351af8bb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst @@ -14,7 +14,7 @@ let impl__deserialize (v_COMMITMENT_HASH_SIZE v_COLUMNS_IN_A v_ROWS_IN_A v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_MAX_ONES_IN_HINT v_SIGNATURE_SIZE: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (serialized: t_Array u8 v_SIGNATURE_SIZE) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti index 0ef8c6563..53b1e72ed 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti @@ -25,7 +25,7 @@ val impl__deserialize (#v_SIMDUnit: Type0) (v_COMMITMENT_HASH_SIZE v_COLUMNS_IN_A v_ROWS_IN_A v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_MAX_ONES_IN_HINT v_SIGNATURE_SIZE: usize) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (serialized: t_Array u8 v_SIGNATURE_SIZE) : Prims.Pure (Core.Result.t_Result diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti index a7762dfe1..d27a20455 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti @@ -3,10 +3,10 @@ module Libcrux_ml_dsa.Hash_functions.Neon open Core open FStar.Mul -val t_Shake128x4:Type0 +val t_Shake128x4:eqtype /// Neon SHAKE 256 x4 state -val t_Shake256x4:Type0 +val t_Shake256x4:eqtype [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti index b2a04571e..0b7e313f7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti @@ -4,20 +4,20 @@ open Core open FStar.Mul /// Portable SHAKE 128 state -val t_Shake128:Type0 +val t_Shake128:eqtype /// Portable SHAKE 128 x4 state. /// We\'re using a portable implementation so this is actually sequential. -val t_Shake128X4:Type0 +val t_Shake128X4:eqtype /// Portable SHAKE 256 state -val t_Shake256:Type0 +val t_Shake256:eqtype /// Portable SHAKE 256 x4 state. /// We\'re using a portable implementation so this is actually sequential. -val t_Shake256X4:Type0 +val t_Shake256X4:eqtype -val t_Shake256Xof:Type0 +val t_Shake256Xof:eqtype [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti index c40649c70..109c7ccf9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti @@ -6,13 +6,13 @@ open FStar.Mul /// AVX2 SHAKE 128 state /// This only implements the XofX4 API. For the single Xof, the portable /// version is used. -val t_Shake128x4:Type0 - -/// AVX2 SHAKE 256 x4 state. -val t_Shake256x4:Type0 +val t_Shake128x4:eqtype /// AVX2 SHAKE 256 state -val t_Shake256:Type0 +val t_Shake256:eqtype + +/// AVX2 SHAKE 256 x4 state. +val t_Shake256x4:eqtype [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst index 57daef3c6..c923aaf46 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst index 881529d16..cbfcb41f1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst index 47feb8acb..5ecf58ac3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) - (sz 2420) (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) + (sz 2420) (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst index de9e24809..fd9368339 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 2560) signing_key <: t_Array u8 (sz 2560)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 2560) signing_key <: t_Array u8 (sz 2560)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1312) verification_key <: t_Array u8 (sz 1312)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1312) verification_key <: t_Array u8 (sz 1312)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst index 93a4a47d2..fb56ab400 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst index 52cd13c55..06692d1d7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst index 272c8f309..d696b883f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) - (sz 3309) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) + (sz 3309) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst index 47f6598f5..9029cf9f8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4032) signing_key <: t_Array u8 (sz 4032)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4032) signing_key <: t_Array u8 (sz 4032)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 1952) verification_key <: t_Array u8 (sz 1952)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 1952) verification_key <: t_Array u8 (sz 1952)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst index a5cb7cc82..bed872537 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst index bec5c242e..f4bc8340a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst index a5b4a3a2a..6f6364908 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) - (sz 4627) (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) + (sz 4627) (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst index b7bfad8f1..a72c5865b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst @@ -29,7 +29,7 @@ let sign = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let sign_pre_hashed_shake128 @@ -39,7 +39,7 @@ let sign_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) - (Libcrux_ml_dsa.Types.impl__as_raw (sz 4896) signing_key <: t_Array u8 (sz 4896)) message + (Libcrux_ml_dsa.Types.impl__as_ref (sz 4896) signing_key <: t_Array u8 (sz 4896)) message context randomness let verify @@ -49,8 +49,8 @@ let verify = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) let verify_pre_hashed_shake128 (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) @@ -59,5 +59,5 @@ let verify_pre_hashed_shake128 = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) - (Libcrux_ml_dsa.Types.impl_2__as_raw (sz 2592) verification_key <: t_Array u8 (sz 2592)) message - context (Libcrux_ml_dsa.Types.impl_4__as_raw (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_2__as_ref (sz 2592) verification_key <: t_Array u8 (sz 2592)) message + context (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst index 3ae7a4680..c1553434f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fst @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Hash_functions.Simd256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Avx2 in let open Libcrux_ml_dsa.Simd.Avx2 in let open Libcrux_ml_dsa.Simd.Traits in () @@ -21,7 +23,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA @@ -37,7 +39,7 @@ let sign (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA @@ -56,7 +58,7 @@ let sign_pre_hashed_shake128 (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 + #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof @@ -77,7 +79,7 @@ let verify (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 @@ -95,7 +97,7 @@ let verify_pre_hashed_shake128 (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 + #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti index d24fb5ad1..aaa4d5643 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Avx2_feature.fsti @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Hash_functions.Simd256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Avx2 in let open Libcrux_ml_dsa.Simd.Avx2 in let open Libcrux_ml_dsa.Simd.Traits in () diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst index bc44352c6..c81b51ec3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Neon in let open Libcrux_ml_dsa.Simd.Portable in let open Libcrux_ml_dsa.Simd.Traits in () @@ -21,7 +23,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA @@ -37,7 +39,7 @@ let sign (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 v_ROWS_IN_A v_COLUMNS_IN_A v_ETA @@ -56,7 +58,7 @@ let sign_pre_hashed_shake128 (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 + #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof @@ -77,7 +79,7 @@ let verify (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 + #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 @@ -95,7 +97,7 @@ let verify_pre_hashed_shake128 (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 + #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti index 93c40dc34..45fac8db0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Neon in let open Libcrux_ml_dsa.Simd.Portable in let open Libcrux_ml_dsa.Simd.Traits in () diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst index 581a147b8..fba006d14 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Portable in let open Libcrux_ml_dsa.Simd.Portable in let open Libcrux_ml_dsa.Simd.Traits in () @@ -20,6 +22,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof @@ -36,6 +39,7 @@ let sign (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof @@ -55,6 +59,7 @@ let sign_pre_hashed_shake128 (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 @@ -76,6 +81,7 @@ let verify (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A @@ -94,6 +100,7 @@ let verify_pre_hashed_shake128 (signature: t_Array u8 v_SIGNATURE_SIZE) = Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti index 1e4399d64..9bd1f00f2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in + let open Libcrux_ml_dsa.Samplex4.Portable in let open Libcrux_ml_dsa.Simd.Portable in let open Libcrux_ml_dsa.Simd.Traits in () diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst index 0bf89311c..1fec04ec9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in let open Libcrux_ml_dsa.Simd.Traits in () @@ -109,26 +110,311 @@ let derive_message_representative let _:Prims.unit = () in message_representative +let verify_internal + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: + usize) + (v_GAMMA2 v_BETA: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i5: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i7: + Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i8: + Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i9: + Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) + (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + (message: t_Slice u8) + (domain_separation_context: + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) + (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) + = + let seed_for_A, t1:(t_Array u8 (sz 32) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = + Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit + v_ROWS_IN_A + v_VERIFICATION_KEY_SIZE + verification_key_serialized + in + match + Libcrux_ml_dsa.Encoding.Signature.impl__deserialize #v_SIMDUnit + v_COMMITMENT_HASH_SIZE + v_COLUMNS_IN_A + v_ROWS_IN_A + v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE + v_MAX_ONES_IN_HINT + v_SIGNATURE_SIZE + signature_serialized + with + | Core.Result.Result_Ok s -> + let signature:Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit + v_COMMITMENT_HASH_SIZE + v_COLUMNS_IN_A + v_ROWS_IN_A = + s + in + if + Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit + v_COLUMNS_IN_A + signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response + ((2l < + Core.Result.Result_Err e + <: + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + +let verify + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: + usize) + (v_GAMMA2 v_BETA: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i5: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i7: + Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i8: + Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i9: + Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) + (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + (message context: t_Slice u8) + (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) + = + match + Libcrux_ml_dsa.Pre_hash.impl_1__new context + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + with + | Core.Result.Result_Ok dsc -> + let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in + verify_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A + v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE + v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE + v_MAX_ONES_IN_HINT verification_key_serialized message + (Core.Option.Option_Some domain_separation_context + <: + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized + | Core.Result.Result_Err _ -> + Core.Result.Result_Err + (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError + <: + Libcrux_ml_dsa.Types.t_VerificationError) + <: + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + +let verify_pre_hashed + (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0) + (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: + usize) + (v_GAMMA2 v_BETA: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i7: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i8: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i9: + Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i10: + Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i11: + Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i12: + Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i13: + Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN) + (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + (message context: t_Slice u8) + (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) + = + let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN = + Libcrux_ml_dsa.Pre_hash.f_hash #v_PH + #v_PH_DIGEST_LEN + #FStar.Tactics.Typeclasses.solve + #v_Shake128 + message + in + match + Libcrux_ml_dsa.Pre_hash.impl_1__new context + (Core.Option.Option_Some + (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () + <: + t_Array u8 (sz 11)) + <: + Core.Option.t_Option (t_Array u8 (sz 11))) + with + | Core.Result.Result_Ok dsc -> + let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in + verify_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A + v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE + v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE + v_MAX_ONES_IN_HINT verification_key_serialized (pre_hashed_message <: t_Slice u8) + (Core.Option.Option_Some domain_separation_context + <: + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized + | Core.Result.Result_Err _ -> + Core.Result.Result_Err + (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError + <: + Libcrux_ml_dsa.Types.t_VerificationError) + <: + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + let sign_internal - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) (v_GAMMA2: i32) (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: + i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: + i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: + i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i8: + i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i9: + i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message: t_Slice u8) @@ -154,7 +440,9 @@ let sign_internal let v_A_as_ntt:t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A = - Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit + Libcrux_ml_dsa.Samplex4.f_matrix_A #v_Sampler + #FStar.Tactics.Typeclasses.solve + #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) (seed_for_A <: t_Slice u8) @@ -480,354 +768,67 @@ let sign_internal ({ Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash = commitment_hash; Libcrux_ml_dsa.Encoding.Signature.f_signer_response = signer_response; - Libcrux_ml_dsa.Encoding.Signature.f_hint = hint - } - <: - Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit - v_COMMITMENT_HASH_SIZE - v_COLUMNS_IN_A - v_ROWS_IN_A) - in - Core.Result.Result_Ok (Libcrux_ml_dsa.Types.impl_4__new v_SIGNATURE_SIZE signature) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError - | Core.Option.Option_None -> - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError - <: - Libcrux_ml_dsa.Types.t_SigningError) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError) - | Core.Option.Option_None -> - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError - <: - Libcrux_ml_dsa.Types.t_SigningError) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError) - | Core.Option.Option_None -> - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: Libcrux_ml_dsa.Types.t_SigningError - ) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError - -let sign - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) - (v_GAMMA2: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: - usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: - Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: - Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i8: - Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i9: - Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) - (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - = - match - Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) - with - | Core.Result.Result_Ok dsc -> - let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A - v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 - v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE - v_SIGNATURE_SIZE signing_key message - (Core.Option.Option_Some domain_separation_context - <: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness - | Core.Result.Result_Err _ -> - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError - -let sign_pre_hashed - (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0) - (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: - usize) - (v_GAMMA2: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: - usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i8: - Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i9: - Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i10: - Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i11: - Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i12: - Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i13: - Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN) - (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) - (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - = - if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN - then - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError - else - let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN = - Libcrux_ml_dsa.Pre_hash.f_hash #v_PH - #v_PH_DIGEST_LEN - #FStar.Tactics.Typeclasses.solve - #v_Shake128 - message - in - match - Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_Some - (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () - <: - t_Array u8 (sz 11)) - <: - Core.Option.t_Option (t_Array u8 (sz 11))) - with - | Core.Result.Result_Ok dsc -> - let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 v_ROWS_IN_A - v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 - v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE - v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8) - (Core.Option.Option_Some domain_separation_context - <: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness - | Core.Result.Result_Err _ -> - Core.Result.Result_Err - (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) - <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError - -let verify_internal - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: - usize) - (v_GAMMA2 v_BETA: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: - usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: - Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: - Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: - Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) - (message: t_Slice u8) - (domain_separation_context: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) - = - let seed_for_A, t1:(t_Array u8 (sz 32) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = - Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit - v_ROWS_IN_A - v_VERIFICATION_KEY_SIZE - verification_key_serialized - in - match - Libcrux_ml_dsa.Encoding.Signature.impl__deserialize #v_SIMDUnit - v_COMMITMENT_HASH_SIZE - v_COLUMNS_IN_A - v_ROWS_IN_A - v_GAMMA1_EXPONENT - v_GAMMA1_RING_ELEMENT_SIZE - v_MAX_ONES_IN_HINT - v_SIGNATURE_SIZE - signature_serialized - with - | Core.Result.Result_Ok s -> - let signature:Libcrux_ml_dsa.Encoding.Signature.t_Signature v_SIMDUnit - v_COMMITMENT_HASH_SIZE - v_COLUMNS_IN_A - v_ROWS_IN_A = - s - in - if - Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit - v_COLUMNS_IN_A - signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response - ((2l < + Core.Result.Result_Err + (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError + <: + Libcrux_ml_dsa.Types.t_SigningError) <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - in - let w_approx:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_ROWS_IN_A = - Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit - v_ROWS_IN_A - v_COLUMNS_IN_A - v_A_as_ntt - signature.Libcrux_ml_dsa.Encoding.Signature.f_signer_response - verifier_challenge_as_ntt - t1 - in - let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = - Rust_primitives.Hax.repeat 0uy v_COMMITMENT_HASH_SIZE - in - let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_ROWS_IN_A = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit - v_ROWS_IN_A - v_GAMMA2 - signature.Libcrux_ml_dsa.Encoding.Signature.f_hint - w_approx - in - let commitment_serialized:t_Array u8 v_COMMITMENT_VECTOR_SIZE = - Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit - v_ROWS_IN_A - v_COMMITMENT_RING_ELEMENT_SIZE - v_COMMITMENT_VECTOR_SIZE - commitment - in - let shake:v_Shake256Xof = - Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof - #FStar.Tactics.Typeclasses.solve - () - in - let shake:v_Shake256Xof = - Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof - #FStar.Tactics.Typeclasses.solve - shake - (message_representative <: t_Slice u8) - in - let shake:v_Shake256Xof = - Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb_final #v_Shake256Xof - #FStar.Tactics.Typeclasses.solve - shake - (commitment_serialized <: t_Slice u8) - in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 v_COMMITMENT_HASH_SIZE) = - Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof - #FStar.Tactics.Typeclasses.solve - shake - commitment_hash - in - let shake:v_Shake256Xof = tmp0 in - let commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE = tmp1 in - let _:Prims.unit = () in - let _:Prims.unit = () in - if signature.Libcrux_ml_dsa.Encoding.Signature.f_commitment_hash =. commitment_hash - then - Core.Result.Result_Ok (() <: Prims.unit) - <: - Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError - else + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError) + | Core.Option.Option_None -> Core.Result.Result_Err - (Libcrux_ml_dsa.Types.VerificationError_CommitmentHashesDontMatchError + (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: - Libcrux_ml_dsa.Types.t_VerificationError) + Libcrux_ml_dsa.Types.t_SigningError) <: - Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError - | Core.Result.Result_Err e -> - Core.Result.Result_Err e + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError) + | Core.Option.Option_None -> + Core.Result.Result_Err + (Libcrux_ml_dsa.Types.SigningError_RejectionSamplingError <: Libcrux_ml_dsa.Types.t_SigningError + ) <: - Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError -let verify - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: - usize) - (v_GAMMA2 v_BETA: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: +let sign + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) + (v_GAMMA2: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: + i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: + i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: + i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: + i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i11: + Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) + (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) + (randomness: t_Array u8 (sz 32)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context @@ -835,102 +836,115 @@ let verify with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A - v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 - v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized message + sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 + v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 + v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE + v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE + v_SIGNATURE_SIZE signing_key message (Core.Option.Option_Some domain_separation_context <: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness | Core.Result.Result_Err _ -> Core.Result.Result_Err - (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError - <: - Libcrux_ml_dsa.Types.t_VerificationError) + (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) <: - Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError -let verify_pre_hashed - (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0) - (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: +let sign_pre_hashed + (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: + Type0) + (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) - (v_GAMMA2 v_BETA: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: + (v_GAMMA2: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: + i8: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: + i10: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i8: + i11: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i9: + i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i10: + i13: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i11: + i14: + Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN) - (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) + (randomness: t_Array u8 (sz 32)) = - let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN = - Libcrux_ml_dsa.Pre_hash.f_hash #v_PH - #v_PH_DIGEST_LEN - #FStar.Tactics.Typeclasses.solve - #v_Shake128 - message - in - match - Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_Some - (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () - <: - t_Array u8 (sz 11)) - <: - Core.Option.t_Option (t_Array u8 (sz 11))) - with - | Core.Result.Result_Ok dsc -> - let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof v_ROWS_IN_A v_COLUMNS_IN_A - v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 - v_BETA v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key_serialized - (pre_hashed_message <: t_Slice u8) - (Core.Option.Option_Some domain_separation_context - <: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) signature_serialized - | Core.Result.Result_Err _ -> + if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN + then Core.Result.Result_Err - (Libcrux_ml_dsa.Types.VerificationError_VerificationContextTooLongError - <: - Libcrux_ml_dsa.Types.t_VerificationError) + (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) <: - Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError + else + let pre_hashed_message:t_Array u8 v_PH_DIGEST_LEN = + Libcrux_ml_dsa.Pre_hash.f_hash #v_PH + #v_PH_DIGEST_LEN + #FStar.Tactics.Typeclasses.solve + #v_Shake128 + message + in + match + Libcrux_ml_dsa.Pre_hash.impl_1__new context + (Core.Option.Option_Some + (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () + <: + t_Array u8 (sz 11)) + <: + Core.Option.t_Option (t_Array u8 (sz 11))) + with + | Core.Result.Result_Ok dsc -> + let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in + sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 + v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 + v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE + v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE + v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key (pre_hashed_message <: t_Slice u8) + (Core.Option.Option_Some domain_separation_context + <: + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness + | Core.Result.Result_Err _ -> + Core.Result.Result_Err + (Libcrux_ml_dsa.Types.SigningError_ContextTooLongError <: Libcrux_ml_dsa.Types.t_SigningError) + <: + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError let generate_key_pair - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: + i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: + i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: + i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i8: + i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i9: + i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (randomness: t_Array u8 (sz 32)) = @@ -977,7 +991,9 @@ let generate_key_pair let a_as_ntt:t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A = - Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit + Libcrux_ml_dsa.Samplex4.f_matrix_A #v_Sampler + #FStar.Tactics.Typeclasses.solve + #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) seed_for_a <: t_Array u8 (sz 34)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti index b333cdc66..a1ac213b3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Pre_hash in + let open Libcrux_ml_dsa.Samplex4 in let open Libcrux_ml_dsa.Simd.Traits in () @@ -39,82 +40,21 @@ val derive_message_representative (message_representative: t_Array u8 (sz 64)) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) -/// The internal signing API. -/// If no `domain_separation_context` is supplied, it is assumed that -/// `message` already contains the domain separation. -val sign_internal - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) - (v_GAMMA2: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: - usize) - {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) - (message: t_Slice u8) - (domain_separation_context: - Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) - -val sign - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) - (v_GAMMA2: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: - usize) - {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) - (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) - -val sign_pre_hashed - (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: Type0) - (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: - usize) - (v_GAMMA2: i32) - (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: - usize) - {| i7: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} - {| i9: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |} - (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) - (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) - Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) - /// The internal verification API. /// If no `domain_separation_context` is supplied, it is assumed that /// `message` already contains the domain separation. val verify_internal - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: usize) (v_GAMMA2 v_BETA: i32) (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: usize) - {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) (message: t_Slice u8) (domain_separation_context: @@ -125,16 +65,17 @@ val verify_internal (fun _ -> Prims.l_True) val verify - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: usize) (v_GAMMA2 v_BETA: i32) (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: usize) - {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i6: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) (message context: t_Slice u8) (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) @@ -143,18 +84,19 @@ val verify (fun _ -> Prims.l_True) val verify_pre_hashed - (#v_SIMDUnit #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_PH: Type0) (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: usize) (v_GAMMA2 v_BETA: i32) (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT: usize) - {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} - {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - {| i11: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |} + {| i7: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i8: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} + {| i10: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |} (verification_key_serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) (message context: t_Slice u8) (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) @@ -162,16 +104,83 @@ val verify_pre_hashed Prims.l_True (fun _ -> Prims.l_True) +/// The internal signing API. +/// If no `domain_separation_context` is supplied, it is assumed that +/// `message` already contains the domain separation. +val sign_internal + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) + (v_GAMMA2: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: + usize) + {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} + (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) + (message: t_Slice u8) + (domain_separation_context: + Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) + +val sign + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) + (v_GAMMA2: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: + usize) + {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} + (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) + (message context: t_Slice u8) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) + +val sign_pre_hashed + (#v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH: + Type0) + (v_PH_DIGEST_LEN v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: + usize) + (v_GAMMA2: i32) + (v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE: + usize) + {| i8: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i9: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i10: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} + {| i11: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i13: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} + {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |} + (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) + (message context: t_Slice u8) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) + Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) + /// Generate a key pair. val generate_key_pair - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) + (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - {| i5: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} + {| i6: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i7: Libcrux_ml_dsa.Samplex4.t_X4Sampler v_Sampler |} + {| i8: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} + {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} + {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (randomness: t_Array u8 (sz 32)) : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst index 1cfb3ccb5..99e46c0e2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst @@ -9,6 +9,38 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': + #v_SIMDUnit: Type0 -> + {| i1: Core.Clone.t_Clone v_SIMDUnit |} -> + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + -> Core.Clone.t_Clone (t_PolynomialRingElement v_SIMDUnit) + +let impl_1 + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Clone.t_Clone v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + = impl_1' #v_SIMDUnit #i1 #i2 + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_2': + #v_SIMDUnit: Type0 -> + {| i1: Core.Marker.t_Copy v_SIMDUnit |} -> + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + -> Core.Marker.t_Copy (t_PolynomialRingElement v_SIMDUnit) + +let impl_2 + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core.Marker.t_Copy v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + = impl_2' #v_SIMDUnit #i1 #i2 + let impl__ZERO (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -32,7 +64,7 @@ let impl__ZERO let impl__from_i32_array (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (array: t_Slice i32) = @@ -92,7 +124,7 @@ let impl__from_i32_array let impl__add (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self rhs: t_PolynomialRingElement v_SIMDUnit) = @@ -131,7 +163,7 @@ let impl__add let impl__infinity_norm_exceeds (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self: t_PolynomialRingElement v_SIMDUnit) (bound: i32) @@ -161,7 +193,7 @@ let impl__infinity_norm_exceeds let impl__subtract (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self rhs: t_PolynomialRingElement v_SIMDUnit) = @@ -200,7 +232,7 @@ let impl__subtract let impl__to_i32_array (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self: t_PolynomialRingElement v_SIMDUnit) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti index 6f7a5837e..b9648e9ab 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti @@ -13,6 +13,20 @@ type t_PolynomialRingElement (v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} = { f_simd_units:t_Array v_SIMDUnit (sz 32) } +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_1 + (#v_SIMDUnit: Type0) + {| i1: Core.Clone.t_Clone v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + : Core.Clone.t_Clone (t_PolynomialRingElement v_SIMDUnit) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_2 + (#v_SIMDUnit: Type0) + {| i1: Core.Marker.t_Copy v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + : Core.Marker.t_Copy (t_PolynomialRingElement v_SIMDUnit) + val impl__ZERO: #v_SIMDUnit: Type0 -> {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} -> @@ -21,31 +35,31 @@ val impl__ZERO: val impl__from_i32_array (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (array: t_Slice i32) : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) val impl__add (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self rhs: t_PolynomialRingElement v_SIMDUnit) : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) val impl__infinity_norm_exceeds (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self: t_PolynomialRingElement v_SIMDUnit) (bound: i32) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val impl__subtract (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self rhs: t_PolynomialRingElement v_SIMDUnit) : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) val impl__to_i32_array (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self: t_PolynomialRingElement v_SIMDUnit) : Prims.Pure (t_Array i32 (sz 256)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index 288d73ebd..a209fd286 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -6,12 +6,14 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Hash_functions.Portable in let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Simd.Traits in () +let generate_domain_separator (row, column: (u8 & u8)) = + (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) <>! 8l <: u16) <: u8) - in - let seed1:t_Array u8 (sz 34) = seed0 in - let seed1:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (sz 32) - (cast (domain_separator1 <: u16) <: u8) - in - let seed1:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (sz 33) - (cast (domain_separator1 >>! 8l <: u16) <: u8) - in - let seed2:t_Array u8 (sz 34) = seed0 in - let seed2:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (sz 32) - (cast (domain_seperator2 <: u16) <: u8) - in - let seed2:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (sz 33) - (cast (domain_seperator2 >>! 8l <: u16) <: u8) - in - let seed3:t_Array u8 (sz 34) = seed0 in - let seed3:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (sz 32) - (cast (domain_separator3 <: u16) <: u8) - in - let seed3:t_Array u8 (sz 34) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (sz 33) - (cast (domain_separator3 >>! 8l <: u16) <: u8) - in - let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 = - Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 - #FStar.Tactics.Typeclasses.solve - (seed0 <: t_Slice u8) - (seed1 <: t_Slice u8) - (seed2 <: t_Slice u8) - (seed3 <: t_Slice u8) - in - let randomness0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let randomness1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let randomness2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let randomness3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 - #FStar.Tactics.Typeclasses.solve - state - randomness0 - randomness1 - randomness2 - randomness3 - in - let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 = tmp0 in - let randomness0:t_Array u8 (sz 840) = tmp1 in - let randomness1:t_Array u8 (sz 840) = tmp2 in - let randomness2:t_Array u8 (sz 840) = tmp3 in - let randomness3:t_Array u8 (sz 840) = tmp4 in - let _:Prims.unit = () in - let coefficients0:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in - let coefficients1:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in - let coefficients2:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in - let coefficients3:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in - let sampled0:usize = sz 0 in - let sampled1:usize = sz 0 in - let sampled2:usize = sz 0 in - let sampled3:usize = sz 0 in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomness0 <: t_Slice u8) - sampled0 - coefficients0 - in - let sampled0:usize = tmp0 in - let coefficients0:t_Array i32 (sz 263) = tmp1 in - let done0:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomness1 <: t_Slice u8) - sampled1 - coefficients1 - in - let sampled1:usize = tmp0 in - let coefficients1:t_Array i32 (sz 263) = tmp1 in - let done1:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomness2 <: t_Slice u8) - sampled2 - coefficients2 - in - let sampled2:usize = tmp0 in - let coefficients2:t_Array i32 (sz 263) = tmp1 in - let done2:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomness3 <: t_Slice u8) - sampled3 - coefficients3 - in - let sampled3:usize = tmp0 in - let coefficients3:t_Array i32 (sz 263) = tmp1 in - let done3:bool = out in - let - coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) = - Rust_primitives.f_while_loop (fun temp_0_ -> - let - coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) = - temp_0_ - in - (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) - (coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state - <: - (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4)) - (fun temp_0_ -> - let - coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) = - temp_0_ - in - let tmp0, out:(Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - = - Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 - #FStar.Tactics.Typeclasses.solve - state - in - let state:Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 = tmp0 in - let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & - t_Array u8 (sz 168)) = - out - in - let coefficients0, done0, sampled0:(t_Array i32 (sz 263) & bool & usize) = - if ~.done0 - then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomnesses._1 <: t_Slice u8) - sampled0 - coefficients0 - in - let sampled0:usize = tmp0 in - let coefficients0:t_Array i32 (sz 263) = tmp1 in - let done0:bool = out in - coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize) - else coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize) - in - let coefficients1, done1, sampled1:(t_Array i32 (sz 263) & bool & usize) = - if ~.done1 - then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomnesses._2 <: t_Slice u8) - sampled1 - coefficients1 - in - let sampled1:usize = tmp0 in - let coefficients1:t_Array i32 (sz 263) = tmp1 in - let done1:bool = out in - coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize) - else coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize) - in - let coefficients2, done2, sampled2:(t_Array i32 (sz 263) & bool & usize) = - if ~.done2 - then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomnesses._3 <: t_Slice u8) - sampled2 - coefficients2 - in - let sampled2:usize = tmp0 in - let coefficients2:t_Array i32 (sz 263) = tmp1 in - let done2:bool = out in - coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize) - else coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize) - in - if ~.done3 - then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = - rejection_sample_less_than_field_modulus #v_SIMDUnit - (randomnesses._4 <: t_Slice u8) - sampled3 - coefficients3 - in - let sampled3:usize = tmp0 in - let coefficients3:t_Array i32 (sz 263) = tmp1 in - let done3:bool = out in - coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state - <: - (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4) - else - coefficients0, - coefficients1, - coefficients2, - coefficients3, - done0, - done1, - done2, - done3, - sampled0, - sampled1, - sampled2, - sampled3, - state - <: - (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & - t_Array i32 (sz 263) & - bool & - bool & - bool & - bool & - usize & - usize & - usize & - usize & - Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4)) - in - Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients0 <: t_Slice i32), - Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients1 <: t_Slice i32), - Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients2 <: t_Slice i32), - Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (coefficients3 <: t_Slice i32) - <: - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - let sample_mask_ring_element (#v_SIMDUnit #v_Shake256: Type0) (v_GAMMA1_EXPONENT: usize) @@ -1317,3 +961,376 @@ let sample_mask_vector domain_separator, hax_temp_output <: (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) + +let sample_up_to_four_ring_elements + (#v_SIMDUnit #v_Shake128: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128) + (seed0: t_Array u8 (sz 34)) + (matrix: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + (rand_stack: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))) + (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (indices: t_Array (u8 & u8) (sz 4)) + (elements_requested: usize) + = + let _:Prims.unit = + if true + then + let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. sz 4 <: bool) in + () + in + let domain_separator0:u16 = generate_domain_separator (indices.[ sz 0 ] <: (u8 & u8)) in + let domain_separator1:u16 = generate_domain_separator (indices.[ sz 1 ] <: (u8 & u8)) in + let domain_separator2:u16 = generate_domain_separator (indices.[ sz 2 ] <: (u8 & u8)) in + let domain_separator3:u16 = generate_domain_separator (indices.[ sz 3 ] <: (u8 & u8)) in + let seed0:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 + (sz 32) + (cast (domain_separator0 <: u16) <: u8) + in + let seed0:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 + (sz 33) + (cast (domain_separator0 >>! 8l <: u16) <: u8) + in + let seed1:t_Array u8 (sz 34) = seed0 in + let seed1:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 + (sz 32) + (cast (domain_separator1 <: u16) <: u8) + in + let seed1:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 + (sz 33) + (cast (domain_separator1 >>! 8l <: u16) <: u8) + in + let seed2:t_Array u8 (sz 34) = seed0 in + let seed2:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 + (sz 32) + (cast (domain_separator2 <: u16) <: u8) + in + let seed2:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 + (sz 33) + (cast (domain_separator2 >>! 8l <: u16) <: u8) + in + let seed3:t_Array u8 (sz 34) = seed0 in + let seed3:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 + (sz 32) + (cast (domain_separator3 <: u16) <: u8) + in + let seed3:t_Array u8 (sz 34) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 + (sz 33) + (cast (domain_separator3 >>! 8l <: u16) <: u8) + in + let state:v_Shake128 = + Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #v_Shake128 + #FStar.Tactics.Typeclasses.solve + (seed0 <: t_Slice u8) + (seed1 <: t_Slice u8) + (seed2 <: t_Slice u8) + (seed3 <: t_Slice u8) + in + let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128 + #FStar.Tactics.Typeclasses.solve + state + rand_stack._1 + rand_stack._2 + rand_stack._3 + rand_stack._4 + in + let state:v_Shake128 = tmp0 in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _1 = tmp1 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _2 = tmp2 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _3 = tmp3 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _4 = tmp4 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let _:Prims.unit = () in + let sampled0:usize = sz 0 in + let sampled1:usize = sz 0 in + let sampled2:usize = sz 0 in + let sampled3:usize = sz 0 in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._1 in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _1 = tmp0 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (out <: t_Slice u8) + sampled0 + (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + in + let sampled0:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + in + let done0:bool = out in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._2 in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _2 = tmp0 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (out <: t_Slice u8) + sampled1 + (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + in + let sampled1:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + in + let done1:bool = out in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._3 in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _3 = tmp0 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (out <: t_Slice u8) + sampled2 + (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + in + let sampled2:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + in + let done2:bool = out in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._4 in + let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + { rand_stack with _4 = tmp0 } + <: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + in + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (out <: t_Slice u8) + sampled3 + (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + in + let sampled3:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + in + let done3:bool = out in + let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & + bool & + bool & + bool & + usize & + usize & + usize & + usize & + v_Shake128 & + t_Slice (t_Array i32 (sz 263))) = + Rust_primitives.f_while_loop (fun temp_0_ -> + let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & + bool & + bool & + bool & + usize & + usize & + usize & + usize & + v_Shake128 & + t_Slice (t_Array i32 (sz 263))) = + temp_0_ + in + (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) + (done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack + <: + (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & + t_Slice (t_Array i32 (sz 263)))) + (fun temp_0_ -> + let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & + bool & + bool & + bool & + usize & + usize & + usize & + usize & + v_Shake128 & + t_Slice (t_Array i32 (sz 263))) = + temp_0_ + in + let tmp0, out:(v_Shake128 & + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + = + Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #v_Shake128 + #FStar.Tactics.Typeclasses.solve + state + in + let state:v_Shake128 = tmp0 in + let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + out + in + let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + if ~.done0 + then + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (randomnesses._1 <: t_Slice u8) + sampled0 + (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + in + let sampled0:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + in + let done0:bool = out in + done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + in + let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + if ~.done1 + then + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (randomnesses._2 <: t_Slice u8) + sampled1 + (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + in + let sampled1:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + in + let done1:bool = out in + done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + in + let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + if ~.done2 + then + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (randomnesses._3 <: t_Slice u8) + sampled2 + (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + in + let sampled2:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + in + let done2:bool = out in + done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + in + if ~.done3 + then + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + rejection_sample_less_than_field_modulus #v_SIMDUnit + (randomnesses._4 <: t_Slice u8) + sampled3 + (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + in + let sampled3:usize = tmp0 in + let tmp_stack:t_Slice (t_Array i32 (sz 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + in + let done3:bool = out in + done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack + <: + (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & + t_Slice (t_Array i32 (sz 263))) + else + done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack + <: + (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & + t_Slice (t_Array i32 (sz 263)))) + in + let matrix, hax_temp_output:(t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A & + Prims.unit) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + elements_requested + (fun matrix temp_1_ -> + let matrix:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = + matrix + in + let _:usize = temp_1_ in + true) + matrix + (fun matrix k -> + let matrix:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = + matrix + in + let k:usize = k in + let i, j:(u8 & u8) = indices.[ k ] in + let matrix:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize matrix + (cast (i <: u8) <: usize) + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (matrix.[ cast (i <: u8) + <: + usize ] + <: + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + v_COLUMNS_IN_A) + (cast (j <: u8) <: usize) + (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit + (tmp_stack.[ k ] <: t_Slice i32) + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + <: + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + v_COLUMNS_IN_A) + in + matrix) + in + matrix, rand_stack, tmp_stack + <: + (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A & + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Slice (t_Array i32 (sz 263))) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 9cab11744..142041aa2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -6,12 +6,13 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Hash_functions.Portable in let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Simd.Traits in () +val generate_domain_separator: (u8 & u8) -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) + val update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) : Prims.Pure (u16 & t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True) @@ -80,19 +81,6 @@ val sample_four_error_ring_elements Prims.l_True (fun _ -> Prims.l_True) -val sample_four_ring_elements - (#v_SIMDUnit: Type0) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (seed0: t_Array u8 (sz 34)) - (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16) - : Prims.Pure - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - Prims.l_True - (fun _ -> Prims.l_True) - val sample_mask_ring_element (#v_SIMDUnit #v_Shake256: Type0) (v_GAMMA1_EXPONENT: usize) @@ -116,3 +104,32 @@ val sample_mask_vector (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) Prims.l_True (fun _ -> Prims.l_True) + +/// Sample and write out up to four ring elements. +/// If i <= `elements_requested`, a field element with domain separated +/// seed according to the provided index is generated in +/// `tmp_stack[i]`. After successful rejection sampling in +/// `tmp_stack[i]`, the ring element is written to `matrix` at the +/// provided index in `indices[i]`. +/// `rand_stack` is a working buffer that holds initial Shake output. +val sample_up_to_four_ring_elements + (#v_SIMDUnit #v_Shake128: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} + (seed0: t_Array u8 (sz 34)) + (matrix: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + (rand_stack: + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))) + (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (indices: t_Array (u8 & u8) (sz 4)) + (elements_requested: usize) + : Prims.Pure + (t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A & + (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index 06a86b638..105849569 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -6,47 +6,20 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Simd.Traits in () -let generate_domain_separator (row column: u8) = - (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) < matrix_A_4_by_4_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed - | 6uy, 5uy -> matrix_A_6_by_5_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed - | 8uy, 7uy -> matrix_A_8_by_7_ #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed + | 4uy, 4uy -> matrix_A_4_by_4_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed + | 6uy, 5uy -> matrix_A_6_by_5_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed + | 8uy, 7uy -> matrix_A_8_by_7_ #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti index e1b9a56dc..13aa21421 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti @@ -6,31 +6,49 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Shake128 in let open Libcrux_ml_dsa.Hash_functions.Shake256 in let open Libcrux_ml_dsa.Simd.Traits in () -val generate_domain_separator (row column: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) - -val update_matrix - (#v_SIMDUnit: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (m: - t_Array +/// The x4 sampling implementation that is selected during multiplexing. +class t_X4Sampler (v_Self: Type0) = { + f_matrix_A_pre: + #v_SIMDUnit: Type0 -> + v_ROWS_IN_A: usize -> + v_COLUMNS_IN_A: usize -> + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} -> + t_Array u8 (sz 34) + -> Type0; + f_matrix_A_post: + #v_SIMDUnit: Type0 -> + v_ROWS_IN_A: usize -> + v_COLUMNS_IN_A: usize -> + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} -> + t_Array u8 (sz 34) -> + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A + -> Type0; + f_matrix_A: + #v_SIMDUnit: Type0 -> + v_ROWS_IN_A: usize -> + v_COLUMNS_IN_A: usize -> + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} -> + x0: t_Array u8 (sz 34) + -> Prims.Pure + (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) - (i j: usize) - (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure - (t_Array - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) - v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) + (f_matrix_A_pre #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A #i1 x0) + (fun result -> f_matrix_A_post #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A #i1 x0 result) +} val matrix_A_4_by_4_ - (#v_SIMDUnit: Type0) + (#v_SIMDUnit #v_Shake128: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array @@ -38,9 +56,10 @@ val matrix_A_4_by_4_ v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) val matrix_A_6_by_5_ - (#v_SIMDUnit: Type0) + (#v_SIMDUnit #v_Shake128: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array @@ -48,19 +67,21 @@ val matrix_A_6_by_5_ v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) val matrix_A_8_by_7_ - (#v_SIMDUnit: Type0) + (#v_SIMDUnit #v_Shake128: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) -val matrix_A - (#v_SIMDUnit: Type0) +val matrix_A_generic + (#v_SIMDUnit #v_Shake128: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst index 8dc299c31..5d2d5a9a6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst @@ -23,6 +23,18 @@ let from_coefficient_array (coefficient_array: t_Slice i32) = #FStar.Tactics.Typeclasses.solve (Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i32 coefficient_array <: u8) +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Core.Clone.t_Clone t_AVX2SIMDUnit + +let impl_1 = impl_1' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit + +let impl_2 = impl_2' + let to_coefficient_array (x: t_AVX2SIMDUnit) = let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in let coefficient_array:t_Array i32 (sz 8) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti index e14bacddd..e5d296f3a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti @@ -13,5 +13,11 @@ val v_ZERO: Prims.unit -> Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims val from_coefficient_array (coefficient_array: t_Slice i32) : Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims.l_True) +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_1:Core.Clone.t_Clone t_AVX2SIMDUnit + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_2:Core.Marker.t_Copy t_AVX2SIMDUnit + val to_coefficient_array (x: t_AVX2SIMDUnit) : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst index 338234407..cf5cb8df2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst @@ -25,5 +25,17 @@ let from_coefficient_array (array: t_Slice i32) = let to_coefficient_array (x: t_PortableSIMDUnit) = x.f_coefficients +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl': Core.Clone.t_Clone t_PortableSIMDUnit + +let impl = impl' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Core.Marker.t_Copy t_PortableSIMDUnit + +let impl_1 = impl_1' + let v_ZERO (_: Prims.unit) = { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 8) } <: t_PortableSIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti index 0b3010e59..f30200b21 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti @@ -11,4 +11,10 @@ val from_coefficient_array (array: t_Slice i32) val to_coefficient_array (x: t_PortableSIMDUnit) : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl:Core.Clone.t_Clone t_PortableSIMDUnit + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_1:Core.Marker.t_Copy t_PortableSIMDUnit + val v_ZERO: Prims.unit -> Prims.Pure t_PortableSIMDUnit Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst index 0a457fc6e..eee5c0b42 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst @@ -9,17 +9,17 @@ let impl_2__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE let impl_4__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value +let impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self.f_value let impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSASignature v_SIZE -let impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value +let impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value let impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSASigningKey v_SIZE -let impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value +let impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self.f_value let impl_2__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSAVerificationKey v_SIZE @@ -36,6 +36,36 @@ let t_VerificationError_cast_to_repr (x: t_VerificationError) = | VerificationError_CommitmentHashesDontMatchError -> isz 3 | VerificationError_VerificationContextTooLongError -> isz 6 +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASigningKey v_SIZE) + +let impl_1 (v_SIZE: usize) = impl_1' v_SIZE + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_3': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSAVerificationKey v_SIZE) + +let impl_3 (v_SIZE: usize) = impl_3' v_SIZE + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_5': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASignature v_SIZE) + +let impl_5 (v_SIZE: usize) = impl_5' v_SIZE + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_6': Core.Fmt.t_Debug t_VerificationError + +let impl_6 = impl_6' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_7': Core.Fmt.t_Debug t_SigningError + +let impl_7 = impl_7' + let impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value <: t_Slice u8 let impl_2__as_slice (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti index 0a03514df..ee4a22f89 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti @@ -18,7 +18,7 @@ val impl_4__len: v_SIZE: usize -> Prims.unit type t_MLDSASignature (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } /// A reference to the raw byte array. -val impl_4__as_raw (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) +val impl_4__as_ref (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Build @@ -29,7 +29,7 @@ val impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) type t_MLDSASigningKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } /// A reference to the raw byte array. -val impl__as_raw (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) +val impl__as_ref (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Build @@ -40,7 +40,7 @@ val impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) type t_MLDSAVerificationKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } /// A reference to the raw byte array. -val impl_2__as_raw (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) +val impl_2__as_ref (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Build @@ -69,6 +69,21 @@ type t_VerificationError = val t_VerificationError_cast_to_repr (x: t_VerificationError) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_1 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSASigningKey v_SIZE) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_3 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSAVerificationKey v_SIZE) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_5 (v_SIZE: usize) : Core.Clone.t_Clone (t_MLDSASignature v_SIZE) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_6:Core.Fmt.t_Debug t_VerificationError + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_7:Core.Fmt.t_Debug t_SigningError + /// A reference to the raw byte slice. val impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 968a5585c..0c9c90e71 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -38,6 +38,12 @@ type t_Feature = val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl:Core.Clone.t_Clone t_Feature + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl_1:Core.Marker.t_Copy t_Feature + /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) From 3cbb16f839872877a96f61a04538d59e744452a6 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 12:14:16 +0100 Subject: [PATCH 17/25] Format --- libcrux-ml-dsa/src/sample.rs | 2 +- libcrux-ml-dsa/src/samplex4.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 0b947bb0b..345b11ef3 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -72,7 +72,7 @@ pub(crate) fn sample_up_to_four_ring_elements< let domain_separator1 = generate_domain_separator(indices[1]); let domain_separator2 = generate_domain_separator(indices[2]); let domain_separator3 = generate_domain_separator(indices[3]); - + // Prepare the seeds seed0[32] = domain_separator0 as u8; seed0[33] = (domain_separator0 >> 8) as u8; diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index d0191c503..253936bba 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -196,7 +196,7 @@ pub(crate) fn matrix_A_6_by_5< &mut A, &mut rand_stack, &mut tmp_stack, - &[(5, 3), (5, 4), (5,5), (5,6)], + &[(5, 3), (5, 4), (5, 5), (5, 6)], 2, ); From 0c697cb4f13d5b4bd1025d4888d99995ff8ad907 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 13:07:35 +0100 Subject: [PATCH 18/25] Missing FStar extractions --- .../Libcrux_intrinsics.Arm64_extract.fst | 391 +++++++++++++ .../Libcrux_intrinsics.Avx2_extract.fst | 531 ++++++++++++++++++ .../Libcrux_ml_dsa.Hash_functions.Neon.fst | 107 ++++ ...Libcrux_ml_dsa.Hash_functions.Portable.fst | 152 +++++ .../Libcrux_ml_dsa.Hash_functions.Simd256.fst | 142 +++++ .../Libcrux_ml_dsa.Samplex4.Avx2.fst | 92 +++ .../Libcrux_ml_dsa.Samplex4.Avx2.fsti | 27 + .../Libcrux_ml_dsa.Samplex4.Neon.fst | 61 ++ .../Libcrux_ml_dsa.Samplex4.Neon.fsti | 17 + .../Libcrux_ml_dsa.Samplex4.Portable.fst | 61 ++ .../Libcrux_ml_dsa.Samplex4.Portable.fsti | 17 + .../extraction/Libcrux_platform.Platform.fst | 44 ++ .../fstar/extraction/Libcrux_platform.X86.fst | 60 ++ 13 files changed, 1702 insertions(+) create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst new file mode 100644 index 000000000..e23020d49 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst @@ -0,0 +1,391 @@ +module Libcrux_intrinsics.Arm64_extract +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +open Core +open FStar.Mul + +assume +val v__vaddq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vaddq_s16 = v__vaddq_s16' + +assume +val v__vaddq_u32': compressed: u8 -> half: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vaddq_u32 = v__vaddq_u32' + +assume +val v__vaddv_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) + +let v__vaddv_u16 = v__vaddv_u16' + +assume +val v__vaddvq_s16': a: u8 -> Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) + +let v__vaddvq_s16 = v__vaddvq_s16' + +assume +val v__vaddvq_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) + +let v__vaddvq_u16 = v__vaddvq_u16' + +assume +val v__vandq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vandq_s16 = v__vandq_s16' + +assume +val v__vandq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vandq_u16 = v__vandq_u16' + +assume +val v__vandq_u32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vandq_u32 = v__vandq_u32' + +assume +val v__vbicq_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vbicq_u64 = v__vbicq_u64' + +assume +val v__vcgeq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vcgeq_s16 = v__vcgeq_s16' + +assume +val v__vcleq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vcleq_s16 = v__vcleq_s16' + +assume +val v__vdupq_n_s16': i: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vdupq_n_s16 = v__vdupq_n_s16' + +assume +val v__vdupq_n_u16': value: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vdupq_n_u16 = v__vdupq_n_u16' + +assume +val v__vdupq_n_u32': value: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vdupq_n_u32 = v__vdupq_n_u32' + +assume +val v__vdupq_n_u64': i: u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vdupq_n_u64 = v__vdupq_n_u64' + +assume +val v__veorq_s16': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__veorq_s16 = v__veorq_s16' + +assume +val v__veorq_u64': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__veorq_u64 = v__veorq_u64' + +assume +val v__vget_high_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vget_high_u16 = v__vget_high_u16' + +assume +val v__vget_low_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vget_low_s16 = v__vget_low_s16' + +assume +val v__vget_low_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vget_low_u16 = v__vget_low_u16' + +assume +val v__vld1q_bytes_u64': array: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vld1q_bytes_u64 = v__vld1q_bytes_u64' + +assume +val v__vld1q_s16': array: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vld1q_s16 = v__vld1q_s16' + +assume +val v__vld1q_u16': ptr: t_Slice u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vld1q_u16 = v__vld1q_u16' + +assume +val v__vld1q_u64': array: t_Slice u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vld1q_u64 = v__vld1q_u64' + +assume +val v__vld1q_u8': ptr: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vld1q_u8 = v__vld1q_u8' + +assume +val v__vmlal_high_s16': a: u8 -> b: u8 -> c: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmlal_high_s16 = v__vmlal_high_s16' + +assume +val v__vmlal_s16': a: u8 -> b: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmlal_s16 = v__vmlal_s16' + +assume +val v__vmull_high_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmull_high_s16 = v__vmull_high_s16' + +assume +val v__vmull_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmull_s16 = v__vmull_s16' + +assume +val v__vmulq_n_s16': v: u8 -> c: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmulq_n_s16 = v__vmulq_n_s16' + +assume +val v__vmulq_n_u16': v: u8 -> c: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmulq_n_u16 = v__vmulq_n_u16' + +assume +val v__vmulq_n_u32': a: u8 -> b: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmulq_n_u32 = v__vmulq_n_u32' + +assume +val v__vmulq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vmulq_s16 = v__vmulq_s16' + +assume +val v__vqdmulhq_n_s16': k: u8 -> b: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vqdmulhq_n_s16 = v__vqdmulhq_n_s16' + +assume +val v__vqdmulhq_n_s32': a: u8 -> b: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vqdmulhq_n_s32 = v__vqdmulhq_n_s32' + +assume +val v__vqdmulhq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vqdmulhq_s16 = v__vqdmulhq_s16' + +assume +val v__vqtbl1q_u8': t: u8 -> idx: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vqtbl1q_u8 = v__vqtbl1q_u8' + +assume +val v__vreinterpretq_s16_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s16_s32 = v__vreinterpretq_s16_s32' + +assume +val v__vreinterpretq_s16_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s16_s64 = v__vreinterpretq_s16_s64' + +assume +val v__vreinterpretq_s16_u16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s16_u16 = v__vreinterpretq_s16_u16' + +assume +val v__vreinterpretq_s16_u32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s16_u32 = v__vreinterpretq_s16_u32' + +assume +val v__vreinterpretq_s16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s16_u8 = v__vreinterpretq_s16_u8' + +assume +val v__vreinterpretq_s32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s32_s16 = v__vreinterpretq_s32_s16' + +assume +val v__vreinterpretq_s32_u32': compressed: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s32_u32 = v__vreinterpretq_s32_u32' + +assume +val v__vreinterpretq_s64_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s64_s16 = v__vreinterpretq_s64_s16' + +assume +val v__vreinterpretq_s64_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_s64_s32 = v__vreinterpretq_s64_s32' + +assume +val v__vreinterpretq_u16_s16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u16_s16 = v__vreinterpretq_u16_s16' + +assume +val v__vreinterpretq_u16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u16_u8 = v__vreinterpretq_u16_u8' + +assume +val v__vreinterpretq_u32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u32_s16 = v__vreinterpretq_u32_s16' + +assume +val v__vreinterpretq_u32_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u32_s32 = v__vreinterpretq_u32_s32' + +assume +val v__vreinterpretq_u8_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u8_s16 = v__vreinterpretq_u8_s16' + +assume +val v__vreinterpretq_u8_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vreinterpretq_u8_s64 = v__vreinterpretq_u8_s64' + +assume +val v__vshlq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshlq_n_s16 (v_SHIFT_BY: i32) = v__vshlq_n_s16' v_SHIFT_BY + +assume +val v__vshlq_n_u32': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshlq_n_u32 (v_SHIFT_BY: i32) = v__vshlq_n_u32' v_SHIFT_BY + +assume +val v__vshlq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshlq_n_u64 (v_SHIFT_BY: i32) = v__vshlq_n_u64' v_SHIFT_BY + +assume +val v__vshlq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshlq_s16 = v__vshlq_s16' + +assume +val v__vshlq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshlq_u16 = v__vshlq_u16' + +assume +val v__vshrq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshrq_n_s16 (v_SHIFT_BY: i32) = v__vshrq_n_s16' v_SHIFT_BY + +assume +val v__vshrq_n_u16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshrq_n_u16 (v_SHIFT_BY: i32) = v__vshrq_n_u16' v_SHIFT_BY + +assume +val v__vshrq_n_u32': v_N: i32 -> a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshrq_n_u32 (v_N: i32) = v__vshrq_n_u32' v_N + +assume +val v__vshrq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vshrq_n_u64 (v_SHIFT_BY: i32) = v__vshrq_n_u64' v_SHIFT_BY + +assume +val v__vsliq_n_s32': v_N: i32 -> a: u8 -> b: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vsliq_n_s32 (v_N: i32) = v__vsliq_n_s32' v_N + +assume +val v__vsliq_n_s64': v_N: i32 -> a: u8 -> b: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vsliq_n_s64 (v_N: i32) = v__vsliq_n_s64' v_N + +assume +val v__vst1q_bytes_u64': out: t_Slice u8 -> v: u8 + -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +let v__vst1q_bytes_u64 = v__vst1q_bytes_u64' + +assume +val v__vst1q_s16': out: t_Slice i16 -> v: u8 + -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +let v__vst1q_s16 = v__vst1q_s16' + +assume +val v__vst1q_u64': out: t_Slice u64 -> v: u8 + -> Prims.Pure (t_Slice u64) Prims.l_True (fun _ -> Prims.l_True) + +let v__vst1q_u64 = v__vst1q_u64' + +assume +val v__vst1q_u8': out: t_Slice u8 -> v: u8 + -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +let v__vst1q_u8 = v__vst1q_u8' + +assume +val v__vsubq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vsubq_s16 = v__vsubq_s16' + +assume +val v__vtrn1q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn1q_s16 = v__vtrn1q_s16' + +assume +val v__vtrn1q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn1q_s32 = v__vtrn1q_s32' + +assume +val v__vtrn1q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn1q_s64 = v__vtrn1q_s64' + +assume +val v__vtrn1q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn1q_u64 = v__vtrn1q_u64' + +assume +val v__vtrn2q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn2q_s16 = v__vtrn2q_s16' + +assume +val v__vtrn2q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn2q_s32 = v__vtrn2q_s32' + +assume +val v__vtrn2q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn2q_s64 = v__vtrn2q_s64' + +assume +val v__vtrn2q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let v__vtrn2q_u64 = v__vtrn2q_u64' diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst new file mode 100644 index 000000000..4b41a92e4 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -0,0 +1,531 @@ +module Libcrux_intrinsics.Avx2_extract +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +open Core +open FStar.Mul + +assume +val mm256_abs_epi32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_abs_epi32 = mm256_abs_epi32' + +assume +val mm256_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_add_epi16 = mm256_add_epi16' + +assume +val mm256_add_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_add_epi32 = mm256_add_epi32' + +assume +val mm256_add_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_add_epi64 = mm256_add_epi64' + +assume +val mm256_and_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_and_si256 = mm256_and_si256' + +assume +val mm256_andnot_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_andnot_si256 = mm256_andnot_si256' + +assume +val mm256_blend_epi16': v_CONTROL: i32 -> lhs: u8 -> rhs: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_blend_epi16 (v_CONTROL: i32) = mm256_blend_epi16' v_CONTROL + +assume +val mm256_blend_epi32': v_CONTROL: i32 -> lhs: u8 -> rhs: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_blend_epi32 (v_CONTROL: i32) = mm256_blend_epi32' v_CONTROL + +assume +val mm256_bsrli_epi128': v_SHIFT_BY: i32 -> x: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_bsrli_epi128 (v_SHIFT_BY: i32) = mm256_bsrli_epi128' v_SHIFT_BY + +assume +val mm256_castsi128_si256': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_castsi128_si256 = mm256_castsi128_si256' + +assume +val mm256_castsi256_ps': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_castsi256_ps = mm256_castsi256_ps' + +assume +val mm256_castsi256_si128': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_castsi256_si128 = mm256_castsi256_si128' + +assume +val mm256_cmpeq_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_cmpeq_epi32 = mm256_cmpeq_epi32' + +assume +val mm256_cmpgt_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_cmpgt_epi16 = mm256_cmpgt_epi16' + +assume +val mm256_cmpgt_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_cmpgt_epi32 = mm256_cmpgt_epi32' + +assume +val mm256_cvtepi16_epi32': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_cvtepi16_epi32 = mm256_cvtepi16_epi32' + +assume +val mm256_extracti128_si256': v_CONTROL: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_extracti128_si256 (v_CONTROL: i32) = mm256_extracti128_si256' v_CONTROL + +assume +val mm256_inserti128_si256': v_CONTROL: i32 -> vector: u8 -> vector_i128: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_inserti128_si256 (v_CONTROL: i32) = mm256_inserti128_si256' v_CONTROL + +assume +val mm256_loadu_si256_i16': input: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_loadu_si256_i16 = mm256_loadu_si256_i16' + +assume +val mm256_loadu_si256_i32': input: t_Slice i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_loadu_si256_i32 = mm256_loadu_si256_i32' + +assume +val mm256_loadu_si256_u8': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_loadu_si256_u8 = mm256_loadu_si256_u8' + +assume +val mm256_madd_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_madd_epi16 = mm256_madd_epi16' + +assume +val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_movemask_ps = mm256_movemask_ps' + +assume +val mm256_mul_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_mul_epi32 = mm256_mul_epi32' + +assume +val mm256_mul_epu32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_mul_epu32 = mm256_mul_epu32' + +assume +val mm256_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_mulhi_epi16 = mm256_mulhi_epi16' + +assume +val mm256_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_mullo_epi16 = mm256_mullo_epi16' + +assume +val mm256_mullo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_mullo_epi32 = mm256_mullo_epi32' + +assume +val mm256_or_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_or_si256 = mm256_or_si256' + +assume +val mm256_packs_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_packs_epi32 = mm256_packs_epi32' + +assume +val mm256_permute2x128_si256': v_IMM8: i32 -> a: u8 -> b: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_permute2x128_si256 (v_IMM8: i32) = mm256_permute2x128_si256' v_IMM8 + +assume +val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_permute4x64_epi64 (v_CONTROL: i32) = mm256_permute4x64_epi64' v_CONTROL + +assume +val mm256_permutevar8x32_epi32': vector: u8 -> control: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_permutevar8x32_epi32 = mm256_permutevar8x32_epi32' + +assume +val mm256_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set1_epi16 = mm256_set1_epi16' + +assume +val mm256_set1_epi32': constant: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set1_epi32 = mm256_set1_epi32' + +assume +val mm256_set1_epi64x': a: i64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set1_epi64x = mm256_set1_epi64x' + +assume +val mm256_set_epi16': + input15: i16 -> + input14: i16 -> + input13: i16 -> + input12: i16 -> + input11: i16 -> + input10: i16 -> + input9: i16 -> + input8: i16 -> + input7: i16 -> + input6: i16 -> + input5: i16 -> + input4: i16 -> + input3: i16 -> + input2: i16 -> + input1: i16 -> + input0: i16 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set_epi16 = mm256_set_epi16' + +assume +val mm256_set_epi32': + input7: i32 -> + input6: i32 -> + input5: i32 -> + input4: i32 -> + input3: i32 -> + input2: i32 -> + input1: i32 -> + input0: i32 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set_epi32 = mm256_set_epi32' + +assume +val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set_epi64x = mm256_set_epi64x' + +assume +val mm256_set_epi8': + byte31: i8 -> + byte30: i8 -> + byte29: i8 -> + byte28: i8 -> + byte27: i8 -> + byte26: i8 -> + byte25: i8 -> + byte24: i8 -> + byte23: i8 -> + byte22: i8 -> + byte21: i8 -> + byte20: i8 -> + byte19: i8 -> + byte18: i8 -> + byte17: i8 -> + byte16: i8 -> + byte15: i8 -> + byte14: i8 -> + byte13: i8 -> + byte12: i8 -> + byte11: i8 -> + byte10: i8 -> + byte9: i8 -> + byte8: i8 -> + byte7: i8 -> + byte6: i8 -> + byte5: i8 -> + byte4: i8 -> + byte3: i8 -> + byte2: i8 -> + byte1: i8 -> + byte0: i8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set_epi8 = mm256_set_epi8' + +assume +val mm256_set_m128i': hi: u8 -> lo: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_set_m128i = mm256_set_m128i' + +assume +val mm256_setzero_si256': Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_setzero_si256 = mm256_setzero_si256' + +assume +val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_shuffle_epi32 (v_CONTROL: i32) = mm256_shuffle_epi32' v_CONTROL + +assume +val mm256_shuffle_epi8': vector: u8 -> control: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_shuffle_epi8 = mm256_shuffle_epi8' + +assume +val mm256_sign_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_sign_epi32 = mm256_sign_epi32' + +assume +val mm256_slli_epi16': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_slli_epi16 (v_SHIFT_BY: i32) = mm256_slli_epi16' v_SHIFT_BY + +assume +val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_slli_epi32 (v_SHIFT_BY: i32) = mm256_slli_epi32' v_SHIFT_BY + +assume +val mm256_slli_epi64': v_LEFT: i32 -> x: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_slli_epi64 (v_LEFT: i32) = mm256_slli_epi64' v_LEFT + +assume +val mm256_sllv_epi32': vector: u8 -> counts: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_sllv_epi32 = mm256_sllv_epi32' + +assume +val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srai_epi16 (v_SHIFT_BY: i32) = mm256_srai_epi16' v_SHIFT_BY + +assume +val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srai_epi32 (v_SHIFT_BY: i32) = mm256_srai_epi32' v_SHIFT_BY + +assume +val mm256_srli_epi16': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srli_epi16 (v_SHIFT_BY: i32) = mm256_srli_epi16' v_SHIFT_BY + +assume +val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srli_epi32 (v_SHIFT_BY: i32) = mm256_srli_epi32' v_SHIFT_BY + +assume +val mm256_srli_epi64': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srli_epi64 (v_SHIFT_BY: i32) = mm256_srli_epi64' v_SHIFT_BY + +assume +val mm256_srlv_epi32': vector: u8 -> counts: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srlv_epi32 = mm256_srlv_epi32' + +assume +val mm256_srlv_epi64': vector: u8 -> counts: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_srlv_epi64 = mm256_srlv_epi64' + +assume +val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: u8 + -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +let mm256_storeu_si256_i16 = mm256_storeu_si256_i16' + +assume +val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: u8 + -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + +let mm256_storeu_si256_i32 = mm256_storeu_si256_i32' + +assume +val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: u8 + -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +let mm256_storeu_si256_u8 = mm256_storeu_si256_u8' + +assume +val mm256_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_sub_epi16 = mm256_sub_epi16' + +assume +val mm256_sub_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_sub_epi32 = mm256_sub_epi32' + +assume +val mm256_testz_si256': lhs: u8 -> rhs: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_testz_si256 = mm256_testz_si256' + +assume +val mm256_unpackhi_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_unpackhi_epi32 = mm256_unpackhi_epi32' + +assume +val mm256_unpackhi_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_unpackhi_epi64 = mm256_unpackhi_epi64' + +assume +val mm256_unpacklo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_unpacklo_epi32 = mm256_unpacklo_epi32' + +assume +val mm256_unpacklo_epi64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_unpacklo_epi64 = mm256_unpacklo_epi64' + +assume +val mm256_xor_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_xor_si256 = mm256_xor_si256' + +assume +val mm_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_add_epi16 = mm_add_epi16' + +assume +val mm_loadu_si128': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_loadu_si128 = mm_loadu_si128' + +assume +val mm_movemask_epi8': vector: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +let mm_movemask_epi8 = mm_movemask_epi8' + +assume +val mm_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_mulhi_epi16 = mm_mulhi_epi16' + +assume +val mm_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_mullo_epi16 = mm_mullo_epi16' + +assume +val mm_packs_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_packs_epi16 = mm_packs_epi16' + +assume +val mm_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_set1_epi16 = mm_set1_epi16' + +assume +val mm_set_epi32': input3: i32 -> input2: i32 -> input1: i32 -> input0: i32 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_set_epi32 = mm_set_epi32' + +assume +val mm_set_epi8': + byte15: u8 -> + byte14: u8 -> + byte13: u8 -> + byte12: u8 -> + byte11: u8 -> + byte10: u8 -> + byte9: u8 -> + byte8: u8 -> + byte7: u8 -> + byte6: u8 -> + byte5: u8 -> + byte4: u8 -> + byte3: u8 -> + byte2: u8 -> + byte1: u8 -> + byte0: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_set_epi8 = mm_set_epi8' + +assume +val mm_shuffle_epi8': vector: u8 -> control: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_shuffle_epi8 = mm_shuffle_epi8' + +assume +val mm_sllv_epi32': vector: u8 -> counts: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_sllv_epi32 = mm_sllv_epi32' + +assume +val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_srli_epi64 (v_SHIFT_BY: i32) = mm_srli_epi64' v_SHIFT_BY + +assume +val mm_storeu_bytes_si128': output: t_Slice u8 -> vector: u8 + -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +let mm_storeu_bytes_si128 = mm_storeu_bytes_si128' + +assume +val mm_storeu_si128': output: t_Slice i16 -> vector: u8 + -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +let mm_storeu_si128 = mm_storeu_si128' + +assume +val mm_storeu_si128_i32': output: t_Slice i32 -> vector: u8 + -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + +let mm_storeu_si128_i32 = mm_storeu_si128_i32' + +assume +val mm_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let mm_sub_epi16 = mm_sub_epi16' + +assume +val vec256_blendv_epi32': a: u8 -> b: u8 -> mask: u8 + -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +let vec256_blendv_epi32 = vec256_blendv_epi32' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst new file mode 100644 index 000000000..7d78d62f2 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst @@ -0,0 +1,107 @@ +module Libcrux_ml_dsa.Hash_functions.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +assume +val t_Shake128x4': eqtype + +let t_Shake128x4 = t_Shake128x4' + +assume +val t_Shake256x4': eqtype + +let t_Shake256x4 = t_Shake256x4' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 + +let impl = impl' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 + +let impl_1 = impl_1' + +assume +val init_absorb': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb = init_absorb' + +assume +val init_absorb_x4': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake256x4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb_x4 = init_absorb_x4' + +assume +val shake256_x4': + v_OUT_LEN: usize -> + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 -> + out0: t_Array u8 v_OUT_LEN -> + out1: t_Array u8 v_OUT_LEN -> + out2: t_Array u8 v_OUT_LEN -> + out3: t_Array u8 v_OUT_LEN + -> Prims.Pure + (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) + Prims.l_True + (fun _ -> Prims.l_True) + +let shake256_x4 (v_OUT_LEN: usize) = shake256_x4' v_OUT_LEN + +assume +val squeeze_first_block_x4': state: t_Shake256x4 + -> Prims.Pure + (t_Shake256x4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_first_block_x4 = squeeze_first_block_x4' + +assume +val squeeze_first_five_blocks': + state: t_Shake128x4 -> + out0: t_Array u8 (sz 840) -> + out1: t_Array u8 (sz 840) -> + out2: t_Array u8 (sz 840) -> + out3: t_Array u8 (sz 840) + -> Prims.Pure + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_first_five_blocks = squeeze_first_five_blocks' + +assume +val squeeze_next_block': state: t_Shake128x4 + -> Prims.Pure + (t_Shake128x4 & + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block = squeeze_next_block' + +assume +val squeeze_next_block_x4': state: t_Shake256x4 + -> Prims.Pure + (t_Shake256x4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst new file mode 100644 index 000000000..b93e63c07 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst @@ -0,0 +1,152 @@ +module Libcrux_ml_dsa.Hash_functions.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +assume +val t_Shake128': eqtype + +let t_Shake128 = t_Shake128' + +assume +val t_Shake128X4': eqtype + +let t_Shake128X4 = t_Shake128X4' + +assume +val t_Shake256': eqtype + +let t_Shake256 = t_Shake256' + +assume +val t_Shake256X4': eqtype + +let t_Shake256X4 = t_Shake256X4' + +assume +val t_Shake256Xof': eqtype + +let t_Shake256Xof = t_Shake256Xof' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 + +let impl = impl' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128 + +let impl_1 = impl_1' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_2': Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256 + +let impl_2 = impl_2' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_3': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 + +let impl_3 = impl_3' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_4': Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256Xof + +let impl_4 = impl_4' + +assume +val init_absorb': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake128X4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb = init_absorb' + +assume +val init_absorb_final_shake256': input: t_Slice u8 + -> Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb_final_shake256 = init_absorb_final_shake256' + +assume +val init_absorb_x4': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake256X4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb_x4 = init_absorb_x4' + +assume +val shake128': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH + -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True) + +let shake128 (v_OUTPUT_LENGTH: usize) = shake128' v_OUTPUT_LENGTH + +assume +val shake256': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH + -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True) + +let shake256 (v_OUTPUT_LENGTH: usize) = shake256' v_OUTPUT_LENGTH + +assume +val squeeze_first_block_shake256': state: t_Shake256 + -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_first_block_shake256 = squeeze_first_block_shake256' + +assume +val squeeze_first_block_x4': state: t_Shake256X4 + -> Prims.Pure + (t_Shake256X4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_first_block_x4 = squeeze_first_block_x4' + +assume +val squeeze_first_five_blocks': + state: t_Shake128X4 -> + out0: t_Array u8 (sz 840) -> + out1: t_Array u8 (sz 840) -> + out2: t_Array u8 (sz 840) -> + out3: t_Array u8 (sz 840) + -> Prims.Pure + (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_first_five_blocks = squeeze_first_five_blocks' + +assume +val squeeze_next_block': state: t_Shake128X4 + -> Prims.Pure + (t_Shake128X4 & + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block = squeeze_next_block' + +assume +val squeeze_next_block_shake256': state: t_Shake256 + -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_next_block_shake256 = squeeze_next_block_shake256' + +assume +val squeeze_next_block_x4': state: t_Shake256X4 + -> Prims.Pure + (t_Shake256X4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst new file mode 100644 index 000000000..fe67aa9fc --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst @@ -0,0 +1,142 @@ +module Libcrux_ml_dsa.Hash_functions.Simd256 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +assume +val t_Shake128x4': eqtype + +let t_Shake128x4 = t_Shake128x4' + +assume +val t_Shake256': eqtype + +let t_Shake256 = t_Shake256' + +assume +val t_Shake256x4': eqtype + +let t_Shake256x4 = t_Shake256x4' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl': Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 + +let impl = impl' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256 + +let impl_1 = impl_1' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_2': Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 + +let impl_2 = impl_2' + +assume +val init_absorb': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb = init_absorb' + +assume +val init_absorb_final_shake256': input: t_Slice u8 + -> Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb_final_shake256 = init_absorb_final_shake256' + +assume +val init_absorb_x4': + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 + -> Prims.Pure t_Shake256x4 Prims.l_True (fun _ -> Prims.l_True) + +let init_absorb_x4 = init_absorb_x4' + +assume +val shake256': v_OUTPUT_LENGTH: usize -> input: t_Slice u8 -> out: t_Array u8 v_OUTPUT_LENGTH + -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True) + +let shake256 (v_OUTPUT_LENGTH: usize) = shake256' v_OUTPUT_LENGTH + +assume +val shake256_x4': + v_OUT_LEN: usize -> + input0: t_Slice u8 -> + input1: t_Slice u8 -> + input2: t_Slice u8 -> + input3: t_Slice u8 -> + out0: t_Array u8 v_OUT_LEN -> + out1: t_Array u8 v_OUT_LEN -> + out2: t_Array u8 v_OUT_LEN -> + out3: t_Array u8 v_OUT_LEN + -> Prims.Pure + (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) + Prims.l_True + (fun _ -> Prims.l_True) + +let shake256_x4 (v_OUT_LEN: usize) = shake256_x4' v_OUT_LEN + +assume +val squeeze_first_block_shake256': state: t_Shake256 + -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_first_block_shake256 = squeeze_first_block_shake256' + +assume +val squeeze_first_block_x4': state: t_Shake256x4 + -> Prims.Pure + (t_Shake256x4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_first_block_x4 = squeeze_first_block_x4' + +assume +val squeeze_first_five_blocks': + state: t_Shake128x4 -> + out0: t_Array u8 (sz 840) -> + out1: t_Array u8 (sz 840) -> + out2: t_Array u8 (sz 840) -> + out3: t_Array u8 (sz 840) + -> Prims.Pure + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_first_five_blocks = squeeze_first_five_blocks' + +assume +val squeeze_next_block': state: t_Shake128x4 + -> Prims.Pure + (t_Shake128x4 & + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block = squeeze_next_block' + +assume +val squeeze_next_block_shake256': state: t_Shake256 + -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + +let squeeze_next_block_shake256 = squeeze_next_block_shake256' + +assume +val squeeze_next_block_x4': state: t_Shake256x4 + -> Prims.Pure + (t_Shake256x4 & + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + Prims.l_True + (fun _ -> Prims.l_True) + +let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst new file mode 100644 index 000000000..96cf97528 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst @@ -0,0 +1,92 @@ +module Libcrux_ml_dsa.Samplex4.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Hash_functions.Simd256 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +let matrix_A_avx2 + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + = + match + (cast (v_ROWS_IN_A <: usize) <: u8), (cast (v_COLUMNS_IN_A <: usize) <: u8) <: (u8 & u8) + with + | 4uy, 4uy -> + Libcrux_ml_dsa.Samplex4.matrix_A_4_by_4_ #v_SIMDUnit + #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + v_ROWS_IN_A + v_COLUMNS_IN_A + seed + | 6uy, 5uy -> + Libcrux_ml_dsa.Samplex4.matrix_A_6_by_5_ #v_SIMDUnit + #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + v_ROWS_IN_A + v_COLUMNS_IN_A + seed + | 8uy, 7uy -> + Libcrux_ml_dsa.Samplex4.matrix_A_8_by_7_ #v_SIMDUnit + #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 + v_ROWS_IN_A + v_COLUMNS_IN_A + seed + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler = + { + f_matrix_A_pre + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + true); + f_matrix_A_post + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + (out: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + -> + true); + f_matrix_A + = + fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + matrix_A_avx2 #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A seed + } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti new file mode 100644 index 000000000..618fe2e20 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti @@ -0,0 +1,27 @@ +module Libcrux_ml_dsa.Samplex4.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Hash_functions.Simd256 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +type t_AVX2Sampler = | AVX2Sampler : t_AVX2Sampler + +val matrix_A_avx2 + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (seed: t_Array u8 (sz 34)) + : Prims.Pure + (t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst new file mode 100644 index 000000000..9d975149f --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fst @@ -0,0 +1,61 @@ +module Libcrux_ml_dsa.Samplex4.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Neon in + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_NeonSampler = + { + f_matrix_A_pre + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + true); + f_matrix_A_post + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + (out: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + -> + true); + f_matrix_A + = + fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + Libcrux_ml_dsa.Samplex4.matrix_A_generic #v_SIMDUnit + #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 + v_ROWS_IN_A + v_COLUMNS_IN_A + seed + } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti new file mode 100644 index 000000000..3a407290f --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Neon.fsti @@ -0,0 +1,17 @@ +module Libcrux_ml_dsa.Samplex4.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Neon in + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +type t_NeonSampler = | NeonSampler : t_NeonSampler + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_NeonSampler diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst new file mode 100644 index 000000000..47473f479 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fst @@ -0,0 +1,61 @@ +module Libcrux_ml_dsa.Samplex4.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Portable in + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_PortableSampler = + { + f_matrix_A_pre + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + true); + f_matrix_A_post + = + (fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + (out: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + -> + true); + f_matrix_A + = + fun + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A: usize) + (v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (seed: t_Array u8 (sz 34)) + -> + Libcrux_ml_dsa.Samplex4.matrix_A_generic #v_SIMDUnit + #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 + v_ROWS_IN_A + v_COLUMNS_IN_A + seed + } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti new file mode 100644 index 000000000..8764f68b8 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Portable.fsti @@ -0,0 +1,17 @@ +module Libcrux_ml_dsa.Samplex4.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Hash_functions.Portable in + let open Libcrux_ml_dsa.Hash_functions.Shake128 in + let open Libcrux_ml_dsa.Simd.Traits in + () + +type t_PortableSampler = | PortableSampler : t_PortableSampler + +[@@ FStar.Tactics.Typeclasses.tcinstance] +val impl:Libcrux_ml_dsa.Samplex4.t_X4Sampler t_PortableSampler diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst new file mode 100644 index 000000000..a740de583 --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst @@ -0,0 +1,44 @@ +module Libcrux_platform.Platform +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +open Core +open FStar.Mul + +assume +val adv_simd_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let adv_simd_support = adv_simd_support' + +assume +val aes_ni_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let aes_ni_support = aes_ni_support' + +assume +val bmi2_adx_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let bmi2_adx_support = bmi2_adx_support' + +assume +val pmull_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let pmull_support = pmull_support' + +assume +val sha256_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let sha256_support = sha256_support' + +assume +val simd128_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let simd128_support = simd128_support' + +assume +val simd256_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let simd256_support = simd256_support' + +assume +val x25519_support': Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let x25519_support = x25519_support' diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst new file mode 100644 index 000000000..2ddf180ff --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst @@ -0,0 +1,60 @@ +module Libcrux_platform.X86 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +open Core +open FStar.Mul + +let t_Feature_cast_to_repr (x: t_Feature) = + match x with + | Feature_mmx -> isz 0 + | Feature_sse -> isz 1 + | Feature_sse2 -> isz 3 + | Feature_sse3 -> isz 6 + | Feature_pclmulqdq -> isz 10 + | Feature_ssse3 -> isz 15 + | Feature_fma -> isz 21 + | Feature_movbe -> isz 28 + | Feature_sse4_1_ -> isz 36 + | Feature_sse4_2_ -> isz 45 + | Feature_popcnt -> isz 55 + | Feature_aes -> isz 66 + | Feature_xsave -> isz 78 + | Feature_osxsave -> isz 91 + | Feature_avx -> isz 105 + | Feature_rdrand -> isz 120 + | Feature_sgx -> isz 136 + | Feature_bmi1 -> isz 153 + | Feature_avx2 -> isz 171 + | Feature_bmi2 -> isz 190 + | Feature_avx512f -> isz 210 + | Feature_avx512dq -> isz 231 + | Feature_rdseed -> isz 253 + | Feature_adx -> isz 276 + | Feature_avx512ifma -> isz 300 + | Feature_avx512pf -> isz 325 + | Feature_avx512er -> isz 351 + | Feature_avx512cd -> isz 378 + | Feature_sha -> isz 406 + | Feature_avx512bw -> isz 435 + | Feature_avx512vl -> isz 465 + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl': Core.Clone.t_Clone t_Feature + +let impl = impl' + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': Core.Marker.t_Copy t_Feature + +let impl_1 = impl_1' + +assume +val init': Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) + +let init = init' + +assume +val supported': feature: t_Feature -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +let supported = supported' From c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 13:12:04 +0100 Subject: [PATCH 19/25] FStar extraction update --- .../Libcrux_intrinsics.Arm64_extract.fst | 2 +- .../Libcrux_intrinsics.Arm64_extract.fsti | 2 +- .../Libcrux_intrinsics.Avx2_extract.fst | 481 ------------------ .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst | 12 - .../extraction/Libcrux_platform.Platform.fst | 2 +- .../extraction/Libcrux_platform.Platform.fsti | 2 +- .../fstar/extraction/Libcrux_platform.X86.fst | 2 +- .../extraction/Libcrux_platform.X86.fsti | 2 +- 9 files changed, 7 insertions(+), 500 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst index 4110ce845..e23020d49 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index a03c287ec..d4014e6a8 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 7a00501f1..5cf54bf43 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,139 +1,13 @@ module Libcrux_intrinsics.Avx2_extract -<<<<<<< HEAD #set-options "--fuel 0 --ifuel 1 --z3rlimit 80" -======= -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ->>>>>>> main open Core open FStar.Mul assume -<<<<<<< HEAD -val mm256_abs_epi32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_abs_epi32 = mm256_abs_epi32' - -assume -val mm256_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_add_epi16 = mm256_add_epi16' - -assume -val mm256_add_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_add_epi32 = mm256_add_epi32' - -assume -val mm256_add_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_add_epi64 = mm256_add_epi64' - -assume -val mm256_and_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_and_si256 = mm256_and_si256' - -assume -val mm256_andnot_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_andnot_si256 = mm256_andnot_si256' - -assume -val mm256_blend_epi16': v_CONTROL: i32 -> lhs: u8 -> rhs: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_blend_epi16 (v_CONTROL: i32) = mm256_blend_epi16' v_CONTROL - -assume -val mm256_blend_epi32': v_CONTROL: i32 -> lhs: u8 -> rhs: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_blend_epi32 (v_CONTROL: i32) = mm256_blend_epi32' v_CONTROL - -assume -val mm256_bsrli_epi128': v_SHIFT_BY: i32 -> x: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_bsrli_epi128 (v_SHIFT_BY: i32) = mm256_bsrli_epi128' v_SHIFT_BY - -assume -val mm256_castsi128_si256': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_castsi128_si256 = mm256_castsi128_si256' - -assume -val mm256_castsi256_ps': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_castsi256_ps = mm256_castsi256_ps' - -assume -val mm256_castsi256_si128': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_castsi256_si128 = mm256_castsi256_si128' - -assume -val mm256_cmpeq_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_cmpeq_epi32 = mm256_cmpeq_epi32' - -assume -val mm256_cmpgt_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_cmpgt_epi16 = mm256_cmpgt_epi16' - -assume -val mm256_cmpgt_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_cmpgt_epi32 = mm256_cmpgt_epi32' - -assume -val mm256_cvtepi16_epi32': vector: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_cvtepi16_epi32 = mm256_cvtepi16_epi32' - -assume -val mm256_extracti128_si256': v_CONTROL: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_extracti128_si256 (v_CONTROL: i32) = mm256_extracti128_si256' v_CONTROL - -assume -val mm256_inserti128_si256': v_CONTROL: i32 -> vector: u8 -> vector_i128: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_inserti128_si256 (v_CONTROL: i32) = mm256_inserti128_si256' v_CONTROL - -assume -val mm256_loadu_si256_i16': input: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_loadu_si256_i16 = mm256_loadu_si256_i16' - -assume -val mm256_loadu_si256_i32': input: t_Slice i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_loadu_si256_i32 = mm256_loadu_si256_i32' - -assume -val mm256_loadu_si256_u8': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_loadu_si256_u8 = mm256_loadu_si256_u8' - -assume -val mm256_madd_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_madd_epi16 = mm256_madd_epi16' - -assume -======= ->>>>>>> main val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) let mm256_movemask_ps = mm256_movemask_ps' -<<<<<<< HEAD -assume -val mm256_mul_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= [@@ FStar.Tactics.Typeclasses.tcinstance] assume val impl_3': Core.Clone.t_Clone t_Vec128 @@ -273,24 +147,16 @@ let mm256_loadu_si256_u8 = mm256_loadu_si256_u8' assume val mm256_mul_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_mul_epi32 = mm256_mul_epi32' assume -<<<<<<< HEAD -val mm256_mul_epu32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_mul_epu32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_mul_epu32 = mm256_mul_epu32' assume -<<<<<<< HEAD -val mm256_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_mulhi_epi16': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True @@ -301,265 +167,91 @@ val mm256_mulhi_epi16': lhs: t_Vec256 -> rhs: t_Vec256 Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) ->>>>>>> main let mm256_mulhi_epi16 = mm256_mulhi_epi16' assume -<<<<<<< HEAD -val mm256_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_mullo_epi16 = mm256_mullo_epi16' - -assume -val mm256_mullo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_mullo_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_mullo_epi32 = mm256_mullo_epi32' assume -<<<<<<< HEAD -val mm256_or_si256': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_or_si256': a: t_Vec256 -> b: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_or_si256 = mm256_or_si256' assume -<<<<<<< HEAD -val mm256_packs_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_packs_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_packs_epi32 = mm256_packs_epi32' assume -<<<<<<< HEAD -val mm256_permute2x128_si256': v_IMM8: i32 -> a: u8 -> b: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_permute2x128_si256': v_IMM8: i32 -> a: t_Vec256 -> b: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_permute2x128_si256 (v_IMM8: i32) = mm256_permute2x128_si256' v_IMM8 assume -<<<<<<< HEAD -val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_permute4x64_epi64': v_CONTROL: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_permute4x64_epi64 (v_CONTROL: i32) = mm256_permute4x64_epi64' v_CONTROL assume -<<<<<<< HEAD -val mm256_permutevar8x32_epi32': vector: u8 -> control: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_permutevar8x32_epi32 = mm256_permutevar8x32_epi32' - -assume -val mm256_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_set1_epi16 = mm256_set1_epi16' - -assume -val mm256_set1_epi32': constant: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_set1_epi32': constant: i32 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_set1_epi32 = mm256_set1_epi32' assume -<<<<<<< HEAD -val mm256_set1_epi64x': a: i64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_set1_epi64x': a: i64 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_set1_epi64x = mm256_set1_epi64x' assume -<<<<<<< HEAD -val mm256_set_epi16': - input15: i16 -> - input14: i16 -> - input13: i16 -> - input12: i16 -> - input11: i16 -> - input10: i16 -> - input9: i16 -> - input8: i16 -> - input7: i16 -> - input6: i16 -> - input5: i16 -> - input4: i16 -> - input3: i16 -> - input2: i16 -> - input1: i16 -> - input0: i16 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_set_epi16 = mm256_set_epi16' - -assume -val mm256_set_epi32': - input7: i32 -> - input6: i32 -> - input5: i32 -> - input4: i32 -> - input3: i32 -> - input2: i32 -> - input1: i32 -> - input0: i32 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_set_epi32 = mm256_set_epi32' - -assume -val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_set_epi64x': input3: i64 -> input2: i64 -> input1: i64 -> input0: i64 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_set_epi64x = mm256_set_epi64x' assume -<<<<<<< HEAD -val mm256_set_epi8': - byte31: i8 -> - byte30: i8 -> - byte29: i8 -> - byte28: i8 -> - byte27: i8 -> - byte26: i8 -> - byte25: i8 -> - byte24: i8 -> - byte23: i8 -> - byte22: i8 -> - byte21: i8 -> - byte20: i8 -> - byte19: i8 -> - byte18: i8 -> - byte17: i8 -> - byte16: i8 -> - byte15: i8 -> - byte14: i8 -> - byte13: i8 -> - byte12: i8 -> - byte11: i8 -> - byte10: i8 -> - byte9: i8 -> - byte8: i8 -> - byte7: i8 -> - byte6: i8 -> - byte5: i8 -> - byte4: i8 -> - byte3: i8 -> - byte2: i8 -> - byte1: i8 -> - byte0: i8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_set_epi8 = mm256_set_epi8' - -assume -val mm256_set_m128i': hi: u8 -> lo: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_set_m128i': hi: t_Vec128 -> lo: t_Vec128 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_set_m128i = mm256_set_m128i' assume -<<<<<<< HEAD -val mm256_setzero_si256': Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_setzero_si256': Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_setzero_si256 = mm256_setzero_si256' assume -<<<<<<< HEAD -val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_shuffle_epi32': v_CONTROL: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_shuffle_epi32 (v_CONTROL: i32) = mm256_shuffle_epi32' v_CONTROL assume -<<<<<<< HEAD -val mm256_shuffle_epi8': vector: u8 -> control: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_shuffle_epi8 = mm256_shuffle_epi8' - -assume -val mm256_sign_epi32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_sign_epi32': a: t_Vec256 -> b: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_sign_epi32 = mm256_sign_epi32' assume -<<<<<<< HEAD -val mm256_slli_epi16': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_slli_epi16 (v_SHIFT_BY: i32) = mm256_slli_epi16' v_SHIFT_BY - -assume -val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_slli_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_slli_epi32 (v_SHIFT_BY: i32) = mm256_slli_epi32' v_SHIFT_BY assume -<<<<<<< HEAD -val mm256_slli_epi64': v_LEFT: i32 -> x: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_slli_epi64': v_LEFT: i32 -> x: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_slli_epi64 (v_LEFT: i32) = mm256_slli_epi64' v_LEFT assume -<<<<<<< HEAD -val mm256_sllv_epi32': vector: u8 -> counts: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_sllv_epi32 = mm256_sllv_epi32' - -assume -val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) @@ -568,71 +260,34 @@ val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256 let result:t_Vec256 = result in vec256_as_i16x16 result == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec256_as_i16x16 vector)) ->>>>>>> main let mm256_srai_epi16 (v_SHIFT_BY: i32) = mm256_srai_epi16' v_SHIFT_BY assume -<<<<<<< HEAD -val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_srai_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_srai_epi32 (v_SHIFT_BY: i32) = mm256_srai_epi32' v_SHIFT_BY assume -<<<<<<< HEAD -val mm256_srli_epi16': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_srli_epi16 (v_SHIFT_BY: i32) = mm256_srli_epi16' v_SHIFT_BY - -assume -val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_srli_epi32': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_srli_epi32 (v_SHIFT_BY: i32) = mm256_srli_epi32' v_SHIFT_BY assume -<<<<<<< HEAD -val mm256_srli_epi64': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_srli_epi64 (v_SHIFT_BY: i32) = mm256_srli_epi64' v_SHIFT_BY - -assume -val mm256_srlv_epi32': vector: u8 -> counts: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_srlv_epi32': vector: t_Vec256 -> counts: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_srlv_epi32 = mm256_srlv_epi32' assume -<<<<<<< HEAD -val mm256_srlv_epi64': vector: u8 -> counts: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_srlv_epi64': vector: t_Vec256 -> counts: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_srlv_epi64 = mm256_srlv_epi64' assume -<<<<<<< HEAD -val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: u8 - -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: t_Vec256 -> Prims.Pure (t_Slice i16) Prims.l_True @@ -641,34 +296,22 @@ val mm256_storeu_si256_i16': output: t_Slice i16 -> vector: t_Vec256 let output_future:t_Slice i16 = output_future in (Core.Slice.impl__len #i16 output_future <: usize) =. (Core.Slice.impl__len #i16 output <: usize)) ->>>>>>> main let mm256_storeu_si256_i16 = mm256_storeu_si256_i16' assume -<<<<<<< HEAD -val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: u8 -======= val mm256_storeu_si256_i32': output: t_Slice i32 -> vector: t_Vec256 ->>>>>>> main -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) let mm256_storeu_si256_i32 = mm256_storeu_si256_i32' assume -<<<<<<< HEAD -val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: u8 -======= val mm256_storeu_si256_u8': output: t_Slice u8 -> vector: t_Vec256 ->>>>>>> main -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) let mm256_storeu_si256_u8 = mm256_storeu_si256_u8' assume -<<<<<<< HEAD -val mm256_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_sub_epi16': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True @@ -677,84 +320,52 @@ val mm256_sub_epi16': lhs: t_Vec256 -> rhs: t_Vec256 let result:t_Vec256 = result in vec256_as_i16x16 result == Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) ->>>>>>> main let mm256_sub_epi16 = mm256_sub_epi16' assume -<<<<<<< HEAD -val mm256_sub_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_sub_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_sub_epi32 = mm256_sub_epi32' assume -<<<<<<< HEAD -val mm256_testz_si256': lhs: u8 -> rhs: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_testz_si256': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_testz_si256 = mm256_testz_si256' assume -<<<<<<< HEAD -val mm256_unpackhi_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_unpackhi_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_unpackhi_epi32 = mm256_unpackhi_epi32' assume -<<<<<<< HEAD -val mm256_unpackhi_epi64': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_unpackhi_epi64': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_unpackhi_epi64 = mm256_unpackhi_epi64' assume -<<<<<<< HEAD -val mm256_unpacklo_epi32': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_unpacklo_epi32': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_unpacklo_epi32 = mm256_unpacklo_epi32' assume -<<<<<<< HEAD -val mm256_unpacklo_epi64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_unpacklo_epi64': a: t_Vec256 -> b: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_unpacklo_epi64 = mm256_unpacklo_epi64' assume -<<<<<<< HEAD -val mm256_xor_si256': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm256_xor_si256': lhs: t_Vec256 -> rhs: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm256_xor_si256 = mm256_xor_si256' assume -<<<<<<< HEAD -val mm_add_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_add_epi16': lhs: t_Vec128 -> rhs: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True @@ -763,24 +374,10 @@ val mm_add_epi16': lhs: t_Vec128 -> rhs: t_Vec128 let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) ->>>>>>> main let mm_add_epi16 = mm_add_epi16' assume -<<<<<<< HEAD -val mm_loadu_si128': input: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm_loadu_si128 = mm_loadu_si128' - -assume -val mm_movemask_epi8': vector: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -let mm_movemask_epi8 = mm_movemask_epi8' - -assume -val mm_mulhi_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True @@ -791,14 +388,10 @@ val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128 Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) ->>>>>>> main let mm_mulhi_epi16 = mm_mulhi_epi16' assume -<<<<<<< HEAD -val mm_mullo_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_mullo_epi16': lhs: t_Vec128 -> rhs: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True @@ -807,19 +400,10 @@ val mm_mullo_epi16': lhs: t_Vec128 -> rhs: t_Vec128 let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) ->>>>>>> main let mm_mullo_epi16 = mm_mullo_epi16' assume -<<<<<<< HEAD -val mm_packs_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm_packs_epi16 = mm_packs_epi16' - -assume -val mm_set1_epi16': constant: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_set1_epi16': constant: i16 -> Prims.Pure t_Vec128 Prims.l_True @@ -827,99 +411,40 @@ val mm_set1_epi16': constant: i16 fun result -> let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) ->>>>>>> main let mm_set1_epi16 = mm_set1_epi16' assume val mm_set_epi32': input3: i32 -> input2: i32 -> input1: i32 -> input0: i32 -<<<<<<< HEAD - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm_set_epi32 = mm_set_epi32' assume -<<<<<<< HEAD -val mm_set_epi8': - byte15: u8 -> - byte14: u8 -> - byte13: u8 -> - byte12: u8 -> - byte11: u8 -> - byte10: u8 -> - byte9: u8 -> - byte8: u8 -> - byte7: u8 -> - byte6: u8 -> - byte5: u8 -> - byte4: u8 -> - byte3: u8 -> - byte2: u8 -> - byte1: u8 -> - byte0: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm_set_epi8 = mm_set_epi8' - -assume -val mm_shuffle_epi8': vector: u8 -> control: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) - -let mm_shuffle_epi8 = mm_shuffle_epi8' - -assume -val mm_sllv_epi32': vector: u8 -> counts: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_sllv_epi32': vector: t_Vec128 -> counts: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm_sllv_epi32 = mm_sllv_epi32' assume -<<<<<<< HEAD -val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_srli_epi64': v_SHIFT_BY: i32 -> vector: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let mm_srli_epi64 (v_SHIFT_BY: i32) = mm_srli_epi64' v_SHIFT_BY assume -<<<<<<< HEAD -val mm_storeu_bytes_si128': output: t_Slice u8 -> vector: u8 - -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - -let mm_storeu_bytes_si128 = mm_storeu_bytes_si128' - -assume -val mm_storeu_si128': output: t_Slice i16 -> vector: u8 -======= val mm_storeu_si128': output: t_Slice i16 -> vector: t_Vec128 ->>>>>>> main -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) let mm_storeu_si128 = mm_storeu_si128' assume -<<<<<<< HEAD -val mm_storeu_si128_i32': output: t_Slice i32 -> vector: u8 -======= val mm_storeu_si128_i32': output: t_Slice i32 -> vector: t_Vec128 ->>>>>>> main -> Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) let mm_storeu_si128_i32 = mm_storeu_si128_i32' assume -<<<<<<< HEAD -val mm_sub_epi16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val mm_sub_epi16': lhs: t_Vec128 -> rhs: t_Vec128 -> Prims.Pure t_Vec128 Prims.l_True @@ -928,17 +453,11 @@ val mm_sub_epi16': lhs: t_Vec128 -> rhs: t_Vec128 let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) ->>>>>>> main let mm_sub_epi16 = mm_sub_epi16' assume -<<<<<<< HEAD -val vec256_blendv_epi32': a: u8 -> b: u8 -> mask: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -======= val vec256_blendv_epi32': a: t_Vec256 -> b: t_Vec256 -> mask: t_Vec256 -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) ->>>>>>> main let vec256_blendv_epi32 = vec256_blendv_epi32' diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index e597dd2fd..4b6ebb714 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst index 9a56fb8fc..1956943ed 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst @@ -44,18 +44,6 @@ val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit let impl_2 = impl_2' -[@@ FStar.Tactics.Typeclasses.tcinstance] -assume -val impl_1': Core.Clone.t_Clone t_AVX2SIMDUnit - -let impl_1 = impl_1' - -[@@ FStar.Tactics.Typeclasses.tcinstance] -assume -val impl_2': Core.Marker.t_Copy t_AVX2SIMDUnit - -let impl_2 = impl_2' - let to_coefficient_array (x: t_AVX2SIMDUnit) = let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in let coefficient_array:t_Array i32 (sz 8) = diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst index 0451136c0..a740de583 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti index e8713dad5..95dad6932 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst index 4284c4102..2ddf180ff 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst @@ -1,5 +1,5 @@ module Libcrux_platform.X86 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index d7c15a880..0c9c90e71 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.X86 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul From 5d83c54f100cc8c722c9a6fa97f369cc77a0fc24 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 13:18:14 +0100 Subject: [PATCH 20/25] C extraction update --- libcrux-ml-dsa/cg/code_gen.txt | 2 +- libcrux-ml-dsa/cg/header.txt | 2 +- libcrux-ml-dsa/cg/libcrux_core.h | 2 +- libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h | 10 ++++++---- libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 11 +++++++---- libcrux-ml-dsa/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-dsa/cg/libcrux_sha3_portable.h | 2 +- 7 files changed, 18 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt index b0e4f99c7..fb5fd5691 100644 --- a/libcrux-ml-dsa/cg/code_gen.txt +++ b/libcrux-ml-dsa/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 F*: b0961063393215ca65927f017720cb365a193833-dirty -Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 +Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt index bdd12b396..4cb8a526f 100644 --- a/libcrux-ml-dsa/cg/header.txt +++ b/libcrux-ml-dsa/cg/header.txt @@ -8,5 +8,5 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h index 57c7db76c..09a487680 100644 --- a/libcrux-ml-dsa/cg/libcrux_core.h +++ b/libcrux-ml-dsa/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h index 8a3d324dc..22fbd27b0 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ #ifndef __libcrux_mldsa65_avx2_H @@ -8739,9 +8739,11 @@ static inline void libcrux_ml_dsa_encoding_t1_deserialize_ea( __m256i); i++) { size_t i0 = i; - __m256i uu____0 = libcrux_ml_dsa_simd_avx2_t1_deserialize_a2( - Eurydice_slice_subslice2(serialized, i0 * (size_t)10U, - (i0 + (size_t)1U) * (size_t)10U, uint8_t)); + __m256i uu____0 = + libcrux_ml_dsa_simd_avx2_t1_deserialize_a2(Eurydice_slice_subslice2( + serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW, + (i0 + (size_t)1U) * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW, + uint8_t)); result->simd_units[i0] = uu____0; } } diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h index f05d7b3af..177e98ceb 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ #ifndef __libcrux_mldsa65_portable_H @@ -71,6 +71,8 @@ extern "C" { #define LIBCRUX_ML_DSA_ENCODING_T0_OUTPUT_BYTES_PER_SIMD_UNIT ((size_t)13U) +#define LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW ((size_t)10U) + #define LIBCRUX_ML_DSA_ENCODING_T1_SERIALIZE_OUTPUT_BYTES_PER_SIMD_UNIT \ ((size_t)10U) @@ -9687,9 +9689,10 @@ static inline void libcrux_ml_dsa_encoding_t1_deserialize_ba( i++) { size_t i0 = i; libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit uu____0 = - libcrux_ml_dsa_simd_portable_t1_deserialize_36( - Eurydice_slice_subslice2(serialized, i0 * (size_t)10U, - (i0 + (size_t)1U) * (size_t)10U, uint8_t)); + libcrux_ml_dsa_simd_portable_t1_deserialize_36(Eurydice_slice_subslice2( + serialized, i0 * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW, + (i0 + (size_t)1U) * LIBCRUX_ML_DSA_ENCODING_T1_DESERIALIZE_WINDOW, + uint8_t)); result->simd_units[i0] = uu____0; } } diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h index b786152bb..a96bed3c2 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h index c12c02ac6..d798f2f87 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: aecb2cd116d530465d34c6857e170fd6bab281b0 + * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 */ #ifndef __libcrux_sha3_portable_H From b23ff3867648c3baddce38771f0f6a3be7336181 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 14:11:52 +0100 Subject: [PATCH 21/25] Use array instead of tuple --- libcrux-ml-dsa/src/sample.rs | 28 ++++++++++++++-------------- libcrux-ml-dsa/src/samplex4.rs | 12 ++++++------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 345b11ef3..a12e0131a 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -56,12 +56,7 @@ pub(crate) fn sample_up_to_four_ring_elements< >( mut seed0: [u8; 34], matrix: &mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], - rand_stack: &mut ( - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - [u8; shake128::FIVE_BLOCKS_SIZE], - ), + rand_stack: &mut [[u8; shake128::FIVE_BLOCKS_SIZE]; 4], tmp_stack: &mut [[i32; 263]], indices: &[(u8, u8); 4], elements_requested: usize, @@ -91,11 +86,16 @@ pub(crate) fn sample_up_to_four_ring_elements< let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3); + let mut rand_stack0 = rand_stack[0]; + let mut rand_stack1 = rand_stack[1]; + let mut rand_stack2 = rand_stack[2]; + let mut rand_stack3 = rand_stack[3]; + state.squeeze_first_five_blocks( - &mut rand_stack.0, - &mut rand_stack.1, - &mut rand_stack.2, - &mut rand_stack.3, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, ); // Every call to |rejection_sample_less_than_field_modulus| @@ -112,22 +112,22 @@ pub(crate) fn sample_up_to_four_ring_elements< let mut sampled3 = 0; let mut done0 = rejection_sample_less_than_field_modulus::( - &mut rand_stack.0, + &mut rand_stack0, &mut sampled0, &mut tmp_stack[0], ); let mut done1 = rejection_sample_less_than_field_modulus::( - &mut rand_stack.1, + &mut rand_stack1, &mut sampled1, &mut tmp_stack[1], ); let mut done2 = rejection_sample_less_than_field_modulus::( - &mut rand_stack.2, + &mut rand_stack2, &mut sampled2, &mut tmp_stack[2], ); let mut done3 = rejection_sample_less_than_field_modulus::( - &mut rand_stack.3, + &mut rand_stack3, &mut sampled3, &mut tmp_stack[3], ); diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 253936bba..3b2208666 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -46,12 +46,12 @@ pub(crate) fn matrix_A_4_by_4< let mut A: Matrix = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = ( + let mut rand_stack = [ [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], - ); + ]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( @@ -111,12 +111,12 @@ pub(crate) fn matrix_A_6_by_5< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = ( + let mut rand_stack = [ [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], - ); + ]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( @@ -216,12 +216,12 @@ pub(crate) fn matrix_A_8_by_7< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = ( + let mut rand_stack = [ [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], [0u8; shake128::FIVE_BLOCKS_SIZE], - ); + ]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( From 6f3e276f590bc07088c6ae648e929149836d2ae4 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 14:12:17 +0100 Subject: [PATCH 22/25] Update FStar extraction --- .../extraction/Libcrux_ml_dsa.Sample.fst | 81 ++---- .../extraction/Libcrux_ml_dsa.Sample.fsti | 5 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 239 +++++++----------- 3 files changed, 109 insertions(+), 216 deletions(-) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index a209fd286..6a1132912 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -976,8 +976,7 @@ let sample_up_to_four_ring_elements t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) - (rand_stack: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))) + (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4)) (tmp_stack: t_Slice (t_Array i32 (sz 263))) (indices: t_Array (u8 & u8) (sz 4)) (elements_requested: usize) @@ -1043,54 +1042,33 @@ let sample_up_to_four_ring_elements (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) in + let rand_stack0:t_Array u8 (sz 840) = rand_stack.[ sz 0 ] in + let rand_stack1:t_Array u8 (sz 840) = rand_stack.[ sz 1 ] in + let rand_stack2:t_Array u8 (sz 840) = rand_stack.[ sz 2 ] in + let rand_stack3:t_Array u8 (sz 840) = rand_stack.[ sz 3 ] in let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128 #FStar.Tactics.Typeclasses.solve state - rand_stack._1 - rand_stack._2 - rand_stack._3 - rand_stack._4 + rand_stack0 + rand_stack1 + rand_stack2 + rand_stack3 in let state:v_Shake128 = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _1 = tmp1 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _2 = tmp2 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _3 = tmp3 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _4 = tmp4 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in let _:Prims.unit = () in let sampled0:usize = sz 0 in let sampled1:usize = sz 0 in let sampled2:usize = sz 0 in let sampled3:usize = sz 0 in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._1 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _1 = tmp0 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack0 in + let rand_stack0:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (out <: t_Slice u8) @@ -1102,13 +1080,8 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 in let done0:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._2 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _2 = tmp0 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack1 in + let rand_stack1:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (out <: t_Slice u8) @@ -1120,13 +1093,8 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 in let done1:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._3 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _3 = tmp0 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack2 in + let rand_stack2:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (out <: t_Slice u8) @@ -1138,13 +1106,8 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 in let done2:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack._4 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - { rand_stack with _4 = tmp0 } - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) - in + let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack3 in + let rand_stack3:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (out <: t_Slice u8) @@ -1332,5 +1295,5 @@ let sample_up_to_four_ring_elements <: (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Slice (t_Array i32 (sz 263))) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 142041aa2..6e67335a3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -122,8 +122,7 @@ val sample_up_to_four_ring_elements t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) - (rand_stack: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840))) + (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4)) (tmp_stack: t_Slice (t_Array i32 (sz 263))) (indices: t_Array (u8 & u8) (sz 4)) (elements_requested: usize) @@ -131,5 +130,5 @@ val sample_up_to_four_ring_elements (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index 105849569..124ade794 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -37,14 +37,17 @@ let matrix_A_4_by_4_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840) - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = + let list = + [ + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840) + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); + Rust_primitives.Hax.array_of_list 4 list in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = @@ -61,7 +64,7 @@ let matrix_A_4_by_4_ let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -81,16 +84,13 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -110,16 +110,13 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -139,16 +136,13 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -168,10 +162,7 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in v_A @@ -199,14 +190,17 @@ let matrix_A_6_by_5_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840) - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = + let list = + [ + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840) + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); + Rust_primitives.Hax.array_of_list 4 list in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = @@ -223,7 +217,7 @@ let matrix_A_6_by_5_ let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -243,16 +237,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -272,16 +263,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -301,16 +289,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -330,16 +315,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -359,16 +341,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -388,16 +367,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -417,16 +393,13 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -446,10 +419,7 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in v_A @@ -477,14 +447,17 @@ let matrix_A_8_by_7_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840), - Rust_primitives.Hax.repeat 0uy (sz 840) - <: - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = + let list = + [ + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840); + Rust_primitives.Hax.repeat 0uy (sz 840) + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); + Rust_primitives.Hax.array_of_list 4 list in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = @@ -501,7 +474,7 @@ let matrix_A_8_by_7_ let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -521,16 +494,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -550,16 +520,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -579,16 +546,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -608,16 +572,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -637,16 +598,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -666,16 +624,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -695,16 +650,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -724,16 +676,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -753,16 +702,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -782,16 +728,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -811,16 +754,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -840,16 +780,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -869,16 +806,13 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in let tmp0, tmp1, tmp2:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - (t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) & + t_Array (t_Array u8 (sz 840)) (sz 4) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A v_COLUMNS_IN_A seed v_A rand_stack tmp_stack @@ -898,10 +832,7 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = - tmp1 - in + let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in let _:Prims.unit = () in v_A From 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 14:34:03 +0100 Subject: [PATCH 23/25] Fix hax extraction --- .../extraction/Libcrux_ml_dsa.Sample.fst | 87 ++-- .../extraction/Libcrux_ml_dsa.Sample.fsti | 22 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 464 +++++++++++------- libcrux-ml-dsa/src/sample.rs | 51 +- libcrux-ml-dsa/src/samplex4.rs | 167 +++++-- 5 files changed, 521 insertions(+), 270 deletions(-) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index 6a1132912..da6c38417 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -29,6 +29,34 @@ let update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) = let hax_temp_output:t_Array u8 (sz 66) = seed in domain_separator, hax_temp_output <: (u16 & t_Array u8 (sz 66)) +let update_matrix + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (m: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + (i j: usize) + (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + = + let m:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize m + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (m.[ i ] + <: + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + j + v + <: + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + in + m + let rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -976,7 +1004,7 @@ let sample_up_to_four_ring_elements t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) - (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4)) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) (tmp_stack: t_Slice (t_Array i32 (sz 263))) (indices: t_Array (u8 & u8) (sz 4)) (elements_requested: usize) @@ -1042,10 +1070,6 @@ let sample_up_to_four_ring_elements (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) in - let rand_stack0:t_Array u8 (sz 840) = rand_stack.[ sz 0 ] in - let rand_stack1:t_Array u8 (sz 840) = rand_stack.[ sz 1 ] in - let rand_stack2:t_Array u8 (sz 840) = rand_stack.[ sz 2 ] in - let rand_stack3:t_Array u8 (sz 840) = rand_stack.[ sz 3 ] in let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840)) = @@ -1067,11 +1091,9 @@ let sample_up_to_four_ring_elements let sampled1:usize = sz 0 in let sampled2:usize = sz 0 in let sampled3:usize = sz 0 in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack0 in - let rand_stack0:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit - (out <: t_Slice u8) + (rand_stack0 <: t_Slice u8) sampled0 (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) in @@ -1080,11 +1102,9 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 in let done0:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack1 in - let rand_stack1:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit - (out <: t_Slice u8) + (rand_stack1 <: t_Slice u8) sampled1 (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) in @@ -1093,11 +1113,9 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 in let done1:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack2 in - let rand_stack2:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit - (out <: t_Slice u8) + (rand_stack2 <: t_Slice u8) sampled2 (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) in @@ -1106,11 +1124,9 @@ let sample_up_to_four_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 in let done2:bool = out in - let tmp0, out:(t_Array u8 (sz 840) & t_Array u8 (sz 840)) = rand_stack3 in - let rand_stack3:t_Array u8 (sz 840) = tmp0 in let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit - (out <: t_Slice u8) + (rand_stack3 <: t_Slice u8) sampled3 (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) in @@ -1246,10 +1262,9 @@ let sample_up_to_four_ring_elements (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & t_Slice (t_Array i32 (sz 263)))) in - let matrix, hax_temp_output:(t_Array - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) - v_ROWS_IN_A & - Prims.unit) = + let matrix:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = Rust_primitives.Hax.Folds.fold_range (sz 0) elements_requested (fun matrix temp_1_ -> @@ -1272,28 +1287,26 @@ let sample_up_to_four_ring_elements let matrix:t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize matrix + update_matrix #v_SIMDUnit + v_ROWS_IN_A + v_COLUMNS_IN_A + matrix (cast (i <: u8) <: usize) - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (matrix.[ cast (i <: u8) - <: - usize ] - <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_COLUMNS_IN_A) - (cast (j <: u8) <: usize) - (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit - (tmp_stack.[ k ] <: t_Slice i32) - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (cast (j <: u8) <: usize) + (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit + (tmp_stack.[ k ] <: t_Slice i32) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_COLUMNS_IN_A) + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in matrix) in - matrix, rand_stack, tmp_stack + let hax_temp_output:Prims.unit = () <: Prims.unit in + matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Slice (t_Array i32 (sz 263))) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 6e67335a3..5e6082b9b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -16,6 +16,21 @@ val generate_domain_separator: (u8 & u8) -> Prims.Pure u16 Prims.l_True (fun _ - val update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) : Prims.Pure (u16 & t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True) +val update_matrix + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A: usize) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (m: + t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) + (i j: usize) + (v: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure + (t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) + val rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} @@ -122,7 +137,7 @@ val sample_up_to_four_ring_elements t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A) - (rand_stack: t_Array (t_Array u8 (sz 840)) (sz 4)) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) (tmp_stack: t_Slice (t_Array i32 (sz 263))) (indices: t_Array (u8 & u8) (sz 4)) (elements_requested: usize) @@ -130,5 +145,8 @@ val sample_up_to_four_ring_elements (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index 124ade794..e4e0c4571 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -37,18 +37,10 @@ let matrix_A_4_by_4_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = - let list = - [ - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840) - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); - Rust_primitives.Hax.array_of_list 4 list - in + let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = [ @@ -61,13 +53,16 @@ let matrix_A_4_by_4_ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); Rust_primitives.Hax.array_of_list 4 list in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 0uy, 0uy <: (u8 & u8); @@ -84,16 +79,22 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 1uy, 0uy <: (u8 & u8); @@ -110,16 +111,22 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 2uy, 0uy <: (u8 & u8); @@ -136,16 +143,22 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 3uy, 0uy <: (u8 & u8); @@ -162,8 +175,11 @@ let matrix_A_4_by_4_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in v_A @@ -190,18 +206,10 @@ let matrix_A_6_by_5_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = - let list = - [ - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840) - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); - Rust_primitives.Hax.array_of_list 4 list - in + let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = [ @@ -214,13 +222,16 @@ let matrix_A_6_by_5_ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); Rust_primitives.Hax.array_of_list 4 list in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 0uy, 0uy <: (u8 & u8); @@ -237,16 +248,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 0uy, 4uy <: (u8 & u8); @@ -263,16 +280,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 1uy, 3uy <: (u8 & u8); @@ -289,16 +312,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 2uy, 2uy <: (u8 & u8); @@ -315,16 +344,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 3uy, 1uy <: (u8 & u8); @@ -341,16 +376,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 4uy, 0uy <: (u8 & u8); @@ -367,16 +408,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 4uy, 4uy <: (u8 & u8); @@ -393,16 +440,22 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 5uy, 3uy <: (u8 & u8); @@ -419,8 +472,11 @@ let matrix_A_6_by_5_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in v_A @@ -447,18 +503,10 @@ let matrix_A_8_by_7_ t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = - let list = - [ - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840); - Rust_primitives.Hax.repeat 0uy (sz 840) - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); - Rust_primitives.Hax.array_of_list 4 list - in + let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = let list = [ @@ -471,13 +519,16 @@ let matrix_A_8_by_7_ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); Rust_primitives.Hax.array_of_list 4 list in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 0uy, 0uy <: (u8 & u8); @@ -494,16 +545,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 0uy, 4uy <: (u8 & u8); @@ -520,16 +577,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 1uy, 1uy <: (u8 & u8); @@ -546,16 +609,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 1uy, 5uy <: (u8 & u8); @@ -572,16 +641,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 2uy, 2uy <: (u8 & u8); @@ -598,16 +673,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 2uy, 6uy <: (u8 & u8); @@ -624,16 +705,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 3uy, 3uy <: (u8 & u8); @@ -650,16 +737,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 4uy, 0uy <: (u8 & u8); @@ -676,16 +769,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 4uy, 4uy <: (u8 & u8); @@ -702,16 +801,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 5uy, 1uy <: (u8 & u8); @@ -728,16 +833,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 5uy, 5uy <: (u8 & u8); @@ -754,16 +865,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 6uy, 2uy <: (u8 & u8); @@ -780,16 +897,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 6uy, 6uy <: (u8 & u8); @@ -806,16 +929,22 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(t_Array + let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) v_ROWS_IN_A & - t_Array (t_Array u8 (sz 840)) (sz 4) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & t_Array (t_Array i32 (sz 263)) (sz 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements #v_SIMDUnit #v_Shake128 v_ROWS_IN_A - v_COLUMNS_IN_A seed v_A rand_stack tmp_stack + v_COLUMNS_IN_A seed v_A rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack (let list = [ 7uy, 3uy <: (u8 & u8); @@ -832,8 +961,11 @@ let matrix_A_8_by_7_ v_ROWS_IN_A = tmp0 in - let rand_stack:t_Array (t_Array u8 (sz 840)) (sz 4) = tmp1 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp2 in + let rand_stack0:t_Array u8 (sz 840) = tmp1 in + let rand_stack1:t_Array u8 (sz 840) = tmp2 in + let rand_stack2:t_Array u8 (sz 840) = tmp3 in + let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in let _:Prims.unit = () in v_A diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index a12e0131a..be056a497 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -37,6 +37,20 @@ fn rejection_sample_less_than_field_modulus( #[inline(always)] fn generate_domain_separator((row, column): (u8, u8)) -> u16 { (column as u16) | ((row as u16) << 8) +} // Doing deep updates like `a[1][1] = 3` causes a memory blowup in F* + // https://github.com/hacspec/hax/issues/1098 + // So we are instead using a matrix abstraction with a custom update function here. + +type Matrix = + [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; + +fn update_matrix( + m: &mut Matrix, + i: usize, + j: usize, + v: PolynomialRingElement, +) { + m[i][j] = v; } /// Sample and write out up to four ring elements. @@ -55,8 +69,11 @@ pub(crate) fn sample_up_to_four_ring_elements< const COLUMNS_IN_A: usize, >( mut seed0: [u8; 34], - matrix: &mut [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A], - rand_stack: &mut [[u8; shake128::FIVE_BLOCKS_SIZE]; 4], + matrix: &mut Matrix, + rand_stack0: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + rand_stack1: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + rand_stack2: &mut [u8; shake128::FIVE_BLOCKS_SIZE], + rand_stack3: &mut [u8; shake128::FIVE_BLOCKS_SIZE], tmp_stack: &mut [[i32; 263]], indices: &[(u8, u8); 4], elements_requested: usize, @@ -86,17 +103,7 @@ pub(crate) fn sample_up_to_four_ring_elements< let mut state = Shake128::init_absorb(&seed0, &seed1, &seed2, &seed3); - let mut rand_stack0 = rand_stack[0]; - let mut rand_stack1 = rand_stack[1]; - let mut rand_stack2 = rand_stack[2]; - let mut rand_stack3 = rand_stack[3]; - - state.squeeze_first_five_blocks( - &mut rand_stack0, - &mut rand_stack1, - &mut rand_stack2, - &mut rand_stack3, - ); + state.squeeze_first_five_blocks(rand_stack0, rand_stack1, rand_stack2, rand_stack3); // Every call to |rejection_sample_less_than_field_modulus| // will result in a call to |PortableSIMDUnit::rejection_sample_less_than_field_modulus|; @@ -112,22 +119,22 @@ pub(crate) fn sample_up_to_four_ring_elements< let mut sampled3 = 0; let mut done0 = rejection_sample_less_than_field_modulus::( - &mut rand_stack0, + rand_stack0, &mut sampled0, &mut tmp_stack[0], ); let mut done1 = rejection_sample_less_than_field_modulus::( - &mut rand_stack1, + rand_stack1, &mut sampled1, &mut tmp_stack[1], ); let mut done2 = rejection_sample_less_than_field_modulus::( - &mut rand_stack2, + rand_stack2, &mut sampled2, &mut tmp_stack[2], ); let mut done3 = rejection_sample_less_than_field_modulus::( - &mut rand_stack3, + rand_stack3, &mut sampled3, &mut tmp_stack[3], ); @@ -166,9 +173,15 @@ pub(crate) fn sample_up_to_four_ring_elements< for k in 0..elements_requested { let (i, j) = indices[k]; - matrix[i as usize][j as usize] = - PolynomialRingElement::::from_i32_array(&tmp_stack[k]); + update_matrix( + matrix, + i as usize, + j as usize, + PolynomialRingElement::::from_i32_array(&tmp_stack[k]), + ); } + + () } #[inline(always)] diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 3b2208666..37c70280f 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -20,11 +20,14 @@ type Matrix = /// A call to sample four ring elements from $seed into $memory at indices $a, $b /// $c, $d. macro_rules! sample_four_ring_elements_into { - ($seed:ident, $matrix:ident, $rand_stack:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { + ($seed:ident, $matrix:ident, $rand_stack0:ident, $rand_stack1:ident, $rand_stack2:ident, $rand_stack3:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { sample_up_to_four_ring_elements::( $seed, &mut $matrix, - &mut $rand_stack, + &mut $rand_stack0, + &mut $rand_stack1, + &mut $rand_stack2, + &mut $rand_stack3, &mut $tmp_stack, &[$a, $b, $c, $d], 4, @@ -46,18 +49,19 @@ pub(crate) fn matrix_A_4_by_4< let mut A: Matrix = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = [ - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - ]; + let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (0, 0), (0, 1), @@ -67,7 +71,10 @@ pub(crate) fn matrix_A_4_by_4< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (1, 0), (1, 1), @@ -77,7 +84,10 @@ pub(crate) fn matrix_A_4_by_4< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (2, 0), (2, 1), @@ -87,7 +97,10 @@ pub(crate) fn matrix_A_4_by_4< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (3, 0), (3, 1), @@ -111,18 +124,19 @@ pub(crate) fn matrix_A_6_by_5< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = [ - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - ]; + let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (0, 0), (0, 1), @@ -132,7 +146,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (0, 4), (1, 0), @@ -142,7 +159,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (1, 3), (1, 4), @@ -152,7 +172,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (2, 2), (2, 3), @@ -162,7 +185,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (3, 1), (3, 2), @@ -172,7 +198,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (4, 0), (4, 1), @@ -182,7 +211,10 @@ pub(crate) fn matrix_A_6_by_5< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (4, 4), (5, 0), @@ -194,7 +226,10 @@ pub(crate) fn matrix_A_6_by_5< sample_up_to_four_ring_elements::( seed, &mut A, - &mut rand_stack, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, &mut tmp_stack, &[(5, 3), (5, 4), (5, 5), (5, 6)], 2, @@ -216,18 +251,19 @@ pub(crate) fn matrix_A_8_by_7< ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A] { let mut A = [[PolynomialRingElement::::ZERO(); COLUMNS_IN_A]; ROWS_IN_A]; - let mut rand_stack = [ - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - [0u8; shake128::FIVE_BLOCKS_SIZE], - ]; + let mut rand_stack0 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack1 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack2 = [0u8; shake128::FIVE_BLOCKS_SIZE]; + let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (0, 0), (0, 1), @@ -237,7 +273,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (0, 4), (0, 5), @@ -247,7 +286,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (1, 1), (1, 2), @@ -257,7 +299,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (1, 5), (1, 6), @@ -267,7 +312,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (2, 2), (2, 3), @@ -277,7 +325,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (2, 6), (3, 0), @@ -287,7 +338,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (3, 3), (3, 4), @@ -297,7 +351,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (4, 0), (4, 1), @@ -307,7 +364,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (4, 4), (4, 5), @@ -317,7 +377,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (5, 1), (5, 2), @@ -327,7 +390,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (5, 5), (5, 6), @@ -337,7 +403,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (6, 2), (6, 3), @@ -347,7 +416,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (6, 6), (7, 0), @@ -357,7 +429,10 @@ pub(crate) fn matrix_A_8_by_7< sample_four_ring_elements_into!( seed, A, - rand_stack, + rand_stack0, + rand_stack1, + rand_stack2, + rand_stack3, tmp_stack, (7, 3), (7, 4), From 1b690c7aa20227fa27c65e92587a3c6ff77ba4a4 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Wed, 18 Dec 2024 14:42:42 +0100 Subject: [PATCH 24/25] C extraction update --- libcrux-ml-dsa/cg/code_gen.txt | 2 +- libcrux-ml-dsa/cg/header.txt | 2 +- libcrux-ml-dsa/cg/libcrux_core.h | 2 +- libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h | 1746 +---------------- libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h | 1752 +----------------- libcrux-ml-dsa/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-dsa/cg/libcrux_sha3_portable.h | 2 +- 7 files changed, 86 insertions(+), 3422 deletions(-) diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt index fb5fd5691..cd71b6131 100644 --- a/libcrux-ml-dsa/cg/code_gen.txt +++ b/libcrux-ml-dsa/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: a68994d00017b76a805d0115ca06c1f2c1805e79 Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 F*: b0961063393215ca65927f017720cb365a193833-dirty -Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 +Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt index 4cb8a526f..c0b53bd40 100644 --- a/libcrux-ml-dsa/cg/header.txt +++ b/libcrux-ml-dsa/cg/header.txt @@ -8,5 +8,5 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ diff --git a/libcrux-ml-dsa/cg/libcrux_core.h b/libcrux-ml-dsa/cg/libcrux_core.h index 09a487680..cb97a4566 100644 --- a/libcrux-ml-dsa/cg/libcrux_core.h +++ b/libcrux-ml-dsa/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h index 22fbd27b0..a79e5a218 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ #ifndef __libcrux_mldsa65_avx2_H @@ -3326,6 +3326,20 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( return done; } +/** +A monomorphic instance of libcrux_ml_dsa.sample.update_matrix +with types libcrux_ml_dsa_simd_avx2_vector_type_AVX2SIMDUnit +with const generics +- ROWS_IN_A= 6 +- COLUMNS_IN_A= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_dsa_sample_update_matrix_fe( + libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*m)[5U], size_t i, + size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_24 v) { + m[i][j] = v; +} + /** This function found in impl {libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, @@ -3377,8 +3391,9 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( uint8_t seed0[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_24 (*matrix)[5U], - uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, - uint8_t_x2 *indices, size_t elements_requested) { + uint8_t *rand_stack0, uint8_t *rand_stack1, uint8_t *rand_stack2, + uint8_t *rand_stack3, Eurydice_slice tmp_stack, uint8_t_x2 *indices, + size_t elements_requested) { uint16_t domain_separator0 = libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]); uint16_t domain_separator1 = @@ -3408,33 +3423,32 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); libcrux_ml_dsa_hash_functions_simd256_squeeze_first_five_blocks_7b( - &state, rand_stack->fst, rand_stack->snd, rand_stack->thd, - rand_stack->f3); + &state, rand_stack0, rand_stack1, rand_stack2, rand_stack3); size_t sampled0 = (size_t)0U; size_t sampled1 = (size_t)0U; size_t sampled2 = (size_t)0U; size_t sampled3 = (size_t)0U; bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack0, uint8_t), &sampled0, Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], int32_t(*)[263U])); bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack1, uint8_t), &sampled1, Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], int32_t(*)[263U])); bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack2, uint8_t), &sampled2, Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], int32_t(*)[263U])); bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ea( - Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack3, uint8_t), &sampled3, Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], int32_t(*)[263U])); @@ -3611,12 +3625,15 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( size_t uu____0 = k; uint8_t i = indices[uu____0].fst; uint8_t j = indices[uu____0].snd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_24 uu____1 = + libcrux_ml_dsa_polynomial_PolynomialRingElement_24(*uu____1)[5U] = matrix; + size_t uu____2 = (size_t)i; + size_t uu____3 = (size_t)j; + libcrux_ml_dsa_sample_update_matrix_fe( + uu____1, uu____2, uu____3, libcrux_ml_dsa_polynomial_from_i32_array_ff_ea(Eurydice_array_to_slice( (size_t)263U, Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]), - int32_t)); - matrix[(size_t)i][(size_t)j] = uu____1; + int32_t))); } } @@ -3639,1691 +3656,10 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ea(); } - uint8_t uu____0[840U] = {0U}; - uint8_t uu____1[840U] = {0U}; - uint8_t_840size_t__x4 rand_stack; - rand_stack.fst[0U] = 0U; - rand_stack.fst[1U] = 0U; - rand_stack.fst[2U] = 0U; - rand_stack.fst[3U] = 0U; - rand_stack.fst[4U] = 0U; - rand_stack.fst[5U] = 0U; - rand_stack.fst[6U] = 0U; - rand_stack.fst[7U] = 0U; - rand_stack.fst[8U] = 0U; - rand_stack.fst[9U] = 0U; - rand_stack.fst[10U] = 0U; - rand_stack.fst[11U] = 0U; - rand_stack.fst[12U] = 0U; - rand_stack.fst[13U] = 0U; - rand_stack.fst[14U] = 0U; - rand_stack.fst[15U] = 0U; - rand_stack.fst[16U] = 0U; - rand_stack.fst[17U] = 0U; - rand_stack.fst[18U] = 0U; - rand_stack.fst[19U] = 0U; - rand_stack.fst[20U] = 0U; - rand_stack.fst[21U] = 0U; - rand_stack.fst[22U] = 0U; - rand_stack.fst[23U] = 0U; - rand_stack.fst[24U] = 0U; - rand_stack.fst[25U] = 0U; - rand_stack.fst[26U] = 0U; - rand_stack.fst[27U] = 0U; - rand_stack.fst[28U] = 0U; - rand_stack.fst[29U] = 0U; - rand_stack.fst[30U] = 0U; - rand_stack.fst[31U] = 0U; - rand_stack.fst[32U] = 0U; - rand_stack.fst[33U] = 0U; - rand_stack.fst[34U] = 0U; - rand_stack.fst[35U] = 0U; - rand_stack.fst[36U] = 0U; - rand_stack.fst[37U] = 0U; - rand_stack.fst[38U] = 0U; - rand_stack.fst[39U] = 0U; - rand_stack.fst[40U] = 0U; - rand_stack.fst[41U] = 0U; - rand_stack.fst[42U] = 0U; - rand_stack.fst[43U] = 0U; - rand_stack.fst[44U] = 0U; - rand_stack.fst[45U] = 0U; - rand_stack.fst[46U] = 0U; - rand_stack.fst[47U] = 0U; - rand_stack.fst[48U] = 0U; - rand_stack.fst[49U] = 0U; - rand_stack.fst[50U] = 0U; - rand_stack.fst[51U] = 0U; - rand_stack.fst[52U] = 0U; - rand_stack.fst[53U] = 0U; - rand_stack.fst[54U] = 0U; - rand_stack.fst[55U] = 0U; - rand_stack.fst[56U] = 0U; - rand_stack.fst[57U] = 0U; - rand_stack.fst[58U] = 0U; - rand_stack.fst[59U] = 0U; - rand_stack.fst[60U] = 0U; - rand_stack.fst[61U] = 0U; - rand_stack.fst[62U] = 0U; - rand_stack.fst[63U] = 0U; - rand_stack.fst[64U] = 0U; - rand_stack.fst[65U] = 0U; - rand_stack.fst[66U] = 0U; - rand_stack.fst[67U] = 0U; - rand_stack.fst[68U] = 0U; - rand_stack.fst[69U] = 0U; - rand_stack.fst[70U] = 0U; - rand_stack.fst[71U] = 0U; - rand_stack.fst[72U] = 0U; - rand_stack.fst[73U] = 0U; - rand_stack.fst[74U] = 0U; - rand_stack.fst[75U] = 0U; - rand_stack.fst[76U] = 0U; - rand_stack.fst[77U] = 0U; - rand_stack.fst[78U] = 0U; - rand_stack.fst[79U] = 0U; - rand_stack.fst[80U] = 0U; - rand_stack.fst[81U] = 0U; - rand_stack.fst[82U] = 0U; - rand_stack.fst[83U] = 0U; - rand_stack.fst[84U] = 0U; - rand_stack.fst[85U] = 0U; - rand_stack.fst[86U] = 0U; - rand_stack.fst[87U] = 0U; - rand_stack.fst[88U] = 0U; - rand_stack.fst[89U] = 0U; - rand_stack.fst[90U] = 0U; - rand_stack.fst[91U] = 0U; - rand_stack.fst[92U] = 0U; - rand_stack.fst[93U] = 0U; - rand_stack.fst[94U] = 0U; - rand_stack.fst[95U] = 0U; - rand_stack.fst[96U] = 0U; - rand_stack.fst[97U] = 0U; - rand_stack.fst[98U] = 0U; - rand_stack.fst[99U] = 0U; - rand_stack.fst[100U] = 0U; - rand_stack.fst[101U] = 0U; - rand_stack.fst[102U] = 0U; - rand_stack.fst[103U] = 0U; - rand_stack.fst[104U] = 0U; - rand_stack.fst[105U] = 0U; - rand_stack.fst[106U] = 0U; - rand_stack.fst[107U] = 0U; - rand_stack.fst[108U] = 0U; - rand_stack.fst[109U] = 0U; - rand_stack.fst[110U] = 0U; - rand_stack.fst[111U] = 0U; - rand_stack.fst[112U] = 0U; - rand_stack.fst[113U] = 0U; - rand_stack.fst[114U] = 0U; - rand_stack.fst[115U] = 0U; - rand_stack.fst[116U] = 0U; - rand_stack.fst[117U] = 0U; - rand_stack.fst[118U] = 0U; - rand_stack.fst[119U] = 0U; - rand_stack.fst[120U] = 0U; - rand_stack.fst[121U] = 0U; - rand_stack.fst[122U] = 0U; - rand_stack.fst[123U] = 0U; - rand_stack.fst[124U] = 0U; - rand_stack.fst[125U] = 0U; - rand_stack.fst[126U] = 0U; - rand_stack.fst[127U] = 0U; - rand_stack.fst[128U] = 0U; - rand_stack.fst[129U] = 0U; - rand_stack.fst[130U] = 0U; - rand_stack.fst[131U] = 0U; - rand_stack.fst[132U] = 0U; - rand_stack.fst[133U] = 0U; - rand_stack.fst[134U] = 0U; - rand_stack.fst[135U] = 0U; - rand_stack.fst[136U] = 0U; - rand_stack.fst[137U] = 0U; - rand_stack.fst[138U] = 0U; - rand_stack.fst[139U] = 0U; - rand_stack.fst[140U] = 0U; - rand_stack.fst[141U] = 0U; - rand_stack.fst[142U] = 0U; - rand_stack.fst[143U] = 0U; - rand_stack.fst[144U] = 0U; - rand_stack.fst[145U] = 0U; - rand_stack.fst[146U] = 0U; - rand_stack.fst[147U] = 0U; - rand_stack.fst[148U] = 0U; - rand_stack.fst[149U] = 0U; - rand_stack.fst[150U] = 0U; - rand_stack.fst[151U] = 0U; - rand_stack.fst[152U] = 0U; - rand_stack.fst[153U] = 0U; - rand_stack.fst[154U] = 0U; - rand_stack.fst[155U] = 0U; - rand_stack.fst[156U] = 0U; - rand_stack.fst[157U] = 0U; - rand_stack.fst[158U] = 0U; - rand_stack.fst[159U] = 0U; - rand_stack.fst[160U] = 0U; - rand_stack.fst[161U] = 0U; - rand_stack.fst[162U] = 0U; - rand_stack.fst[163U] = 0U; - rand_stack.fst[164U] = 0U; - rand_stack.fst[165U] = 0U; - rand_stack.fst[166U] = 0U; - rand_stack.fst[167U] = 0U; - rand_stack.fst[168U] = 0U; - rand_stack.fst[169U] = 0U; - rand_stack.fst[170U] = 0U; - rand_stack.fst[171U] = 0U; - rand_stack.fst[172U] = 0U; - rand_stack.fst[173U] = 0U; - rand_stack.fst[174U] = 0U; - rand_stack.fst[175U] = 0U; - rand_stack.fst[176U] = 0U; - rand_stack.fst[177U] = 0U; - rand_stack.fst[178U] = 0U; - rand_stack.fst[179U] = 0U; - rand_stack.fst[180U] = 0U; - rand_stack.fst[181U] = 0U; - rand_stack.fst[182U] = 0U; - rand_stack.fst[183U] = 0U; - rand_stack.fst[184U] = 0U; - rand_stack.fst[185U] = 0U; - rand_stack.fst[186U] = 0U; - rand_stack.fst[187U] = 0U; - rand_stack.fst[188U] = 0U; - rand_stack.fst[189U] = 0U; - rand_stack.fst[190U] = 0U; - rand_stack.fst[191U] = 0U; - rand_stack.fst[192U] = 0U; - rand_stack.fst[193U] = 0U; - rand_stack.fst[194U] = 0U; - rand_stack.fst[195U] = 0U; - rand_stack.fst[196U] = 0U; - rand_stack.fst[197U] = 0U; - rand_stack.fst[198U] = 0U; - rand_stack.fst[199U] = 0U; - rand_stack.fst[200U] = 0U; - rand_stack.fst[201U] = 0U; - rand_stack.fst[202U] = 0U; - rand_stack.fst[203U] = 0U; - rand_stack.fst[204U] = 0U; - rand_stack.fst[205U] = 0U; - rand_stack.fst[206U] = 0U; - rand_stack.fst[207U] = 0U; - rand_stack.fst[208U] = 0U; - rand_stack.fst[209U] = 0U; - rand_stack.fst[210U] = 0U; - rand_stack.fst[211U] = 0U; - rand_stack.fst[212U] = 0U; - rand_stack.fst[213U] = 0U; - rand_stack.fst[214U] = 0U; - rand_stack.fst[215U] = 0U; - rand_stack.fst[216U] = 0U; - rand_stack.fst[217U] = 0U; - rand_stack.fst[218U] = 0U; - rand_stack.fst[219U] = 0U; - rand_stack.fst[220U] = 0U; - rand_stack.fst[221U] = 0U; - rand_stack.fst[222U] = 0U; - rand_stack.fst[223U] = 0U; - rand_stack.fst[224U] = 0U; - rand_stack.fst[225U] = 0U; - rand_stack.fst[226U] = 0U; - rand_stack.fst[227U] = 0U; - rand_stack.fst[228U] = 0U; - rand_stack.fst[229U] = 0U; - rand_stack.fst[230U] = 0U; - rand_stack.fst[231U] = 0U; - rand_stack.fst[232U] = 0U; - rand_stack.fst[233U] = 0U; - rand_stack.fst[234U] = 0U; - rand_stack.fst[235U] = 0U; - rand_stack.fst[236U] = 0U; - rand_stack.fst[237U] = 0U; - rand_stack.fst[238U] = 0U; - rand_stack.fst[239U] = 0U; - rand_stack.fst[240U] = 0U; - rand_stack.fst[241U] = 0U; - rand_stack.fst[242U] = 0U; - rand_stack.fst[243U] = 0U; - rand_stack.fst[244U] = 0U; - rand_stack.fst[245U] = 0U; - rand_stack.fst[246U] = 0U; - rand_stack.fst[247U] = 0U; - rand_stack.fst[248U] = 0U; - rand_stack.fst[249U] = 0U; - rand_stack.fst[250U] = 0U; - rand_stack.fst[251U] = 0U; - rand_stack.fst[252U] = 0U; - rand_stack.fst[253U] = 0U; - rand_stack.fst[254U] = 0U; - rand_stack.fst[255U] = 0U; - rand_stack.fst[256U] = 0U; - rand_stack.fst[257U] = 0U; - rand_stack.fst[258U] = 0U; - rand_stack.fst[259U] = 0U; - rand_stack.fst[260U] = 0U; - rand_stack.fst[261U] = 0U; - rand_stack.fst[262U] = 0U; - rand_stack.fst[263U] = 0U; - rand_stack.fst[264U] = 0U; - rand_stack.fst[265U] = 0U; - rand_stack.fst[266U] = 0U; - rand_stack.fst[267U] = 0U; - rand_stack.fst[268U] = 0U; - rand_stack.fst[269U] = 0U; - rand_stack.fst[270U] = 0U; - rand_stack.fst[271U] = 0U; - rand_stack.fst[272U] = 0U; - rand_stack.fst[273U] = 0U; - rand_stack.fst[274U] = 0U; - rand_stack.fst[275U] = 0U; - rand_stack.fst[276U] = 0U; - rand_stack.fst[277U] = 0U; - rand_stack.fst[278U] = 0U; - rand_stack.fst[279U] = 0U; - rand_stack.fst[280U] = 0U; - rand_stack.fst[281U] = 0U; - rand_stack.fst[282U] = 0U; - rand_stack.fst[283U] = 0U; - rand_stack.fst[284U] = 0U; - rand_stack.fst[285U] = 0U; - rand_stack.fst[286U] = 0U; - rand_stack.fst[287U] = 0U; - rand_stack.fst[288U] = 0U; - rand_stack.fst[289U] = 0U; - rand_stack.fst[290U] = 0U; - rand_stack.fst[291U] = 0U; - rand_stack.fst[292U] = 0U; - rand_stack.fst[293U] = 0U; - rand_stack.fst[294U] = 0U; - rand_stack.fst[295U] = 0U; - rand_stack.fst[296U] = 0U; - rand_stack.fst[297U] = 0U; - rand_stack.fst[298U] = 0U; - rand_stack.fst[299U] = 0U; - rand_stack.fst[300U] = 0U; - rand_stack.fst[301U] = 0U; - rand_stack.fst[302U] = 0U; - rand_stack.fst[303U] = 0U; - rand_stack.fst[304U] = 0U; - rand_stack.fst[305U] = 0U; - rand_stack.fst[306U] = 0U; - rand_stack.fst[307U] = 0U; - rand_stack.fst[308U] = 0U; - rand_stack.fst[309U] = 0U; - rand_stack.fst[310U] = 0U; - rand_stack.fst[311U] = 0U; - rand_stack.fst[312U] = 0U; - rand_stack.fst[313U] = 0U; - rand_stack.fst[314U] = 0U; - rand_stack.fst[315U] = 0U; - rand_stack.fst[316U] = 0U; - rand_stack.fst[317U] = 0U; - rand_stack.fst[318U] = 0U; - rand_stack.fst[319U] = 0U; - rand_stack.fst[320U] = 0U; - rand_stack.fst[321U] = 0U; - rand_stack.fst[322U] = 0U; - rand_stack.fst[323U] = 0U; - rand_stack.fst[324U] = 0U; - rand_stack.fst[325U] = 0U; - rand_stack.fst[326U] = 0U; - rand_stack.fst[327U] = 0U; - rand_stack.fst[328U] = 0U; - rand_stack.fst[329U] = 0U; - rand_stack.fst[330U] = 0U; - rand_stack.fst[331U] = 0U; - rand_stack.fst[332U] = 0U; - rand_stack.fst[333U] = 0U; - rand_stack.fst[334U] = 0U; - rand_stack.fst[335U] = 0U; - rand_stack.fst[336U] = 0U; - rand_stack.fst[337U] = 0U; - rand_stack.fst[338U] = 0U; - rand_stack.fst[339U] = 0U; - rand_stack.fst[340U] = 0U; - rand_stack.fst[341U] = 0U; - rand_stack.fst[342U] = 0U; - rand_stack.fst[343U] = 0U; - rand_stack.fst[344U] = 0U; - rand_stack.fst[345U] = 0U; - rand_stack.fst[346U] = 0U; - rand_stack.fst[347U] = 0U; - rand_stack.fst[348U] = 0U; - rand_stack.fst[349U] = 0U; - rand_stack.fst[350U] = 0U; - rand_stack.fst[351U] = 0U; - rand_stack.fst[352U] = 0U; - rand_stack.fst[353U] = 0U; - rand_stack.fst[354U] = 0U; - rand_stack.fst[355U] = 0U; - rand_stack.fst[356U] = 0U; - rand_stack.fst[357U] = 0U; - rand_stack.fst[358U] = 0U; - rand_stack.fst[359U] = 0U; - rand_stack.fst[360U] = 0U; - rand_stack.fst[361U] = 0U; - rand_stack.fst[362U] = 0U; - rand_stack.fst[363U] = 0U; - rand_stack.fst[364U] = 0U; - rand_stack.fst[365U] = 0U; - rand_stack.fst[366U] = 0U; - rand_stack.fst[367U] = 0U; - rand_stack.fst[368U] = 0U; - rand_stack.fst[369U] = 0U; - rand_stack.fst[370U] = 0U; - rand_stack.fst[371U] = 0U; - rand_stack.fst[372U] = 0U; - rand_stack.fst[373U] = 0U; - rand_stack.fst[374U] = 0U; - rand_stack.fst[375U] = 0U; - rand_stack.fst[376U] = 0U; - rand_stack.fst[377U] = 0U; - rand_stack.fst[378U] = 0U; - rand_stack.fst[379U] = 0U; - rand_stack.fst[380U] = 0U; - rand_stack.fst[381U] = 0U; - rand_stack.fst[382U] = 0U; - rand_stack.fst[383U] = 0U; - rand_stack.fst[384U] = 0U; - rand_stack.fst[385U] = 0U; - rand_stack.fst[386U] = 0U; - rand_stack.fst[387U] = 0U; - rand_stack.fst[388U] = 0U; - rand_stack.fst[389U] = 0U; - rand_stack.fst[390U] = 0U; - rand_stack.fst[391U] = 0U; - rand_stack.fst[392U] = 0U; - rand_stack.fst[393U] = 0U; - rand_stack.fst[394U] = 0U; - rand_stack.fst[395U] = 0U; - rand_stack.fst[396U] = 0U; - rand_stack.fst[397U] = 0U; - rand_stack.fst[398U] = 0U; - rand_stack.fst[399U] = 0U; - rand_stack.fst[400U] = 0U; - rand_stack.fst[401U] = 0U; - rand_stack.fst[402U] = 0U; - rand_stack.fst[403U] = 0U; - rand_stack.fst[404U] = 0U; - rand_stack.fst[405U] = 0U; - rand_stack.fst[406U] = 0U; - rand_stack.fst[407U] = 0U; - rand_stack.fst[408U] = 0U; - rand_stack.fst[409U] = 0U; - rand_stack.fst[410U] = 0U; - rand_stack.fst[411U] = 0U; - rand_stack.fst[412U] = 0U; - rand_stack.fst[413U] = 0U; - rand_stack.fst[414U] = 0U; - rand_stack.fst[415U] = 0U; - rand_stack.fst[416U] = 0U; - rand_stack.fst[417U] = 0U; - rand_stack.fst[418U] = 0U; - rand_stack.fst[419U] = 0U; - rand_stack.fst[420U] = 0U; - rand_stack.fst[421U] = 0U; - rand_stack.fst[422U] = 0U; - rand_stack.fst[423U] = 0U; - rand_stack.fst[424U] = 0U; - rand_stack.fst[425U] = 0U; - rand_stack.fst[426U] = 0U; - rand_stack.fst[427U] = 0U; - rand_stack.fst[428U] = 0U; - rand_stack.fst[429U] = 0U; - rand_stack.fst[430U] = 0U; - rand_stack.fst[431U] = 0U; - rand_stack.fst[432U] = 0U; - rand_stack.fst[433U] = 0U; - rand_stack.fst[434U] = 0U; - rand_stack.fst[435U] = 0U; - rand_stack.fst[436U] = 0U; - rand_stack.fst[437U] = 0U; - rand_stack.fst[438U] = 0U; - rand_stack.fst[439U] = 0U; - rand_stack.fst[440U] = 0U; - rand_stack.fst[441U] = 0U; - rand_stack.fst[442U] = 0U; - rand_stack.fst[443U] = 0U; - rand_stack.fst[444U] = 0U; - rand_stack.fst[445U] = 0U; - rand_stack.fst[446U] = 0U; - rand_stack.fst[447U] = 0U; - rand_stack.fst[448U] = 0U; - rand_stack.fst[449U] = 0U; - rand_stack.fst[450U] = 0U; - rand_stack.fst[451U] = 0U; - rand_stack.fst[452U] = 0U; - rand_stack.fst[453U] = 0U; - rand_stack.fst[454U] = 0U; - rand_stack.fst[455U] = 0U; - rand_stack.fst[456U] = 0U; - rand_stack.fst[457U] = 0U; - rand_stack.fst[458U] = 0U; - rand_stack.fst[459U] = 0U; - rand_stack.fst[460U] = 0U; - rand_stack.fst[461U] = 0U; - rand_stack.fst[462U] = 0U; - rand_stack.fst[463U] = 0U; - rand_stack.fst[464U] = 0U; - rand_stack.fst[465U] = 0U; - rand_stack.fst[466U] = 0U; - rand_stack.fst[467U] = 0U; - rand_stack.fst[468U] = 0U; - rand_stack.fst[469U] = 0U; - rand_stack.fst[470U] = 0U; - rand_stack.fst[471U] = 0U; - rand_stack.fst[472U] = 0U; - rand_stack.fst[473U] = 0U; - rand_stack.fst[474U] = 0U; - rand_stack.fst[475U] = 0U; - rand_stack.fst[476U] = 0U; - rand_stack.fst[477U] = 0U; - rand_stack.fst[478U] = 0U; - rand_stack.fst[479U] = 0U; - rand_stack.fst[480U] = 0U; - rand_stack.fst[481U] = 0U; - rand_stack.fst[482U] = 0U; - rand_stack.fst[483U] = 0U; - rand_stack.fst[484U] = 0U; - rand_stack.fst[485U] = 0U; - rand_stack.fst[486U] = 0U; - rand_stack.fst[487U] = 0U; - rand_stack.fst[488U] = 0U; - rand_stack.fst[489U] = 0U; - rand_stack.fst[490U] = 0U; - rand_stack.fst[491U] = 0U; - rand_stack.fst[492U] = 0U; - rand_stack.fst[493U] = 0U; - rand_stack.fst[494U] = 0U; - rand_stack.fst[495U] = 0U; - rand_stack.fst[496U] = 0U; - rand_stack.fst[497U] = 0U; - rand_stack.fst[498U] = 0U; - rand_stack.fst[499U] = 0U; - rand_stack.fst[500U] = 0U; - rand_stack.fst[501U] = 0U; - rand_stack.fst[502U] = 0U; - rand_stack.fst[503U] = 0U; - rand_stack.fst[504U] = 0U; - rand_stack.fst[505U] = 0U; - rand_stack.fst[506U] = 0U; - rand_stack.fst[507U] = 0U; - rand_stack.fst[508U] = 0U; - rand_stack.fst[509U] = 0U; - rand_stack.fst[510U] = 0U; - rand_stack.fst[511U] = 0U; - rand_stack.fst[512U] = 0U; - rand_stack.fst[513U] = 0U; - rand_stack.fst[514U] = 0U; - rand_stack.fst[515U] = 0U; - rand_stack.fst[516U] = 0U; - rand_stack.fst[517U] = 0U; - rand_stack.fst[518U] = 0U; - rand_stack.fst[519U] = 0U; - rand_stack.fst[520U] = 0U; - rand_stack.fst[521U] = 0U; - rand_stack.fst[522U] = 0U; - rand_stack.fst[523U] = 0U; - rand_stack.fst[524U] = 0U; - rand_stack.fst[525U] = 0U; - rand_stack.fst[526U] = 0U; - rand_stack.fst[527U] = 0U; - rand_stack.fst[528U] = 0U; - rand_stack.fst[529U] = 0U; - rand_stack.fst[530U] = 0U; - rand_stack.fst[531U] = 0U; - rand_stack.fst[532U] = 0U; - rand_stack.fst[533U] = 0U; - rand_stack.fst[534U] = 0U; - rand_stack.fst[535U] = 0U; - rand_stack.fst[536U] = 0U; - rand_stack.fst[537U] = 0U; - rand_stack.fst[538U] = 0U; - rand_stack.fst[539U] = 0U; - rand_stack.fst[540U] = 0U; - rand_stack.fst[541U] = 0U; - rand_stack.fst[542U] = 0U; - rand_stack.fst[543U] = 0U; - rand_stack.fst[544U] = 0U; - rand_stack.fst[545U] = 0U; - rand_stack.fst[546U] = 0U; - rand_stack.fst[547U] = 0U; - rand_stack.fst[548U] = 0U; - rand_stack.fst[549U] = 0U; - rand_stack.fst[550U] = 0U; - rand_stack.fst[551U] = 0U; - rand_stack.fst[552U] = 0U; - rand_stack.fst[553U] = 0U; - rand_stack.fst[554U] = 0U; - rand_stack.fst[555U] = 0U; - rand_stack.fst[556U] = 0U; - rand_stack.fst[557U] = 0U; - rand_stack.fst[558U] = 0U; - rand_stack.fst[559U] = 0U; - rand_stack.fst[560U] = 0U; - rand_stack.fst[561U] = 0U; - rand_stack.fst[562U] = 0U; - rand_stack.fst[563U] = 0U; - rand_stack.fst[564U] = 0U; - rand_stack.fst[565U] = 0U; - rand_stack.fst[566U] = 0U; - rand_stack.fst[567U] = 0U; - rand_stack.fst[568U] = 0U; - rand_stack.fst[569U] = 0U; - rand_stack.fst[570U] = 0U; - rand_stack.fst[571U] = 0U; - rand_stack.fst[572U] = 0U; - rand_stack.fst[573U] = 0U; - rand_stack.fst[574U] = 0U; - rand_stack.fst[575U] = 0U; - rand_stack.fst[576U] = 0U; - rand_stack.fst[577U] = 0U; - rand_stack.fst[578U] = 0U; - rand_stack.fst[579U] = 0U; - rand_stack.fst[580U] = 0U; - rand_stack.fst[581U] = 0U; - rand_stack.fst[582U] = 0U; - rand_stack.fst[583U] = 0U; - rand_stack.fst[584U] = 0U; - rand_stack.fst[585U] = 0U; - rand_stack.fst[586U] = 0U; - rand_stack.fst[587U] = 0U; - rand_stack.fst[588U] = 0U; - rand_stack.fst[589U] = 0U; - rand_stack.fst[590U] = 0U; - rand_stack.fst[591U] = 0U; - rand_stack.fst[592U] = 0U; - rand_stack.fst[593U] = 0U; - rand_stack.fst[594U] = 0U; - rand_stack.fst[595U] = 0U; - rand_stack.fst[596U] = 0U; - rand_stack.fst[597U] = 0U; - rand_stack.fst[598U] = 0U; - rand_stack.fst[599U] = 0U; - rand_stack.fst[600U] = 0U; - rand_stack.fst[601U] = 0U; - rand_stack.fst[602U] = 0U; - rand_stack.fst[603U] = 0U; - rand_stack.fst[604U] = 0U; - rand_stack.fst[605U] = 0U; - rand_stack.fst[606U] = 0U; - rand_stack.fst[607U] = 0U; - rand_stack.fst[608U] = 0U; - rand_stack.fst[609U] = 0U; - rand_stack.fst[610U] = 0U; - rand_stack.fst[611U] = 0U; - rand_stack.fst[612U] = 0U; - rand_stack.fst[613U] = 0U; - rand_stack.fst[614U] = 0U; - rand_stack.fst[615U] = 0U; - rand_stack.fst[616U] = 0U; - rand_stack.fst[617U] = 0U; - rand_stack.fst[618U] = 0U; - rand_stack.fst[619U] = 0U; - rand_stack.fst[620U] = 0U; - rand_stack.fst[621U] = 0U; - rand_stack.fst[622U] = 0U; - rand_stack.fst[623U] = 0U; - rand_stack.fst[624U] = 0U; - rand_stack.fst[625U] = 0U; - rand_stack.fst[626U] = 0U; - rand_stack.fst[627U] = 0U; - rand_stack.fst[628U] = 0U; - rand_stack.fst[629U] = 0U; - rand_stack.fst[630U] = 0U; - rand_stack.fst[631U] = 0U; - rand_stack.fst[632U] = 0U; - rand_stack.fst[633U] = 0U; - rand_stack.fst[634U] = 0U; - rand_stack.fst[635U] = 0U; - rand_stack.fst[636U] = 0U; - rand_stack.fst[637U] = 0U; - rand_stack.fst[638U] = 0U; - rand_stack.fst[639U] = 0U; - rand_stack.fst[640U] = 0U; - rand_stack.fst[641U] = 0U; - rand_stack.fst[642U] = 0U; - rand_stack.fst[643U] = 0U; - rand_stack.fst[644U] = 0U; - rand_stack.fst[645U] = 0U; - rand_stack.fst[646U] = 0U; - rand_stack.fst[647U] = 0U; - rand_stack.fst[648U] = 0U; - rand_stack.fst[649U] = 0U; - rand_stack.fst[650U] = 0U; - rand_stack.fst[651U] = 0U; - rand_stack.fst[652U] = 0U; - rand_stack.fst[653U] = 0U; - rand_stack.fst[654U] = 0U; - rand_stack.fst[655U] = 0U; - rand_stack.fst[656U] = 0U; - rand_stack.fst[657U] = 0U; - rand_stack.fst[658U] = 0U; - rand_stack.fst[659U] = 0U; - rand_stack.fst[660U] = 0U; - rand_stack.fst[661U] = 0U; - rand_stack.fst[662U] = 0U; - rand_stack.fst[663U] = 0U; - rand_stack.fst[664U] = 0U; - rand_stack.fst[665U] = 0U; - rand_stack.fst[666U] = 0U; - rand_stack.fst[667U] = 0U; - rand_stack.fst[668U] = 0U; - rand_stack.fst[669U] = 0U; - rand_stack.fst[670U] = 0U; - rand_stack.fst[671U] = 0U; - rand_stack.fst[672U] = 0U; - rand_stack.fst[673U] = 0U; - rand_stack.fst[674U] = 0U; - rand_stack.fst[675U] = 0U; - rand_stack.fst[676U] = 0U; - rand_stack.fst[677U] = 0U; - rand_stack.fst[678U] = 0U; - rand_stack.fst[679U] = 0U; - rand_stack.fst[680U] = 0U; - rand_stack.fst[681U] = 0U; - rand_stack.fst[682U] = 0U; - rand_stack.fst[683U] = 0U; - rand_stack.fst[684U] = 0U; - rand_stack.fst[685U] = 0U; - rand_stack.fst[686U] = 0U; - rand_stack.fst[687U] = 0U; - rand_stack.fst[688U] = 0U; - rand_stack.fst[689U] = 0U; - rand_stack.fst[690U] = 0U; - rand_stack.fst[691U] = 0U; - rand_stack.fst[692U] = 0U; - rand_stack.fst[693U] = 0U; - rand_stack.fst[694U] = 0U; - rand_stack.fst[695U] = 0U; - rand_stack.fst[696U] = 0U; - rand_stack.fst[697U] = 0U; - rand_stack.fst[698U] = 0U; - rand_stack.fst[699U] = 0U; - rand_stack.fst[700U] = 0U; - rand_stack.fst[701U] = 0U; - rand_stack.fst[702U] = 0U; - rand_stack.fst[703U] = 0U; - rand_stack.fst[704U] = 0U; - rand_stack.fst[705U] = 0U; - rand_stack.fst[706U] = 0U; - rand_stack.fst[707U] = 0U; - rand_stack.fst[708U] = 0U; - rand_stack.fst[709U] = 0U; - rand_stack.fst[710U] = 0U; - rand_stack.fst[711U] = 0U; - rand_stack.fst[712U] = 0U; - rand_stack.fst[713U] = 0U; - rand_stack.fst[714U] = 0U; - rand_stack.fst[715U] = 0U; - rand_stack.fst[716U] = 0U; - rand_stack.fst[717U] = 0U; - rand_stack.fst[718U] = 0U; - rand_stack.fst[719U] = 0U; - rand_stack.fst[720U] = 0U; - rand_stack.fst[721U] = 0U; - rand_stack.fst[722U] = 0U; - rand_stack.fst[723U] = 0U; - rand_stack.fst[724U] = 0U; - rand_stack.fst[725U] = 0U; - rand_stack.fst[726U] = 0U; - rand_stack.fst[727U] = 0U; - rand_stack.fst[728U] = 0U; - rand_stack.fst[729U] = 0U; - rand_stack.fst[730U] = 0U; - rand_stack.fst[731U] = 0U; - rand_stack.fst[732U] = 0U; - rand_stack.fst[733U] = 0U; - rand_stack.fst[734U] = 0U; - rand_stack.fst[735U] = 0U; - rand_stack.fst[736U] = 0U; - rand_stack.fst[737U] = 0U; - rand_stack.fst[738U] = 0U; - rand_stack.fst[739U] = 0U; - rand_stack.fst[740U] = 0U; - rand_stack.fst[741U] = 0U; - rand_stack.fst[742U] = 0U; - rand_stack.fst[743U] = 0U; - rand_stack.fst[744U] = 0U; - rand_stack.fst[745U] = 0U; - rand_stack.fst[746U] = 0U; - rand_stack.fst[747U] = 0U; - rand_stack.fst[748U] = 0U; - rand_stack.fst[749U] = 0U; - rand_stack.fst[750U] = 0U; - rand_stack.fst[751U] = 0U; - rand_stack.fst[752U] = 0U; - rand_stack.fst[753U] = 0U; - rand_stack.fst[754U] = 0U; - rand_stack.fst[755U] = 0U; - rand_stack.fst[756U] = 0U; - rand_stack.fst[757U] = 0U; - rand_stack.fst[758U] = 0U; - rand_stack.fst[759U] = 0U; - rand_stack.fst[760U] = 0U; - rand_stack.fst[761U] = 0U; - rand_stack.fst[762U] = 0U; - rand_stack.fst[763U] = 0U; - rand_stack.fst[764U] = 0U; - rand_stack.fst[765U] = 0U; - rand_stack.fst[766U] = 0U; - rand_stack.fst[767U] = 0U; - rand_stack.fst[768U] = 0U; - rand_stack.fst[769U] = 0U; - rand_stack.fst[770U] = 0U; - rand_stack.fst[771U] = 0U; - rand_stack.fst[772U] = 0U; - rand_stack.fst[773U] = 0U; - rand_stack.fst[774U] = 0U; - rand_stack.fst[775U] = 0U; - rand_stack.fst[776U] = 0U; - rand_stack.fst[777U] = 0U; - rand_stack.fst[778U] = 0U; - rand_stack.fst[779U] = 0U; - rand_stack.fst[780U] = 0U; - rand_stack.fst[781U] = 0U; - rand_stack.fst[782U] = 0U; - rand_stack.fst[783U] = 0U; - rand_stack.fst[784U] = 0U; - rand_stack.fst[785U] = 0U; - rand_stack.fst[786U] = 0U; - rand_stack.fst[787U] = 0U; - rand_stack.fst[788U] = 0U; - rand_stack.fst[789U] = 0U; - rand_stack.fst[790U] = 0U; - rand_stack.fst[791U] = 0U; - rand_stack.fst[792U] = 0U; - rand_stack.fst[793U] = 0U; - rand_stack.fst[794U] = 0U; - rand_stack.fst[795U] = 0U; - rand_stack.fst[796U] = 0U; - rand_stack.fst[797U] = 0U; - rand_stack.fst[798U] = 0U; - rand_stack.fst[799U] = 0U; - rand_stack.fst[800U] = 0U; - rand_stack.fst[801U] = 0U; - rand_stack.fst[802U] = 0U; - rand_stack.fst[803U] = 0U; - rand_stack.fst[804U] = 0U; - rand_stack.fst[805U] = 0U; - rand_stack.fst[806U] = 0U; - rand_stack.fst[807U] = 0U; - rand_stack.fst[808U] = 0U; - rand_stack.fst[809U] = 0U; - rand_stack.fst[810U] = 0U; - rand_stack.fst[811U] = 0U; - rand_stack.fst[812U] = 0U; - rand_stack.fst[813U] = 0U; - rand_stack.fst[814U] = 0U; - rand_stack.fst[815U] = 0U; - rand_stack.fst[816U] = 0U; - rand_stack.fst[817U] = 0U; - rand_stack.fst[818U] = 0U; - rand_stack.fst[819U] = 0U; - rand_stack.fst[820U] = 0U; - rand_stack.fst[821U] = 0U; - rand_stack.fst[822U] = 0U; - rand_stack.fst[823U] = 0U; - rand_stack.fst[824U] = 0U; - rand_stack.fst[825U] = 0U; - rand_stack.fst[826U] = 0U; - rand_stack.fst[827U] = 0U; - rand_stack.fst[828U] = 0U; - rand_stack.fst[829U] = 0U; - rand_stack.fst[830U] = 0U; - rand_stack.fst[831U] = 0U; - rand_stack.fst[832U] = 0U; - rand_stack.fst[833U] = 0U; - rand_stack.fst[834U] = 0U; - rand_stack.fst[835U] = 0U; - rand_stack.fst[836U] = 0U; - rand_stack.fst[837U] = 0U; - rand_stack.fst[838U] = 0U; - rand_stack.fst[839U] = 0U; - memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t)); - memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t)); - rand_stack.f3[0U] = 0U; - rand_stack.f3[1U] = 0U; - rand_stack.f3[2U] = 0U; - rand_stack.f3[3U] = 0U; - rand_stack.f3[4U] = 0U; - rand_stack.f3[5U] = 0U; - rand_stack.f3[6U] = 0U; - rand_stack.f3[7U] = 0U; - rand_stack.f3[8U] = 0U; - rand_stack.f3[9U] = 0U; - rand_stack.f3[10U] = 0U; - rand_stack.f3[11U] = 0U; - rand_stack.f3[12U] = 0U; - rand_stack.f3[13U] = 0U; - rand_stack.f3[14U] = 0U; - rand_stack.f3[15U] = 0U; - rand_stack.f3[16U] = 0U; - rand_stack.f3[17U] = 0U; - rand_stack.f3[18U] = 0U; - rand_stack.f3[19U] = 0U; - rand_stack.f3[20U] = 0U; - rand_stack.f3[21U] = 0U; - rand_stack.f3[22U] = 0U; - rand_stack.f3[23U] = 0U; - rand_stack.f3[24U] = 0U; - rand_stack.f3[25U] = 0U; - rand_stack.f3[26U] = 0U; - rand_stack.f3[27U] = 0U; - rand_stack.f3[28U] = 0U; - rand_stack.f3[29U] = 0U; - rand_stack.f3[30U] = 0U; - rand_stack.f3[31U] = 0U; - rand_stack.f3[32U] = 0U; - rand_stack.f3[33U] = 0U; - rand_stack.f3[34U] = 0U; - rand_stack.f3[35U] = 0U; - rand_stack.f3[36U] = 0U; - rand_stack.f3[37U] = 0U; - rand_stack.f3[38U] = 0U; - rand_stack.f3[39U] = 0U; - rand_stack.f3[40U] = 0U; - rand_stack.f3[41U] = 0U; - rand_stack.f3[42U] = 0U; - rand_stack.f3[43U] = 0U; - rand_stack.f3[44U] = 0U; - rand_stack.f3[45U] = 0U; - rand_stack.f3[46U] = 0U; - rand_stack.f3[47U] = 0U; - rand_stack.f3[48U] = 0U; - rand_stack.f3[49U] = 0U; - rand_stack.f3[50U] = 0U; - rand_stack.f3[51U] = 0U; - rand_stack.f3[52U] = 0U; - rand_stack.f3[53U] = 0U; - rand_stack.f3[54U] = 0U; - rand_stack.f3[55U] = 0U; - rand_stack.f3[56U] = 0U; - rand_stack.f3[57U] = 0U; - rand_stack.f3[58U] = 0U; - rand_stack.f3[59U] = 0U; - rand_stack.f3[60U] = 0U; - rand_stack.f3[61U] = 0U; - rand_stack.f3[62U] = 0U; - rand_stack.f3[63U] = 0U; - rand_stack.f3[64U] = 0U; - rand_stack.f3[65U] = 0U; - rand_stack.f3[66U] = 0U; - rand_stack.f3[67U] = 0U; - rand_stack.f3[68U] = 0U; - rand_stack.f3[69U] = 0U; - rand_stack.f3[70U] = 0U; - rand_stack.f3[71U] = 0U; - rand_stack.f3[72U] = 0U; - rand_stack.f3[73U] = 0U; - rand_stack.f3[74U] = 0U; - rand_stack.f3[75U] = 0U; - rand_stack.f3[76U] = 0U; - rand_stack.f3[77U] = 0U; - rand_stack.f3[78U] = 0U; - rand_stack.f3[79U] = 0U; - rand_stack.f3[80U] = 0U; - rand_stack.f3[81U] = 0U; - rand_stack.f3[82U] = 0U; - rand_stack.f3[83U] = 0U; - rand_stack.f3[84U] = 0U; - rand_stack.f3[85U] = 0U; - rand_stack.f3[86U] = 0U; - rand_stack.f3[87U] = 0U; - rand_stack.f3[88U] = 0U; - rand_stack.f3[89U] = 0U; - rand_stack.f3[90U] = 0U; - rand_stack.f3[91U] = 0U; - rand_stack.f3[92U] = 0U; - rand_stack.f3[93U] = 0U; - rand_stack.f3[94U] = 0U; - rand_stack.f3[95U] = 0U; - rand_stack.f3[96U] = 0U; - rand_stack.f3[97U] = 0U; - rand_stack.f3[98U] = 0U; - rand_stack.f3[99U] = 0U; - rand_stack.f3[100U] = 0U; - rand_stack.f3[101U] = 0U; - rand_stack.f3[102U] = 0U; - rand_stack.f3[103U] = 0U; - rand_stack.f3[104U] = 0U; - rand_stack.f3[105U] = 0U; - rand_stack.f3[106U] = 0U; - rand_stack.f3[107U] = 0U; - rand_stack.f3[108U] = 0U; - rand_stack.f3[109U] = 0U; - rand_stack.f3[110U] = 0U; - rand_stack.f3[111U] = 0U; - rand_stack.f3[112U] = 0U; - rand_stack.f3[113U] = 0U; - rand_stack.f3[114U] = 0U; - rand_stack.f3[115U] = 0U; - rand_stack.f3[116U] = 0U; - rand_stack.f3[117U] = 0U; - rand_stack.f3[118U] = 0U; - rand_stack.f3[119U] = 0U; - rand_stack.f3[120U] = 0U; - rand_stack.f3[121U] = 0U; - rand_stack.f3[122U] = 0U; - rand_stack.f3[123U] = 0U; - rand_stack.f3[124U] = 0U; - rand_stack.f3[125U] = 0U; - rand_stack.f3[126U] = 0U; - rand_stack.f3[127U] = 0U; - rand_stack.f3[128U] = 0U; - rand_stack.f3[129U] = 0U; - rand_stack.f3[130U] = 0U; - rand_stack.f3[131U] = 0U; - rand_stack.f3[132U] = 0U; - rand_stack.f3[133U] = 0U; - rand_stack.f3[134U] = 0U; - rand_stack.f3[135U] = 0U; - rand_stack.f3[136U] = 0U; - rand_stack.f3[137U] = 0U; - rand_stack.f3[138U] = 0U; - rand_stack.f3[139U] = 0U; - rand_stack.f3[140U] = 0U; - rand_stack.f3[141U] = 0U; - rand_stack.f3[142U] = 0U; - rand_stack.f3[143U] = 0U; - rand_stack.f3[144U] = 0U; - rand_stack.f3[145U] = 0U; - rand_stack.f3[146U] = 0U; - rand_stack.f3[147U] = 0U; - rand_stack.f3[148U] = 0U; - rand_stack.f3[149U] = 0U; - rand_stack.f3[150U] = 0U; - rand_stack.f3[151U] = 0U; - rand_stack.f3[152U] = 0U; - rand_stack.f3[153U] = 0U; - rand_stack.f3[154U] = 0U; - rand_stack.f3[155U] = 0U; - rand_stack.f3[156U] = 0U; - rand_stack.f3[157U] = 0U; - rand_stack.f3[158U] = 0U; - rand_stack.f3[159U] = 0U; - rand_stack.f3[160U] = 0U; - rand_stack.f3[161U] = 0U; - rand_stack.f3[162U] = 0U; - rand_stack.f3[163U] = 0U; - rand_stack.f3[164U] = 0U; - rand_stack.f3[165U] = 0U; - rand_stack.f3[166U] = 0U; - rand_stack.f3[167U] = 0U; - rand_stack.f3[168U] = 0U; - rand_stack.f3[169U] = 0U; - rand_stack.f3[170U] = 0U; - rand_stack.f3[171U] = 0U; - rand_stack.f3[172U] = 0U; - rand_stack.f3[173U] = 0U; - rand_stack.f3[174U] = 0U; - rand_stack.f3[175U] = 0U; - rand_stack.f3[176U] = 0U; - rand_stack.f3[177U] = 0U; - rand_stack.f3[178U] = 0U; - rand_stack.f3[179U] = 0U; - rand_stack.f3[180U] = 0U; - rand_stack.f3[181U] = 0U; - rand_stack.f3[182U] = 0U; - rand_stack.f3[183U] = 0U; - rand_stack.f3[184U] = 0U; - rand_stack.f3[185U] = 0U; - rand_stack.f3[186U] = 0U; - rand_stack.f3[187U] = 0U; - rand_stack.f3[188U] = 0U; - rand_stack.f3[189U] = 0U; - rand_stack.f3[190U] = 0U; - rand_stack.f3[191U] = 0U; - rand_stack.f3[192U] = 0U; - rand_stack.f3[193U] = 0U; - rand_stack.f3[194U] = 0U; - rand_stack.f3[195U] = 0U; - rand_stack.f3[196U] = 0U; - rand_stack.f3[197U] = 0U; - rand_stack.f3[198U] = 0U; - rand_stack.f3[199U] = 0U; - rand_stack.f3[200U] = 0U; - rand_stack.f3[201U] = 0U; - rand_stack.f3[202U] = 0U; - rand_stack.f3[203U] = 0U; - rand_stack.f3[204U] = 0U; - rand_stack.f3[205U] = 0U; - rand_stack.f3[206U] = 0U; - rand_stack.f3[207U] = 0U; - rand_stack.f3[208U] = 0U; - rand_stack.f3[209U] = 0U; - rand_stack.f3[210U] = 0U; - rand_stack.f3[211U] = 0U; - rand_stack.f3[212U] = 0U; - rand_stack.f3[213U] = 0U; - rand_stack.f3[214U] = 0U; - rand_stack.f3[215U] = 0U; - rand_stack.f3[216U] = 0U; - rand_stack.f3[217U] = 0U; - rand_stack.f3[218U] = 0U; - rand_stack.f3[219U] = 0U; - rand_stack.f3[220U] = 0U; - rand_stack.f3[221U] = 0U; - rand_stack.f3[222U] = 0U; - rand_stack.f3[223U] = 0U; - rand_stack.f3[224U] = 0U; - rand_stack.f3[225U] = 0U; - rand_stack.f3[226U] = 0U; - rand_stack.f3[227U] = 0U; - rand_stack.f3[228U] = 0U; - rand_stack.f3[229U] = 0U; - rand_stack.f3[230U] = 0U; - rand_stack.f3[231U] = 0U; - rand_stack.f3[232U] = 0U; - rand_stack.f3[233U] = 0U; - rand_stack.f3[234U] = 0U; - rand_stack.f3[235U] = 0U; - rand_stack.f3[236U] = 0U; - rand_stack.f3[237U] = 0U; - rand_stack.f3[238U] = 0U; - rand_stack.f3[239U] = 0U; - rand_stack.f3[240U] = 0U; - rand_stack.f3[241U] = 0U; - rand_stack.f3[242U] = 0U; - rand_stack.f3[243U] = 0U; - rand_stack.f3[244U] = 0U; - rand_stack.f3[245U] = 0U; - rand_stack.f3[246U] = 0U; - rand_stack.f3[247U] = 0U; - rand_stack.f3[248U] = 0U; - rand_stack.f3[249U] = 0U; - rand_stack.f3[250U] = 0U; - rand_stack.f3[251U] = 0U; - rand_stack.f3[252U] = 0U; - rand_stack.f3[253U] = 0U; - rand_stack.f3[254U] = 0U; - rand_stack.f3[255U] = 0U; - rand_stack.f3[256U] = 0U; - rand_stack.f3[257U] = 0U; - rand_stack.f3[258U] = 0U; - rand_stack.f3[259U] = 0U; - rand_stack.f3[260U] = 0U; - rand_stack.f3[261U] = 0U; - rand_stack.f3[262U] = 0U; - rand_stack.f3[263U] = 0U; - rand_stack.f3[264U] = 0U; - rand_stack.f3[265U] = 0U; - rand_stack.f3[266U] = 0U; - rand_stack.f3[267U] = 0U; - rand_stack.f3[268U] = 0U; - rand_stack.f3[269U] = 0U; - rand_stack.f3[270U] = 0U; - rand_stack.f3[271U] = 0U; - rand_stack.f3[272U] = 0U; - rand_stack.f3[273U] = 0U; - rand_stack.f3[274U] = 0U; - rand_stack.f3[275U] = 0U; - rand_stack.f3[276U] = 0U; - rand_stack.f3[277U] = 0U; - rand_stack.f3[278U] = 0U; - rand_stack.f3[279U] = 0U; - rand_stack.f3[280U] = 0U; - rand_stack.f3[281U] = 0U; - rand_stack.f3[282U] = 0U; - rand_stack.f3[283U] = 0U; - rand_stack.f3[284U] = 0U; - rand_stack.f3[285U] = 0U; - rand_stack.f3[286U] = 0U; - rand_stack.f3[287U] = 0U; - rand_stack.f3[288U] = 0U; - rand_stack.f3[289U] = 0U; - rand_stack.f3[290U] = 0U; - rand_stack.f3[291U] = 0U; - rand_stack.f3[292U] = 0U; - rand_stack.f3[293U] = 0U; - rand_stack.f3[294U] = 0U; - rand_stack.f3[295U] = 0U; - rand_stack.f3[296U] = 0U; - rand_stack.f3[297U] = 0U; - rand_stack.f3[298U] = 0U; - rand_stack.f3[299U] = 0U; - rand_stack.f3[300U] = 0U; - rand_stack.f3[301U] = 0U; - rand_stack.f3[302U] = 0U; - rand_stack.f3[303U] = 0U; - rand_stack.f3[304U] = 0U; - rand_stack.f3[305U] = 0U; - rand_stack.f3[306U] = 0U; - rand_stack.f3[307U] = 0U; - rand_stack.f3[308U] = 0U; - rand_stack.f3[309U] = 0U; - rand_stack.f3[310U] = 0U; - rand_stack.f3[311U] = 0U; - rand_stack.f3[312U] = 0U; - rand_stack.f3[313U] = 0U; - rand_stack.f3[314U] = 0U; - rand_stack.f3[315U] = 0U; - rand_stack.f3[316U] = 0U; - rand_stack.f3[317U] = 0U; - rand_stack.f3[318U] = 0U; - rand_stack.f3[319U] = 0U; - rand_stack.f3[320U] = 0U; - rand_stack.f3[321U] = 0U; - rand_stack.f3[322U] = 0U; - rand_stack.f3[323U] = 0U; - rand_stack.f3[324U] = 0U; - rand_stack.f3[325U] = 0U; - rand_stack.f3[326U] = 0U; - rand_stack.f3[327U] = 0U; - rand_stack.f3[328U] = 0U; - rand_stack.f3[329U] = 0U; - rand_stack.f3[330U] = 0U; - rand_stack.f3[331U] = 0U; - rand_stack.f3[332U] = 0U; - rand_stack.f3[333U] = 0U; - rand_stack.f3[334U] = 0U; - rand_stack.f3[335U] = 0U; - rand_stack.f3[336U] = 0U; - rand_stack.f3[337U] = 0U; - rand_stack.f3[338U] = 0U; - rand_stack.f3[339U] = 0U; - rand_stack.f3[340U] = 0U; - rand_stack.f3[341U] = 0U; - rand_stack.f3[342U] = 0U; - rand_stack.f3[343U] = 0U; - rand_stack.f3[344U] = 0U; - rand_stack.f3[345U] = 0U; - rand_stack.f3[346U] = 0U; - rand_stack.f3[347U] = 0U; - rand_stack.f3[348U] = 0U; - rand_stack.f3[349U] = 0U; - rand_stack.f3[350U] = 0U; - rand_stack.f3[351U] = 0U; - rand_stack.f3[352U] = 0U; - rand_stack.f3[353U] = 0U; - rand_stack.f3[354U] = 0U; - rand_stack.f3[355U] = 0U; - rand_stack.f3[356U] = 0U; - rand_stack.f3[357U] = 0U; - rand_stack.f3[358U] = 0U; - rand_stack.f3[359U] = 0U; - rand_stack.f3[360U] = 0U; - rand_stack.f3[361U] = 0U; - rand_stack.f3[362U] = 0U; - rand_stack.f3[363U] = 0U; - rand_stack.f3[364U] = 0U; - rand_stack.f3[365U] = 0U; - rand_stack.f3[366U] = 0U; - rand_stack.f3[367U] = 0U; - rand_stack.f3[368U] = 0U; - rand_stack.f3[369U] = 0U; - rand_stack.f3[370U] = 0U; - rand_stack.f3[371U] = 0U; - rand_stack.f3[372U] = 0U; - rand_stack.f3[373U] = 0U; - rand_stack.f3[374U] = 0U; - rand_stack.f3[375U] = 0U; - rand_stack.f3[376U] = 0U; - rand_stack.f3[377U] = 0U; - rand_stack.f3[378U] = 0U; - rand_stack.f3[379U] = 0U; - rand_stack.f3[380U] = 0U; - rand_stack.f3[381U] = 0U; - rand_stack.f3[382U] = 0U; - rand_stack.f3[383U] = 0U; - rand_stack.f3[384U] = 0U; - rand_stack.f3[385U] = 0U; - rand_stack.f3[386U] = 0U; - rand_stack.f3[387U] = 0U; - rand_stack.f3[388U] = 0U; - rand_stack.f3[389U] = 0U; - rand_stack.f3[390U] = 0U; - rand_stack.f3[391U] = 0U; - rand_stack.f3[392U] = 0U; - rand_stack.f3[393U] = 0U; - rand_stack.f3[394U] = 0U; - rand_stack.f3[395U] = 0U; - rand_stack.f3[396U] = 0U; - rand_stack.f3[397U] = 0U; - rand_stack.f3[398U] = 0U; - rand_stack.f3[399U] = 0U; - rand_stack.f3[400U] = 0U; - rand_stack.f3[401U] = 0U; - rand_stack.f3[402U] = 0U; - rand_stack.f3[403U] = 0U; - rand_stack.f3[404U] = 0U; - rand_stack.f3[405U] = 0U; - rand_stack.f3[406U] = 0U; - rand_stack.f3[407U] = 0U; - rand_stack.f3[408U] = 0U; - rand_stack.f3[409U] = 0U; - rand_stack.f3[410U] = 0U; - rand_stack.f3[411U] = 0U; - rand_stack.f3[412U] = 0U; - rand_stack.f3[413U] = 0U; - rand_stack.f3[414U] = 0U; - rand_stack.f3[415U] = 0U; - rand_stack.f3[416U] = 0U; - rand_stack.f3[417U] = 0U; - rand_stack.f3[418U] = 0U; - rand_stack.f3[419U] = 0U; - rand_stack.f3[420U] = 0U; - rand_stack.f3[421U] = 0U; - rand_stack.f3[422U] = 0U; - rand_stack.f3[423U] = 0U; - rand_stack.f3[424U] = 0U; - rand_stack.f3[425U] = 0U; - rand_stack.f3[426U] = 0U; - rand_stack.f3[427U] = 0U; - rand_stack.f3[428U] = 0U; - rand_stack.f3[429U] = 0U; - rand_stack.f3[430U] = 0U; - rand_stack.f3[431U] = 0U; - rand_stack.f3[432U] = 0U; - rand_stack.f3[433U] = 0U; - rand_stack.f3[434U] = 0U; - rand_stack.f3[435U] = 0U; - rand_stack.f3[436U] = 0U; - rand_stack.f3[437U] = 0U; - rand_stack.f3[438U] = 0U; - rand_stack.f3[439U] = 0U; - rand_stack.f3[440U] = 0U; - rand_stack.f3[441U] = 0U; - rand_stack.f3[442U] = 0U; - rand_stack.f3[443U] = 0U; - rand_stack.f3[444U] = 0U; - rand_stack.f3[445U] = 0U; - rand_stack.f3[446U] = 0U; - rand_stack.f3[447U] = 0U; - rand_stack.f3[448U] = 0U; - rand_stack.f3[449U] = 0U; - rand_stack.f3[450U] = 0U; - rand_stack.f3[451U] = 0U; - rand_stack.f3[452U] = 0U; - rand_stack.f3[453U] = 0U; - rand_stack.f3[454U] = 0U; - rand_stack.f3[455U] = 0U; - rand_stack.f3[456U] = 0U; - rand_stack.f3[457U] = 0U; - rand_stack.f3[458U] = 0U; - rand_stack.f3[459U] = 0U; - rand_stack.f3[460U] = 0U; - rand_stack.f3[461U] = 0U; - rand_stack.f3[462U] = 0U; - rand_stack.f3[463U] = 0U; - rand_stack.f3[464U] = 0U; - rand_stack.f3[465U] = 0U; - rand_stack.f3[466U] = 0U; - rand_stack.f3[467U] = 0U; - rand_stack.f3[468U] = 0U; - rand_stack.f3[469U] = 0U; - rand_stack.f3[470U] = 0U; - rand_stack.f3[471U] = 0U; - rand_stack.f3[472U] = 0U; - rand_stack.f3[473U] = 0U; - rand_stack.f3[474U] = 0U; - rand_stack.f3[475U] = 0U; - rand_stack.f3[476U] = 0U; - rand_stack.f3[477U] = 0U; - rand_stack.f3[478U] = 0U; - rand_stack.f3[479U] = 0U; - rand_stack.f3[480U] = 0U; - rand_stack.f3[481U] = 0U; - rand_stack.f3[482U] = 0U; - rand_stack.f3[483U] = 0U; - rand_stack.f3[484U] = 0U; - rand_stack.f3[485U] = 0U; - rand_stack.f3[486U] = 0U; - rand_stack.f3[487U] = 0U; - rand_stack.f3[488U] = 0U; - rand_stack.f3[489U] = 0U; - rand_stack.f3[490U] = 0U; - rand_stack.f3[491U] = 0U; - rand_stack.f3[492U] = 0U; - rand_stack.f3[493U] = 0U; - rand_stack.f3[494U] = 0U; - rand_stack.f3[495U] = 0U; - rand_stack.f3[496U] = 0U; - rand_stack.f3[497U] = 0U; - rand_stack.f3[498U] = 0U; - rand_stack.f3[499U] = 0U; - rand_stack.f3[500U] = 0U; - rand_stack.f3[501U] = 0U; - rand_stack.f3[502U] = 0U; - rand_stack.f3[503U] = 0U; - rand_stack.f3[504U] = 0U; - rand_stack.f3[505U] = 0U; - rand_stack.f3[506U] = 0U; - rand_stack.f3[507U] = 0U; - rand_stack.f3[508U] = 0U; - rand_stack.f3[509U] = 0U; - rand_stack.f3[510U] = 0U; - rand_stack.f3[511U] = 0U; - rand_stack.f3[512U] = 0U; - rand_stack.f3[513U] = 0U; - rand_stack.f3[514U] = 0U; - rand_stack.f3[515U] = 0U; - rand_stack.f3[516U] = 0U; - rand_stack.f3[517U] = 0U; - rand_stack.f3[518U] = 0U; - rand_stack.f3[519U] = 0U; - rand_stack.f3[520U] = 0U; - rand_stack.f3[521U] = 0U; - rand_stack.f3[522U] = 0U; - rand_stack.f3[523U] = 0U; - rand_stack.f3[524U] = 0U; - rand_stack.f3[525U] = 0U; - rand_stack.f3[526U] = 0U; - rand_stack.f3[527U] = 0U; - rand_stack.f3[528U] = 0U; - rand_stack.f3[529U] = 0U; - rand_stack.f3[530U] = 0U; - rand_stack.f3[531U] = 0U; - rand_stack.f3[532U] = 0U; - rand_stack.f3[533U] = 0U; - rand_stack.f3[534U] = 0U; - rand_stack.f3[535U] = 0U; - rand_stack.f3[536U] = 0U; - rand_stack.f3[537U] = 0U; - rand_stack.f3[538U] = 0U; - rand_stack.f3[539U] = 0U; - rand_stack.f3[540U] = 0U; - rand_stack.f3[541U] = 0U; - rand_stack.f3[542U] = 0U; - rand_stack.f3[543U] = 0U; - rand_stack.f3[544U] = 0U; - rand_stack.f3[545U] = 0U; - rand_stack.f3[546U] = 0U; - rand_stack.f3[547U] = 0U; - rand_stack.f3[548U] = 0U; - rand_stack.f3[549U] = 0U; - rand_stack.f3[550U] = 0U; - rand_stack.f3[551U] = 0U; - rand_stack.f3[552U] = 0U; - rand_stack.f3[553U] = 0U; - rand_stack.f3[554U] = 0U; - rand_stack.f3[555U] = 0U; - rand_stack.f3[556U] = 0U; - rand_stack.f3[557U] = 0U; - rand_stack.f3[558U] = 0U; - rand_stack.f3[559U] = 0U; - rand_stack.f3[560U] = 0U; - rand_stack.f3[561U] = 0U; - rand_stack.f3[562U] = 0U; - rand_stack.f3[563U] = 0U; - rand_stack.f3[564U] = 0U; - rand_stack.f3[565U] = 0U; - rand_stack.f3[566U] = 0U; - rand_stack.f3[567U] = 0U; - rand_stack.f3[568U] = 0U; - rand_stack.f3[569U] = 0U; - rand_stack.f3[570U] = 0U; - rand_stack.f3[571U] = 0U; - rand_stack.f3[572U] = 0U; - rand_stack.f3[573U] = 0U; - rand_stack.f3[574U] = 0U; - rand_stack.f3[575U] = 0U; - rand_stack.f3[576U] = 0U; - rand_stack.f3[577U] = 0U; - rand_stack.f3[578U] = 0U; - rand_stack.f3[579U] = 0U; - rand_stack.f3[580U] = 0U; - rand_stack.f3[581U] = 0U; - rand_stack.f3[582U] = 0U; - rand_stack.f3[583U] = 0U; - rand_stack.f3[584U] = 0U; - rand_stack.f3[585U] = 0U; - rand_stack.f3[586U] = 0U; - rand_stack.f3[587U] = 0U; - rand_stack.f3[588U] = 0U; - rand_stack.f3[589U] = 0U; - rand_stack.f3[590U] = 0U; - rand_stack.f3[591U] = 0U; - rand_stack.f3[592U] = 0U; - rand_stack.f3[593U] = 0U; - rand_stack.f3[594U] = 0U; - rand_stack.f3[595U] = 0U; - rand_stack.f3[596U] = 0U; - rand_stack.f3[597U] = 0U; - rand_stack.f3[598U] = 0U; - rand_stack.f3[599U] = 0U; - rand_stack.f3[600U] = 0U; - rand_stack.f3[601U] = 0U; - rand_stack.f3[602U] = 0U; - rand_stack.f3[603U] = 0U; - rand_stack.f3[604U] = 0U; - rand_stack.f3[605U] = 0U; - rand_stack.f3[606U] = 0U; - rand_stack.f3[607U] = 0U; - rand_stack.f3[608U] = 0U; - rand_stack.f3[609U] = 0U; - rand_stack.f3[610U] = 0U; - rand_stack.f3[611U] = 0U; - rand_stack.f3[612U] = 0U; - rand_stack.f3[613U] = 0U; - rand_stack.f3[614U] = 0U; - rand_stack.f3[615U] = 0U; - rand_stack.f3[616U] = 0U; - rand_stack.f3[617U] = 0U; - rand_stack.f3[618U] = 0U; - rand_stack.f3[619U] = 0U; - rand_stack.f3[620U] = 0U; - rand_stack.f3[621U] = 0U; - rand_stack.f3[622U] = 0U; - rand_stack.f3[623U] = 0U; - rand_stack.f3[624U] = 0U; - rand_stack.f3[625U] = 0U; - rand_stack.f3[626U] = 0U; - rand_stack.f3[627U] = 0U; - rand_stack.f3[628U] = 0U; - rand_stack.f3[629U] = 0U; - rand_stack.f3[630U] = 0U; - rand_stack.f3[631U] = 0U; - rand_stack.f3[632U] = 0U; - rand_stack.f3[633U] = 0U; - rand_stack.f3[634U] = 0U; - rand_stack.f3[635U] = 0U; - rand_stack.f3[636U] = 0U; - rand_stack.f3[637U] = 0U; - rand_stack.f3[638U] = 0U; - rand_stack.f3[639U] = 0U; - rand_stack.f3[640U] = 0U; - rand_stack.f3[641U] = 0U; - rand_stack.f3[642U] = 0U; - rand_stack.f3[643U] = 0U; - rand_stack.f3[644U] = 0U; - rand_stack.f3[645U] = 0U; - rand_stack.f3[646U] = 0U; - rand_stack.f3[647U] = 0U; - rand_stack.f3[648U] = 0U; - rand_stack.f3[649U] = 0U; - rand_stack.f3[650U] = 0U; - rand_stack.f3[651U] = 0U; - rand_stack.f3[652U] = 0U; - rand_stack.f3[653U] = 0U; - rand_stack.f3[654U] = 0U; - rand_stack.f3[655U] = 0U; - rand_stack.f3[656U] = 0U; - rand_stack.f3[657U] = 0U; - rand_stack.f3[658U] = 0U; - rand_stack.f3[659U] = 0U; - rand_stack.f3[660U] = 0U; - rand_stack.f3[661U] = 0U; - rand_stack.f3[662U] = 0U; - rand_stack.f3[663U] = 0U; - rand_stack.f3[664U] = 0U; - rand_stack.f3[665U] = 0U; - rand_stack.f3[666U] = 0U; - rand_stack.f3[667U] = 0U; - rand_stack.f3[668U] = 0U; - rand_stack.f3[669U] = 0U; - rand_stack.f3[670U] = 0U; - rand_stack.f3[671U] = 0U; - rand_stack.f3[672U] = 0U; - rand_stack.f3[673U] = 0U; - rand_stack.f3[674U] = 0U; - rand_stack.f3[675U] = 0U; - rand_stack.f3[676U] = 0U; - rand_stack.f3[677U] = 0U; - rand_stack.f3[678U] = 0U; - rand_stack.f3[679U] = 0U; - rand_stack.f3[680U] = 0U; - rand_stack.f3[681U] = 0U; - rand_stack.f3[682U] = 0U; - rand_stack.f3[683U] = 0U; - rand_stack.f3[684U] = 0U; - rand_stack.f3[685U] = 0U; - rand_stack.f3[686U] = 0U; - rand_stack.f3[687U] = 0U; - rand_stack.f3[688U] = 0U; - rand_stack.f3[689U] = 0U; - rand_stack.f3[690U] = 0U; - rand_stack.f3[691U] = 0U; - rand_stack.f3[692U] = 0U; - rand_stack.f3[693U] = 0U; - rand_stack.f3[694U] = 0U; - rand_stack.f3[695U] = 0U; - rand_stack.f3[696U] = 0U; - rand_stack.f3[697U] = 0U; - rand_stack.f3[698U] = 0U; - rand_stack.f3[699U] = 0U; - rand_stack.f3[700U] = 0U; - rand_stack.f3[701U] = 0U; - rand_stack.f3[702U] = 0U; - rand_stack.f3[703U] = 0U; - rand_stack.f3[704U] = 0U; - rand_stack.f3[705U] = 0U; - rand_stack.f3[706U] = 0U; - rand_stack.f3[707U] = 0U; - rand_stack.f3[708U] = 0U; - rand_stack.f3[709U] = 0U; - rand_stack.f3[710U] = 0U; - rand_stack.f3[711U] = 0U; - rand_stack.f3[712U] = 0U; - rand_stack.f3[713U] = 0U; - rand_stack.f3[714U] = 0U; - rand_stack.f3[715U] = 0U; - rand_stack.f3[716U] = 0U; - rand_stack.f3[717U] = 0U; - rand_stack.f3[718U] = 0U; - rand_stack.f3[719U] = 0U; - rand_stack.f3[720U] = 0U; - rand_stack.f3[721U] = 0U; - rand_stack.f3[722U] = 0U; - rand_stack.f3[723U] = 0U; - rand_stack.f3[724U] = 0U; - rand_stack.f3[725U] = 0U; - rand_stack.f3[726U] = 0U; - rand_stack.f3[727U] = 0U; - rand_stack.f3[728U] = 0U; - rand_stack.f3[729U] = 0U; - rand_stack.f3[730U] = 0U; - rand_stack.f3[731U] = 0U; - rand_stack.f3[732U] = 0U; - rand_stack.f3[733U] = 0U; - rand_stack.f3[734U] = 0U; - rand_stack.f3[735U] = 0U; - rand_stack.f3[736U] = 0U; - rand_stack.f3[737U] = 0U; - rand_stack.f3[738U] = 0U; - rand_stack.f3[739U] = 0U; - rand_stack.f3[740U] = 0U; - rand_stack.f3[741U] = 0U; - rand_stack.f3[742U] = 0U; - rand_stack.f3[743U] = 0U; - rand_stack.f3[744U] = 0U; - rand_stack.f3[745U] = 0U; - rand_stack.f3[746U] = 0U; - rand_stack.f3[747U] = 0U; - rand_stack.f3[748U] = 0U; - rand_stack.f3[749U] = 0U; - rand_stack.f3[750U] = 0U; - rand_stack.f3[751U] = 0U; - rand_stack.f3[752U] = 0U; - rand_stack.f3[753U] = 0U; - rand_stack.f3[754U] = 0U; - rand_stack.f3[755U] = 0U; - rand_stack.f3[756U] = 0U; - rand_stack.f3[757U] = 0U; - rand_stack.f3[758U] = 0U; - rand_stack.f3[759U] = 0U; - rand_stack.f3[760U] = 0U; - rand_stack.f3[761U] = 0U; - rand_stack.f3[762U] = 0U; - rand_stack.f3[763U] = 0U; - rand_stack.f3[764U] = 0U; - rand_stack.f3[765U] = 0U; - rand_stack.f3[766U] = 0U; - rand_stack.f3[767U] = 0U; - rand_stack.f3[768U] = 0U; - rand_stack.f3[769U] = 0U; - rand_stack.f3[770U] = 0U; - rand_stack.f3[771U] = 0U; - rand_stack.f3[772U] = 0U; - rand_stack.f3[773U] = 0U; - rand_stack.f3[774U] = 0U; - rand_stack.f3[775U] = 0U; - rand_stack.f3[776U] = 0U; - rand_stack.f3[777U] = 0U; - rand_stack.f3[778U] = 0U; - rand_stack.f3[779U] = 0U; - rand_stack.f3[780U] = 0U; - rand_stack.f3[781U] = 0U; - rand_stack.f3[782U] = 0U; - rand_stack.f3[783U] = 0U; - rand_stack.f3[784U] = 0U; - rand_stack.f3[785U] = 0U; - rand_stack.f3[786U] = 0U; - rand_stack.f3[787U] = 0U; - rand_stack.f3[788U] = 0U; - rand_stack.f3[789U] = 0U; - rand_stack.f3[790U] = 0U; - rand_stack.f3[791U] = 0U; - rand_stack.f3[792U] = 0U; - rand_stack.f3[793U] = 0U; - rand_stack.f3[794U] = 0U; - rand_stack.f3[795U] = 0U; - rand_stack.f3[796U] = 0U; - rand_stack.f3[797U] = 0U; - rand_stack.f3[798U] = 0U; - rand_stack.f3[799U] = 0U; - rand_stack.f3[800U] = 0U; - rand_stack.f3[801U] = 0U; - rand_stack.f3[802U] = 0U; - rand_stack.f3[803U] = 0U; - rand_stack.f3[804U] = 0U; - rand_stack.f3[805U] = 0U; - rand_stack.f3[806U] = 0U; - rand_stack.f3[807U] = 0U; - rand_stack.f3[808U] = 0U; - rand_stack.f3[809U] = 0U; - rand_stack.f3[810U] = 0U; - rand_stack.f3[811U] = 0U; - rand_stack.f3[812U] = 0U; - rand_stack.f3[813U] = 0U; - rand_stack.f3[814U] = 0U; - rand_stack.f3[815U] = 0U; - rand_stack.f3[816U] = 0U; - rand_stack.f3[817U] = 0U; - rand_stack.f3[818U] = 0U; - rand_stack.f3[819U] = 0U; - rand_stack.f3[820U] = 0U; - rand_stack.f3[821U] = 0U; - rand_stack.f3[822U] = 0U; - rand_stack.f3[823U] = 0U; - rand_stack.f3[824U] = 0U; - rand_stack.f3[825U] = 0U; - rand_stack.f3[826U] = 0U; - rand_stack.f3[827U] = 0U; - rand_stack.f3[828U] = 0U; - rand_stack.f3[829U] = 0U; - rand_stack.f3[830U] = 0U; - rand_stack.f3[831U] = 0U; - rand_stack.f3[832U] = 0U; - rand_stack.f3[833U] = 0U; - rand_stack.f3[834U] = 0U; - rand_stack.f3[835U] = 0U; - rand_stack.f3[836U] = 0U; - rand_stack.f3[837U] = 0U; - rand_stack.f3[838U] = 0U; - rand_stack.f3[839U] = 0U; + uint8_t rand_stack0[840U] = {0U}; + uint8_t rand_stack1[840U] = {0U}; + uint8_t rand_stack2[840U] = {0U}; + uint8_t rand_stack3[840U] = {0U}; int32_t tmp_stack[4U][263U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; @@ -5333,7 +3669,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}), (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed, A, &rand_stack, + copy_of_seed, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5344,7 +3680,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}), (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed0, A, &rand_stack, + copy_of_seed0, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5355,7 +3691,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}), (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed1, A, &rand_stack, + copy_of_seed1, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5366,7 +3702,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}), (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed2, A, &rand_stack, + copy_of_seed2, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5377,7 +3713,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}), (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed3, A, &rand_stack, + copy_of_seed3, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5388,7 +3724,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}), (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed4, A, &rand_stack, + copy_of_seed4, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5399,7 +3735,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}), (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed5, A, &rand_stack, + copy_of_seed5, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -5410,7 +3746,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_f4( (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}), (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_f4( - copy_of_seed6, A, &rand_stack, + copy_of_seed6, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf, (size_t)2U); memcpy(ret, A, diff --git a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h index 177e98ceb..13e99f9fc 100644 --- a/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_mldsa65_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ #ifndef __libcrux_mldsa65_portable_H @@ -4166,13 +4166,6 @@ static inline void libcrux_ml_dsa_simd_portable_invert_ntt_montgomery_36( typedef struct libcrux_ml_dsa_samplex4_portable_PortableSampler_s { } libcrux_ml_dsa_samplex4_portable_PortableSampler; -typedef struct uint8_t_840size_t__x4_s { - uint8_t fst[840U]; - uint8_t snd[840U]; - uint8_t thd[840U]; - uint8_t f3[840U]; -} uint8_t_840size_t__x4; - /** A monomorphic instance of K. with types uint8_t[4032size_t], uint8_t[1952size_t] @@ -4274,6 +4267,19 @@ libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( return done; } +/** +A monomorphic instance of libcrux_ml_dsa.sample.update_matrix +with types libcrux_ml_dsa_simd_portable_vector_type_PortableSIMDUnit +with const generics +- ROWS_IN_A= 6 +- COLUMNS_IN_A= 5 +*/ +static inline void libcrux_ml_dsa_sample_update_matrix_2f( + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*m)[5U], size_t i, + size_t j, libcrux_ml_dsa_polynomial_PolynomialRingElement_9b v) { + m[i][j] = v; +} + /** This function found in impl {libcrux_ml_dsa::polynomial::PolynomialRingElement[TraitClause@0, @@ -4326,8 +4332,9 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( uint8_t seed0[34U], libcrux_ml_dsa_polynomial_PolynomialRingElement_9b (*matrix)[5U], - uint8_t_840size_t__x4 *rand_stack, Eurydice_slice tmp_stack, - uint8_t_x2 *indices, size_t elements_requested) { + uint8_t *rand_stack0, uint8_t *rand_stack1, uint8_t *rand_stack2, + uint8_t *rand_stack3, Eurydice_slice tmp_stack, uint8_t_x2 *indices, + size_t elements_requested) { uint16_t domain_separator0 = libcrux_ml_dsa_sample_generate_domain_separator(indices[0U]); uint16_t domain_separator1 = @@ -4357,33 +4364,32 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( Eurydice_array_to_slice((size_t)34U, seed2, uint8_t), Eurydice_array_to_slice((size_t)34U, seed3, uint8_t)); libcrux_ml_dsa_hash_functions_portable_squeeze_first_five_blocks_ed( - &state, rand_stack->fst, rand_stack->snd, rand_stack->thd, - rand_stack->f3); + &state, rand_stack0, rand_stack1, rand_stack2, rand_stack3); size_t sampled0 = (size_t)0U; size_t sampled1 = (size_t)0U; size_t sampled2 = (size_t)0U; size_t sampled3 = (size_t)0U; bool done0 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, rand_stack->fst, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack0, uint8_t), &sampled0, Eurydice_slice_index(tmp_stack, (size_t)0U, int32_t[263U], int32_t(*)[263U])); bool done1 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, rand_stack->snd, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack1, uint8_t), &sampled1, Eurydice_slice_index(tmp_stack, (size_t)1U, int32_t[263U], int32_t(*)[263U])); bool done2 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, rand_stack->thd, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack2, uint8_t), &sampled2, Eurydice_slice_index(tmp_stack, (size_t)2U, int32_t[263U], int32_t(*)[263U])); bool done3 = libcrux_ml_dsa_sample_rejection_sample_less_than_field_modulus_ba( - Eurydice_array_to_slice((size_t)840U, rand_stack->f3, uint8_t), + Eurydice_array_to_slice((size_t)840U, rand_stack3, uint8_t), &sampled3, Eurydice_slice_index(tmp_stack, (size_t)3U, int32_t[263U], int32_t(*)[263U])); @@ -4561,12 +4567,15 @@ libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( size_t uu____0 = k; uint8_t i = indices[uu____0].fst; uint8_t j = indices[uu____0].snd; - libcrux_ml_dsa_polynomial_PolynomialRingElement_9b uu____1 = + libcrux_ml_dsa_polynomial_PolynomialRingElement_9b(*uu____1)[5U] = matrix; + size_t uu____2 = (size_t)i; + size_t uu____3 = (size_t)j; + libcrux_ml_dsa_sample_update_matrix_2f( + uu____1, uu____2, uu____3, libcrux_ml_dsa_polynomial_from_i32_array_ff_ba(Eurydice_array_to_slice( (size_t)263U, Eurydice_slice_index(tmp_stack, k, int32_t[263U], int32_t(*)[263U]), - int32_t)); - matrix[(size_t)i][(size_t)j] = uu____1; + int32_t))); } } @@ -4588,1691 +4597,10 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( A[i][3U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); A[i][4U] = libcrux_ml_dsa_polynomial_ZERO_ff_ba(); } - uint8_t uu____0[840U] = {0U}; - uint8_t uu____1[840U] = {0U}; - uint8_t_840size_t__x4 rand_stack; - rand_stack.fst[0U] = 0U; - rand_stack.fst[1U] = 0U; - rand_stack.fst[2U] = 0U; - rand_stack.fst[3U] = 0U; - rand_stack.fst[4U] = 0U; - rand_stack.fst[5U] = 0U; - rand_stack.fst[6U] = 0U; - rand_stack.fst[7U] = 0U; - rand_stack.fst[8U] = 0U; - rand_stack.fst[9U] = 0U; - rand_stack.fst[10U] = 0U; - rand_stack.fst[11U] = 0U; - rand_stack.fst[12U] = 0U; - rand_stack.fst[13U] = 0U; - rand_stack.fst[14U] = 0U; - rand_stack.fst[15U] = 0U; - rand_stack.fst[16U] = 0U; - rand_stack.fst[17U] = 0U; - rand_stack.fst[18U] = 0U; - rand_stack.fst[19U] = 0U; - rand_stack.fst[20U] = 0U; - rand_stack.fst[21U] = 0U; - rand_stack.fst[22U] = 0U; - rand_stack.fst[23U] = 0U; - rand_stack.fst[24U] = 0U; - rand_stack.fst[25U] = 0U; - rand_stack.fst[26U] = 0U; - rand_stack.fst[27U] = 0U; - rand_stack.fst[28U] = 0U; - rand_stack.fst[29U] = 0U; - rand_stack.fst[30U] = 0U; - rand_stack.fst[31U] = 0U; - rand_stack.fst[32U] = 0U; - rand_stack.fst[33U] = 0U; - rand_stack.fst[34U] = 0U; - rand_stack.fst[35U] = 0U; - rand_stack.fst[36U] = 0U; - rand_stack.fst[37U] = 0U; - rand_stack.fst[38U] = 0U; - rand_stack.fst[39U] = 0U; - rand_stack.fst[40U] = 0U; - rand_stack.fst[41U] = 0U; - rand_stack.fst[42U] = 0U; - rand_stack.fst[43U] = 0U; - rand_stack.fst[44U] = 0U; - rand_stack.fst[45U] = 0U; - rand_stack.fst[46U] = 0U; - rand_stack.fst[47U] = 0U; - rand_stack.fst[48U] = 0U; - rand_stack.fst[49U] = 0U; - rand_stack.fst[50U] = 0U; - rand_stack.fst[51U] = 0U; - rand_stack.fst[52U] = 0U; - rand_stack.fst[53U] = 0U; - rand_stack.fst[54U] = 0U; - rand_stack.fst[55U] = 0U; - rand_stack.fst[56U] = 0U; - rand_stack.fst[57U] = 0U; - rand_stack.fst[58U] = 0U; - rand_stack.fst[59U] = 0U; - rand_stack.fst[60U] = 0U; - rand_stack.fst[61U] = 0U; - rand_stack.fst[62U] = 0U; - rand_stack.fst[63U] = 0U; - rand_stack.fst[64U] = 0U; - rand_stack.fst[65U] = 0U; - rand_stack.fst[66U] = 0U; - rand_stack.fst[67U] = 0U; - rand_stack.fst[68U] = 0U; - rand_stack.fst[69U] = 0U; - rand_stack.fst[70U] = 0U; - rand_stack.fst[71U] = 0U; - rand_stack.fst[72U] = 0U; - rand_stack.fst[73U] = 0U; - rand_stack.fst[74U] = 0U; - rand_stack.fst[75U] = 0U; - rand_stack.fst[76U] = 0U; - rand_stack.fst[77U] = 0U; - rand_stack.fst[78U] = 0U; - rand_stack.fst[79U] = 0U; - rand_stack.fst[80U] = 0U; - rand_stack.fst[81U] = 0U; - rand_stack.fst[82U] = 0U; - rand_stack.fst[83U] = 0U; - rand_stack.fst[84U] = 0U; - rand_stack.fst[85U] = 0U; - rand_stack.fst[86U] = 0U; - rand_stack.fst[87U] = 0U; - rand_stack.fst[88U] = 0U; - rand_stack.fst[89U] = 0U; - rand_stack.fst[90U] = 0U; - rand_stack.fst[91U] = 0U; - rand_stack.fst[92U] = 0U; - rand_stack.fst[93U] = 0U; - rand_stack.fst[94U] = 0U; - rand_stack.fst[95U] = 0U; - rand_stack.fst[96U] = 0U; - rand_stack.fst[97U] = 0U; - rand_stack.fst[98U] = 0U; - rand_stack.fst[99U] = 0U; - rand_stack.fst[100U] = 0U; - rand_stack.fst[101U] = 0U; - rand_stack.fst[102U] = 0U; - rand_stack.fst[103U] = 0U; - rand_stack.fst[104U] = 0U; - rand_stack.fst[105U] = 0U; - rand_stack.fst[106U] = 0U; - rand_stack.fst[107U] = 0U; - rand_stack.fst[108U] = 0U; - rand_stack.fst[109U] = 0U; - rand_stack.fst[110U] = 0U; - rand_stack.fst[111U] = 0U; - rand_stack.fst[112U] = 0U; - rand_stack.fst[113U] = 0U; - rand_stack.fst[114U] = 0U; - rand_stack.fst[115U] = 0U; - rand_stack.fst[116U] = 0U; - rand_stack.fst[117U] = 0U; - rand_stack.fst[118U] = 0U; - rand_stack.fst[119U] = 0U; - rand_stack.fst[120U] = 0U; - rand_stack.fst[121U] = 0U; - rand_stack.fst[122U] = 0U; - rand_stack.fst[123U] = 0U; - rand_stack.fst[124U] = 0U; - rand_stack.fst[125U] = 0U; - rand_stack.fst[126U] = 0U; - rand_stack.fst[127U] = 0U; - rand_stack.fst[128U] = 0U; - rand_stack.fst[129U] = 0U; - rand_stack.fst[130U] = 0U; - rand_stack.fst[131U] = 0U; - rand_stack.fst[132U] = 0U; - rand_stack.fst[133U] = 0U; - rand_stack.fst[134U] = 0U; - rand_stack.fst[135U] = 0U; - rand_stack.fst[136U] = 0U; - rand_stack.fst[137U] = 0U; - rand_stack.fst[138U] = 0U; - rand_stack.fst[139U] = 0U; - rand_stack.fst[140U] = 0U; - rand_stack.fst[141U] = 0U; - rand_stack.fst[142U] = 0U; - rand_stack.fst[143U] = 0U; - rand_stack.fst[144U] = 0U; - rand_stack.fst[145U] = 0U; - rand_stack.fst[146U] = 0U; - rand_stack.fst[147U] = 0U; - rand_stack.fst[148U] = 0U; - rand_stack.fst[149U] = 0U; - rand_stack.fst[150U] = 0U; - rand_stack.fst[151U] = 0U; - rand_stack.fst[152U] = 0U; - rand_stack.fst[153U] = 0U; - rand_stack.fst[154U] = 0U; - rand_stack.fst[155U] = 0U; - rand_stack.fst[156U] = 0U; - rand_stack.fst[157U] = 0U; - rand_stack.fst[158U] = 0U; - rand_stack.fst[159U] = 0U; - rand_stack.fst[160U] = 0U; - rand_stack.fst[161U] = 0U; - rand_stack.fst[162U] = 0U; - rand_stack.fst[163U] = 0U; - rand_stack.fst[164U] = 0U; - rand_stack.fst[165U] = 0U; - rand_stack.fst[166U] = 0U; - rand_stack.fst[167U] = 0U; - rand_stack.fst[168U] = 0U; - rand_stack.fst[169U] = 0U; - rand_stack.fst[170U] = 0U; - rand_stack.fst[171U] = 0U; - rand_stack.fst[172U] = 0U; - rand_stack.fst[173U] = 0U; - rand_stack.fst[174U] = 0U; - rand_stack.fst[175U] = 0U; - rand_stack.fst[176U] = 0U; - rand_stack.fst[177U] = 0U; - rand_stack.fst[178U] = 0U; - rand_stack.fst[179U] = 0U; - rand_stack.fst[180U] = 0U; - rand_stack.fst[181U] = 0U; - rand_stack.fst[182U] = 0U; - rand_stack.fst[183U] = 0U; - rand_stack.fst[184U] = 0U; - rand_stack.fst[185U] = 0U; - rand_stack.fst[186U] = 0U; - rand_stack.fst[187U] = 0U; - rand_stack.fst[188U] = 0U; - rand_stack.fst[189U] = 0U; - rand_stack.fst[190U] = 0U; - rand_stack.fst[191U] = 0U; - rand_stack.fst[192U] = 0U; - rand_stack.fst[193U] = 0U; - rand_stack.fst[194U] = 0U; - rand_stack.fst[195U] = 0U; - rand_stack.fst[196U] = 0U; - rand_stack.fst[197U] = 0U; - rand_stack.fst[198U] = 0U; - rand_stack.fst[199U] = 0U; - rand_stack.fst[200U] = 0U; - rand_stack.fst[201U] = 0U; - rand_stack.fst[202U] = 0U; - rand_stack.fst[203U] = 0U; - rand_stack.fst[204U] = 0U; - rand_stack.fst[205U] = 0U; - rand_stack.fst[206U] = 0U; - rand_stack.fst[207U] = 0U; - rand_stack.fst[208U] = 0U; - rand_stack.fst[209U] = 0U; - rand_stack.fst[210U] = 0U; - rand_stack.fst[211U] = 0U; - rand_stack.fst[212U] = 0U; - rand_stack.fst[213U] = 0U; - rand_stack.fst[214U] = 0U; - rand_stack.fst[215U] = 0U; - rand_stack.fst[216U] = 0U; - rand_stack.fst[217U] = 0U; - rand_stack.fst[218U] = 0U; - rand_stack.fst[219U] = 0U; - rand_stack.fst[220U] = 0U; - rand_stack.fst[221U] = 0U; - rand_stack.fst[222U] = 0U; - rand_stack.fst[223U] = 0U; - rand_stack.fst[224U] = 0U; - rand_stack.fst[225U] = 0U; - rand_stack.fst[226U] = 0U; - rand_stack.fst[227U] = 0U; - rand_stack.fst[228U] = 0U; - rand_stack.fst[229U] = 0U; - rand_stack.fst[230U] = 0U; - rand_stack.fst[231U] = 0U; - rand_stack.fst[232U] = 0U; - rand_stack.fst[233U] = 0U; - rand_stack.fst[234U] = 0U; - rand_stack.fst[235U] = 0U; - rand_stack.fst[236U] = 0U; - rand_stack.fst[237U] = 0U; - rand_stack.fst[238U] = 0U; - rand_stack.fst[239U] = 0U; - rand_stack.fst[240U] = 0U; - rand_stack.fst[241U] = 0U; - rand_stack.fst[242U] = 0U; - rand_stack.fst[243U] = 0U; - rand_stack.fst[244U] = 0U; - rand_stack.fst[245U] = 0U; - rand_stack.fst[246U] = 0U; - rand_stack.fst[247U] = 0U; - rand_stack.fst[248U] = 0U; - rand_stack.fst[249U] = 0U; - rand_stack.fst[250U] = 0U; - rand_stack.fst[251U] = 0U; - rand_stack.fst[252U] = 0U; - rand_stack.fst[253U] = 0U; - rand_stack.fst[254U] = 0U; - rand_stack.fst[255U] = 0U; - rand_stack.fst[256U] = 0U; - rand_stack.fst[257U] = 0U; - rand_stack.fst[258U] = 0U; - rand_stack.fst[259U] = 0U; - rand_stack.fst[260U] = 0U; - rand_stack.fst[261U] = 0U; - rand_stack.fst[262U] = 0U; - rand_stack.fst[263U] = 0U; - rand_stack.fst[264U] = 0U; - rand_stack.fst[265U] = 0U; - rand_stack.fst[266U] = 0U; - rand_stack.fst[267U] = 0U; - rand_stack.fst[268U] = 0U; - rand_stack.fst[269U] = 0U; - rand_stack.fst[270U] = 0U; - rand_stack.fst[271U] = 0U; - rand_stack.fst[272U] = 0U; - rand_stack.fst[273U] = 0U; - rand_stack.fst[274U] = 0U; - rand_stack.fst[275U] = 0U; - rand_stack.fst[276U] = 0U; - rand_stack.fst[277U] = 0U; - rand_stack.fst[278U] = 0U; - rand_stack.fst[279U] = 0U; - rand_stack.fst[280U] = 0U; - rand_stack.fst[281U] = 0U; - rand_stack.fst[282U] = 0U; - rand_stack.fst[283U] = 0U; - rand_stack.fst[284U] = 0U; - rand_stack.fst[285U] = 0U; - rand_stack.fst[286U] = 0U; - rand_stack.fst[287U] = 0U; - rand_stack.fst[288U] = 0U; - rand_stack.fst[289U] = 0U; - rand_stack.fst[290U] = 0U; - rand_stack.fst[291U] = 0U; - rand_stack.fst[292U] = 0U; - rand_stack.fst[293U] = 0U; - rand_stack.fst[294U] = 0U; - rand_stack.fst[295U] = 0U; - rand_stack.fst[296U] = 0U; - rand_stack.fst[297U] = 0U; - rand_stack.fst[298U] = 0U; - rand_stack.fst[299U] = 0U; - rand_stack.fst[300U] = 0U; - rand_stack.fst[301U] = 0U; - rand_stack.fst[302U] = 0U; - rand_stack.fst[303U] = 0U; - rand_stack.fst[304U] = 0U; - rand_stack.fst[305U] = 0U; - rand_stack.fst[306U] = 0U; - rand_stack.fst[307U] = 0U; - rand_stack.fst[308U] = 0U; - rand_stack.fst[309U] = 0U; - rand_stack.fst[310U] = 0U; - rand_stack.fst[311U] = 0U; - rand_stack.fst[312U] = 0U; - rand_stack.fst[313U] = 0U; - rand_stack.fst[314U] = 0U; - rand_stack.fst[315U] = 0U; - rand_stack.fst[316U] = 0U; - rand_stack.fst[317U] = 0U; - rand_stack.fst[318U] = 0U; - rand_stack.fst[319U] = 0U; - rand_stack.fst[320U] = 0U; - rand_stack.fst[321U] = 0U; - rand_stack.fst[322U] = 0U; - rand_stack.fst[323U] = 0U; - rand_stack.fst[324U] = 0U; - rand_stack.fst[325U] = 0U; - rand_stack.fst[326U] = 0U; - rand_stack.fst[327U] = 0U; - rand_stack.fst[328U] = 0U; - rand_stack.fst[329U] = 0U; - rand_stack.fst[330U] = 0U; - rand_stack.fst[331U] = 0U; - rand_stack.fst[332U] = 0U; - rand_stack.fst[333U] = 0U; - rand_stack.fst[334U] = 0U; - rand_stack.fst[335U] = 0U; - rand_stack.fst[336U] = 0U; - rand_stack.fst[337U] = 0U; - rand_stack.fst[338U] = 0U; - rand_stack.fst[339U] = 0U; - rand_stack.fst[340U] = 0U; - rand_stack.fst[341U] = 0U; - rand_stack.fst[342U] = 0U; - rand_stack.fst[343U] = 0U; - rand_stack.fst[344U] = 0U; - rand_stack.fst[345U] = 0U; - rand_stack.fst[346U] = 0U; - rand_stack.fst[347U] = 0U; - rand_stack.fst[348U] = 0U; - rand_stack.fst[349U] = 0U; - rand_stack.fst[350U] = 0U; - rand_stack.fst[351U] = 0U; - rand_stack.fst[352U] = 0U; - rand_stack.fst[353U] = 0U; - rand_stack.fst[354U] = 0U; - rand_stack.fst[355U] = 0U; - rand_stack.fst[356U] = 0U; - rand_stack.fst[357U] = 0U; - rand_stack.fst[358U] = 0U; - rand_stack.fst[359U] = 0U; - rand_stack.fst[360U] = 0U; - rand_stack.fst[361U] = 0U; - rand_stack.fst[362U] = 0U; - rand_stack.fst[363U] = 0U; - rand_stack.fst[364U] = 0U; - rand_stack.fst[365U] = 0U; - rand_stack.fst[366U] = 0U; - rand_stack.fst[367U] = 0U; - rand_stack.fst[368U] = 0U; - rand_stack.fst[369U] = 0U; - rand_stack.fst[370U] = 0U; - rand_stack.fst[371U] = 0U; - rand_stack.fst[372U] = 0U; - rand_stack.fst[373U] = 0U; - rand_stack.fst[374U] = 0U; - rand_stack.fst[375U] = 0U; - rand_stack.fst[376U] = 0U; - rand_stack.fst[377U] = 0U; - rand_stack.fst[378U] = 0U; - rand_stack.fst[379U] = 0U; - rand_stack.fst[380U] = 0U; - rand_stack.fst[381U] = 0U; - rand_stack.fst[382U] = 0U; - rand_stack.fst[383U] = 0U; - rand_stack.fst[384U] = 0U; - rand_stack.fst[385U] = 0U; - rand_stack.fst[386U] = 0U; - rand_stack.fst[387U] = 0U; - rand_stack.fst[388U] = 0U; - rand_stack.fst[389U] = 0U; - rand_stack.fst[390U] = 0U; - rand_stack.fst[391U] = 0U; - rand_stack.fst[392U] = 0U; - rand_stack.fst[393U] = 0U; - rand_stack.fst[394U] = 0U; - rand_stack.fst[395U] = 0U; - rand_stack.fst[396U] = 0U; - rand_stack.fst[397U] = 0U; - rand_stack.fst[398U] = 0U; - rand_stack.fst[399U] = 0U; - rand_stack.fst[400U] = 0U; - rand_stack.fst[401U] = 0U; - rand_stack.fst[402U] = 0U; - rand_stack.fst[403U] = 0U; - rand_stack.fst[404U] = 0U; - rand_stack.fst[405U] = 0U; - rand_stack.fst[406U] = 0U; - rand_stack.fst[407U] = 0U; - rand_stack.fst[408U] = 0U; - rand_stack.fst[409U] = 0U; - rand_stack.fst[410U] = 0U; - rand_stack.fst[411U] = 0U; - rand_stack.fst[412U] = 0U; - rand_stack.fst[413U] = 0U; - rand_stack.fst[414U] = 0U; - rand_stack.fst[415U] = 0U; - rand_stack.fst[416U] = 0U; - rand_stack.fst[417U] = 0U; - rand_stack.fst[418U] = 0U; - rand_stack.fst[419U] = 0U; - rand_stack.fst[420U] = 0U; - rand_stack.fst[421U] = 0U; - rand_stack.fst[422U] = 0U; - rand_stack.fst[423U] = 0U; - rand_stack.fst[424U] = 0U; - rand_stack.fst[425U] = 0U; - rand_stack.fst[426U] = 0U; - rand_stack.fst[427U] = 0U; - rand_stack.fst[428U] = 0U; - rand_stack.fst[429U] = 0U; - rand_stack.fst[430U] = 0U; - rand_stack.fst[431U] = 0U; - rand_stack.fst[432U] = 0U; - rand_stack.fst[433U] = 0U; - rand_stack.fst[434U] = 0U; - rand_stack.fst[435U] = 0U; - rand_stack.fst[436U] = 0U; - rand_stack.fst[437U] = 0U; - rand_stack.fst[438U] = 0U; - rand_stack.fst[439U] = 0U; - rand_stack.fst[440U] = 0U; - rand_stack.fst[441U] = 0U; - rand_stack.fst[442U] = 0U; - rand_stack.fst[443U] = 0U; - rand_stack.fst[444U] = 0U; - rand_stack.fst[445U] = 0U; - rand_stack.fst[446U] = 0U; - rand_stack.fst[447U] = 0U; - rand_stack.fst[448U] = 0U; - rand_stack.fst[449U] = 0U; - rand_stack.fst[450U] = 0U; - rand_stack.fst[451U] = 0U; - rand_stack.fst[452U] = 0U; - rand_stack.fst[453U] = 0U; - rand_stack.fst[454U] = 0U; - rand_stack.fst[455U] = 0U; - rand_stack.fst[456U] = 0U; - rand_stack.fst[457U] = 0U; - rand_stack.fst[458U] = 0U; - rand_stack.fst[459U] = 0U; - rand_stack.fst[460U] = 0U; - rand_stack.fst[461U] = 0U; - rand_stack.fst[462U] = 0U; - rand_stack.fst[463U] = 0U; - rand_stack.fst[464U] = 0U; - rand_stack.fst[465U] = 0U; - rand_stack.fst[466U] = 0U; - rand_stack.fst[467U] = 0U; - rand_stack.fst[468U] = 0U; - rand_stack.fst[469U] = 0U; - rand_stack.fst[470U] = 0U; - rand_stack.fst[471U] = 0U; - rand_stack.fst[472U] = 0U; - rand_stack.fst[473U] = 0U; - rand_stack.fst[474U] = 0U; - rand_stack.fst[475U] = 0U; - rand_stack.fst[476U] = 0U; - rand_stack.fst[477U] = 0U; - rand_stack.fst[478U] = 0U; - rand_stack.fst[479U] = 0U; - rand_stack.fst[480U] = 0U; - rand_stack.fst[481U] = 0U; - rand_stack.fst[482U] = 0U; - rand_stack.fst[483U] = 0U; - rand_stack.fst[484U] = 0U; - rand_stack.fst[485U] = 0U; - rand_stack.fst[486U] = 0U; - rand_stack.fst[487U] = 0U; - rand_stack.fst[488U] = 0U; - rand_stack.fst[489U] = 0U; - rand_stack.fst[490U] = 0U; - rand_stack.fst[491U] = 0U; - rand_stack.fst[492U] = 0U; - rand_stack.fst[493U] = 0U; - rand_stack.fst[494U] = 0U; - rand_stack.fst[495U] = 0U; - rand_stack.fst[496U] = 0U; - rand_stack.fst[497U] = 0U; - rand_stack.fst[498U] = 0U; - rand_stack.fst[499U] = 0U; - rand_stack.fst[500U] = 0U; - rand_stack.fst[501U] = 0U; - rand_stack.fst[502U] = 0U; - rand_stack.fst[503U] = 0U; - rand_stack.fst[504U] = 0U; - rand_stack.fst[505U] = 0U; - rand_stack.fst[506U] = 0U; - rand_stack.fst[507U] = 0U; - rand_stack.fst[508U] = 0U; - rand_stack.fst[509U] = 0U; - rand_stack.fst[510U] = 0U; - rand_stack.fst[511U] = 0U; - rand_stack.fst[512U] = 0U; - rand_stack.fst[513U] = 0U; - rand_stack.fst[514U] = 0U; - rand_stack.fst[515U] = 0U; - rand_stack.fst[516U] = 0U; - rand_stack.fst[517U] = 0U; - rand_stack.fst[518U] = 0U; - rand_stack.fst[519U] = 0U; - rand_stack.fst[520U] = 0U; - rand_stack.fst[521U] = 0U; - rand_stack.fst[522U] = 0U; - rand_stack.fst[523U] = 0U; - rand_stack.fst[524U] = 0U; - rand_stack.fst[525U] = 0U; - rand_stack.fst[526U] = 0U; - rand_stack.fst[527U] = 0U; - rand_stack.fst[528U] = 0U; - rand_stack.fst[529U] = 0U; - rand_stack.fst[530U] = 0U; - rand_stack.fst[531U] = 0U; - rand_stack.fst[532U] = 0U; - rand_stack.fst[533U] = 0U; - rand_stack.fst[534U] = 0U; - rand_stack.fst[535U] = 0U; - rand_stack.fst[536U] = 0U; - rand_stack.fst[537U] = 0U; - rand_stack.fst[538U] = 0U; - rand_stack.fst[539U] = 0U; - rand_stack.fst[540U] = 0U; - rand_stack.fst[541U] = 0U; - rand_stack.fst[542U] = 0U; - rand_stack.fst[543U] = 0U; - rand_stack.fst[544U] = 0U; - rand_stack.fst[545U] = 0U; - rand_stack.fst[546U] = 0U; - rand_stack.fst[547U] = 0U; - rand_stack.fst[548U] = 0U; - rand_stack.fst[549U] = 0U; - rand_stack.fst[550U] = 0U; - rand_stack.fst[551U] = 0U; - rand_stack.fst[552U] = 0U; - rand_stack.fst[553U] = 0U; - rand_stack.fst[554U] = 0U; - rand_stack.fst[555U] = 0U; - rand_stack.fst[556U] = 0U; - rand_stack.fst[557U] = 0U; - rand_stack.fst[558U] = 0U; - rand_stack.fst[559U] = 0U; - rand_stack.fst[560U] = 0U; - rand_stack.fst[561U] = 0U; - rand_stack.fst[562U] = 0U; - rand_stack.fst[563U] = 0U; - rand_stack.fst[564U] = 0U; - rand_stack.fst[565U] = 0U; - rand_stack.fst[566U] = 0U; - rand_stack.fst[567U] = 0U; - rand_stack.fst[568U] = 0U; - rand_stack.fst[569U] = 0U; - rand_stack.fst[570U] = 0U; - rand_stack.fst[571U] = 0U; - rand_stack.fst[572U] = 0U; - rand_stack.fst[573U] = 0U; - rand_stack.fst[574U] = 0U; - rand_stack.fst[575U] = 0U; - rand_stack.fst[576U] = 0U; - rand_stack.fst[577U] = 0U; - rand_stack.fst[578U] = 0U; - rand_stack.fst[579U] = 0U; - rand_stack.fst[580U] = 0U; - rand_stack.fst[581U] = 0U; - rand_stack.fst[582U] = 0U; - rand_stack.fst[583U] = 0U; - rand_stack.fst[584U] = 0U; - rand_stack.fst[585U] = 0U; - rand_stack.fst[586U] = 0U; - rand_stack.fst[587U] = 0U; - rand_stack.fst[588U] = 0U; - rand_stack.fst[589U] = 0U; - rand_stack.fst[590U] = 0U; - rand_stack.fst[591U] = 0U; - rand_stack.fst[592U] = 0U; - rand_stack.fst[593U] = 0U; - rand_stack.fst[594U] = 0U; - rand_stack.fst[595U] = 0U; - rand_stack.fst[596U] = 0U; - rand_stack.fst[597U] = 0U; - rand_stack.fst[598U] = 0U; - rand_stack.fst[599U] = 0U; - rand_stack.fst[600U] = 0U; - rand_stack.fst[601U] = 0U; - rand_stack.fst[602U] = 0U; - rand_stack.fst[603U] = 0U; - rand_stack.fst[604U] = 0U; - rand_stack.fst[605U] = 0U; - rand_stack.fst[606U] = 0U; - rand_stack.fst[607U] = 0U; - rand_stack.fst[608U] = 0U; - rand_stack.fst[609U] = 0U; - rand_stack.fst[610U] = 0U; - rand_stack.fst[611U] = 0U; - rand_stack.fst[612U] = 0U; - rand_stack.fst[613U] = 0U; - rand_stack.fst[614U] = 0U; - rand_stack.fst[615U] = 0U; - rand_stack.fst[616U] = 0U; - rand_stack.fst[617U] = 0U; - rand_stack.fst[618U] = 0U; - rand_stack.fst[619U] = 0U; - rand_stack.fst[620U] = 0U; - rand_stack.fst[621U] = 0U; - rand_stack.fst[622U] = 0U; - rand_stack.fst[623U] = 0U; - rand_stack.fst[624U] = 0U; - rand_stack.fst[625U] = 0U; - rand_stack.fst[626U] = 0U; - rand_stack.fst[627U] = 0U; - rand_stack.fst[628U] = 0U; - rand_stack.fst[629U] = 0U; - rand_stack.fst[630U] = 0U; - rand_stack.fst[631U] = 0U; - rand_stack.fst[632U] = 0U; - rand_stack.fst[633U] = 0U; - rand_stack.fst[634U] = 0U; - rand_stack.fst[635U] = 0U; - rand_stack.fst[636U] = 0U; - rand_stack.fst[637U] = 0U; - rand_stack.fst[638U] = 0U; - rand_stack.fst[639U] = 0U; - rand_stack.fst[640U] = 0U; - rand_stack.fst[641U] = 0U; - rand_stack.fst[642U] = 0U; - rand_stack.fst[643U] = 0U; - rand_stack.fst[644U] = 0U; - rand_stack.fst[645U] = 0U; - rand_stack.fst[646U] = 0U; - rand_stack.fst[647U] = 0U; - rand_stack.fst[648U] = 0U; - rand_stack.fst[649U] = 0U; - rand_stack.fst[650U] = 0U; - rand_stack.fst[651U] = 0U; - rand_stack.fst[652U] = 0U; - rand_stack.fst[653U] = 0U; - rand_stack.fst[654U] = 0U; - rand_stack.fst[655U] = 0U; - rand_stack.fst[656U] = 0U; - rand_stack.fst[657U] = 0U; - rand_stack.fst[658U] = 0U; - rand_stack.fst[659U] = 0U; - rand_stack.fst[660U] = 0U; - rand_stack.fst[661U] = 0U; - rand_stack.fst[662U] = 0U; - rand_stack.fst[663U] = 0U; - rand_stack.fst[664U] = 0U; - rand_stack.fst[665U] = 0U; - rand_stack.fst[666U] = 0U; - rand_stack.fst[667U] = 0U; - rand_stack.fst[668U] = 0U; - rand_stack.fst[669U] = 0U; - rand_stack.fst[670U] = 0U; - rand_stack.fst[671U] = 0U; - rand_stack.fst[672U] = 0U; - rand_stack.fst[673U] = 0U; - rand_stack.fst[674U] = 0U; - rand_stack.fst[675U] = 0U; - rand_stack.fst[676U] = 0U; - rand_stack.fst[677U] = 0U; - rand_stack.fst[678U] = 0U; - rand_stack.fst[679U] = 0U; - rand_stack.fst[680U] = 0U; - rand_stack.fst[681U] = 0U; - rand_stack.fst[682U] = 0U; - rand_stack.fst[683U] = 0U; - rand_stack.fst[684U] = 0U; - rand_stack.fst[685U] = 0U; - rand_stack.fst[686U] = 0U; - rand_stack.fst[687U] = 0U; - rand_stack.fst[688U] = 0U; - rand_stack.fst[689U] = 0U; - rand_stack.fst[690U] = 0U; - rand_stack.fst[691U] = 0U; - rand_stack.fst[692U] = 0U; - rand_stack.fst[693U] = 0U; - rand_stack.fst[694U] = 0U; - rand_stack.fst[695U] = 0U; - rand_stack.fst[696U] = 0U; - rand_stack.fst[697U] = 0U; - rand_stack.fst[698U] = 0U; - rand_stack.fst[699U] = 0U; - rand_stack.fst[700U] = 0U; - rand_stack.fst[701U] = 0U; - rand_stack.fst[702U] = 0U; - rand_stack.fst[703U] = 0U; - rand_stack.fst[704U] = 0U; - rand_stack.fst[705U] = 0U; - rand_stack.fst[706U] = 0U; - rand_stack.fst[707U] = 0U; - rand_stack.fst[708U] = 0U; - rand_stack.fst[709U] = 0U; - rand_stack.fst[710U] = 0U; - rand_stack.fst[711U] = 0U; - rand_stack.fst[712U] = 0U; - rand_stack.fst[713U] = 0U; - rand_stack.fst[714U] = 0U; - rand_stack.fst[715U] = 0U; - rand_stack.fst[716U] = 0U; - rand_stack.fst[717U] = 0U; - rand_stack.fst[718U] = 0U; - rand_stack.fst[719U] = 0U; - rand_stack.fst[720U] = 0U; - rand_stack.fst[721U] = 0U; - rand_stack.fst[722U] = 0U; - rand_stack.fst[723U] = 0U; - rand_stack.fst[724U] = 0U; - rand_stack.fst[725U] = 0U; - rand_stack.fst[726U] = 0U; - rand_stack.fst[727U] = 0U; - rand_stack.fst[728U] = 0U; - rand_stack.fst[729U] = 0U; - rand_stack.fst[730U] = 0U; - rand_stack.fst[731U] = 0U; - rand_stack.fst[732U] = 0U; - rand_stack.fst[733U] = 0U; - rand_stack.fst[734U] = 0U; - rand_stack.fst[735U] = 0U; - rand_stack.fst[736U] = 0U; - rand_stack.fst[737U] = 0U; - rand_stack.fst[738U] = 0U; - rand_stack.fst[739U] = 0U; - rand_stack.fst[740U] = 0U; - rand_stack.fst[741U] = 0U; - rand_stack.fst[742U] = 0U; - rand_stack.fst[743U] = 0U; - rand_stack.fst[744U] = 0U; - rand_stack.fst[745U] = 0U; - rand_stack.fst[746U] = 0U; - rand_stack.fst[747U] = 0U; - rand_stack.fst[748U] = 0U; - rand_stack.fst[749U] = 0U; - rand_stack.fst[750U] = 0U; - rand_stack.fst[751U] = 0U; - rand_stack.fst[752U] = 0U; - rand_stack.fst[753U] = 0U; - rand_stack.fst[754U] = 0U; - rand_stack.fst[755U] = 0U; - rand_stack.fst[756U] = 0U; - rand_stack.fst[757U] = 0U; - rand_stack.fst[758U] = 0U; - rand_stack.fst[759U] = 0U; - rand_stack.fst[760U] = 0U; - rand_stack.fst[761U] = 0U; - rand_stack.fst[762U] = 0U; - rand_stack.fst[763U] = 0U; - rand_stack.fst[764U] = 0U; - rand_stack.fst[765U] = 0U; - rand_stack.fst[766U] = 0U; - rand_stack.fst[767U] = 0U; - rand_stack.fst[768U] = 0U; - rand_stack.fst[769U] = 0U; - rand_stack.fst[770U] = 0U; - rand_stack.fst[771U] = 0U; - rand_stack.fst[772U] = 0U; - rand_stack.fst[773U] = 0U; - rand_stack.fst[774U] = 0U; - rand_stack.fst[775U] = 0U; - rand_stack.fst[776U] = 0U; - rand_stack.fst[777U] = 0U; - rand_stack.fst[778U] = 0U; - rand_stack.fst[779U] = 0U; - rand_stack.fst[780U] = 0U; - rand_stack.fst[781U] = 0U; - rand_stack.fst[782U] = 0U; - rand_stack.fst[783U] = 0U; - rand_stack.fst[784U] = 0U; - rand_stack.fst[785U] = 0U; - rand_stack.fst[786U] = 0U; - rand_stack.fst[787U] = 0U; - rand_stack.fst[788U] = 0U; - rand_stack.fst[789U] = 0U; - rand_stack.fst[790U] = 0U; - rand_stack.fst[791U] = 0U; - rand_stack.fst[792U] = 0U; - rand_stack.fst[793U] = 0U; - rand_stack.fst[794U] = 0U; - rand_stack.fst[795U] = 0U; - rand_stack.fst[796U] = 0U; - rand_stack.fst[797U] = 0U; - rand_stack.fst[798U] = 0U; - rand_stack.fst[799U] = 0U; - rand_stack.fst[800U] = 0U; - rand_stack.fst[801U] = 0U; - rand_stack.fst[802U] = 0U; - rand_stack.fst[803U] = 0U; - rand_stack.fst[804U] = 0U; - rand_stack.fst[805U] = 0U; - rand_stack.fst[806U] = 0U; - rand_stack.fst[807U] = 0U; - rand_stack.fst[808U] = 0U; - rand_stack.fst[809U] = 0U; - rand_stack.fst[810U] = 0U; - rand_stack.fst[811U] = 0U; - rand_stack.fst[812U] = 0U; - rand_stack.fst[813U] = 0U; - rand_stack.fst[814U] = 0U; - rand_stack.fst[815U] = 0U; - rand_stack.fst[816U] = 0U; - rand_stack.fst[817U] = 0U; - rand_stack.fst[818U] = 0U; - rand_stack.fst[819U] = 0U; - rand_stack.fst[820U] = 0U; - rand_stack.fst[821U] = 0U; - rand_stack.fst[822U] = 0U; - rand_stack.fst[823U] = 0U; - rand_stack.fst[824U] = 0U; - rand_stack.fst[825U] = 0U; - rand_stack.fst[826U] = 0U; - rand_stack.fst[827U] = 0U; - rand_stack.fst[828U] = 0U; - rand_stack.fst[829U] = 0U; - rand_stack.fst[830U] = 0U; - rand_stack.fst[831U] = 0U; - rand_stack.fst[832U] = 0U; - rand_stack.fst[833U] = 0U; - rand_stack.fst[834U] = 0U; - rand_stack.fst[835U] = 0U; - rand_stack.fst[836U] = 0U; - rand_stack.fst[837U] = 0U; - rand_stack.fst[838U] = 0U; - rand_stack.fst[839U] = 0U; - memcpy(rand_stack.snd, uu____0, (size_t)840U * sizeof(uint8_t)); - memcpy(rand_stack.thd, uu____1, (size_t)840U * sizeof(uint8_t)); - rand_stack.f3[0U] = 0U; - rand_stack.f3[1U] = 0U; - rand_stack.f3[2U] = 0U; - rand_stack.f3[3U] = 0U; - rand_stack.f3[4U] = 0U; - rand_stack.f3[5U] = 0U; - rand_stack.f3[6U] = 0U; - rand_stack.f3[7U] = 0U; - rand_stack.f3[8U] = 0U; - rand_stack.f3[9U] = 0U; - rand_stack.f3[10U] = 0U; - rand_stack.f3[11U] = 0U; - rand_stack.f3[12U] = 0U; - rand_stack.f3[13U] = 0U; - rand_stack.f3[14U] = 0U; - rand_stack.f3[15U] = 0U; - rand_stack.f3[16U] = 0U; - rand_stack.f3[17U] = 0U; - rand_stack.f3[18U] = 0U; - rand_stack.f3[19U] = 0U; - rand_stack.f3[20U] = 0U; - rand_stack.f3[21U] = 0U; - rand_stack.f3[22U] = 0U; - rand_stack.f3[23U] = 0U; - rand_stack.f3[24U] = 0U; - rand_stack.f3[25U] = 0U; - rand_stack.f3[26U] = 0U; - rand_stack.f3[27U] = 0U; - rand_stack.f3[28U] = 0U; - rand_stack.f3[29U] = 0U; - rand_stack.f3[30U] = 0U; - rand_stack.f3[31U] = 0U; - rand_stack.f3[32U] = 0U; - rand_stack.f3[33U] = 0U; - rand_stack.f3[34U] = 0U; - rand_stack.f3[35U] = 0U; - rand_stack.f3[36U] = 0U; - rand_stack.f3[37U] = 0U; - rand_stack.f3[38U] = 0U; - rand_stack.f3[39U] = 0U; - rand_stack.f3[40U] = 0U; - rand_stack.f3[41U] = 0U; - rand_stack.f3[42U] = 0U; - rand_stack.f3[43U] = 0U; - rand_stack.f3[44U] = 0U; - rand_stack.f3[45U] = 0U; - rand_stack.f3[46U] = 0U; - rand_stack.f3[47U] = 0U; - rand_stack.f3[48U] = 0U; - rand_stack.f3[49U] = 0U; - rand_stack.f3[50U] = 0U; - rand_stack.f3[51U] = 0U; - rand_stack.f3[52U] = 0U; - rand_stack.f3[53U] = 0U; - rand_stack.f3[54U] = 0U; - rand_stack.f3[55U] = 0U; - rand_stack.f3[56U] = 0U; - rand_stack.f3[57U] = 0U; - rand_stack.f3[58U] = 0U; - rand_stack.f3[59U] = 0U; - rand_stack.f3[60U] = 0U; - rand_stack.f3[61U] = 0U; - rand_stack.f3[62U] = 0U; - rand_stack.f3[63U] = 0U; - rand_stack.f3[64U] = 0U; - rand_stack.f3[65U] = 0U; - rand_stack.f3[66U] = 0U; - rand_stack.f3[67U] = 0U; - rand_stack.f3[68U] = 0U; - rand_stack.f3[69U] = 0U; - rand_stack.f3[70U] = 0U; - rand_stack.f3[71U] = 0U; - rand_stack.f3[72U] = 0U; - rand_stack.f3[73U] = 0U; - rand_stack.f3[74U] = 0U; - rand_stack.f3[75U] = 0U; - rand_stack.f3[76U] = 0U; - rand_stack.f3[77U] = 0U; - rand_stack.f3[78U] = 0U; - rand_stack.f3[79U] = 0U; - rand_stack.f3[80U] = 0U; - rand_stack.f3[81U] = 0U; - rand_stack.f3[82U] = 0U; - rand_stack.f3[83U] = 0U; - rand_stack.f3[84U] = 0U; - rand_stack.f3[85U] = 0U; - rand_stack.f3[86U] = 0U; - rand_stack.f3[87U] = 0U; - rand_stack.f3[88U] = 0U; - rand_stack.f3[89U] = 0U; - rand_stack.f3[90U] = 0U; - rand_stack.f3[91U] = 0U; - rand_stack.f3[92U] = 0U; - rand_stack.f3[93U] = 0U; - rand_stack.f3[94U] = 0U; - rand_stack.f3[95U] = 0U; - rand_stack.f3[96U] = 0U; - rand_stack.f3[97U] = 0U; - rand_stack.f3[98U] = 0U; - rand_stack.f3[99U] = 0U; - rand_stack.f3[100U] = 0U; - rand_stack.f3[101U] = 0U; - rand_stack.f3[102U] = 0U; - rand_stack.f3[103U] = 0U; - rand_stack.f3[104U] = 0U; - rand_stack.f3[105U] = 0U; - rand_stack.f3[106U] = 0U; - rand_stack.f3[107U] = 0U; - rand_stack.f3[108U] = 0U; - rand_stack.f3[109U] = 0U; - rand_stack.f3[110U] = 0U; - rand_stack.f3[111U] = 0U; - rand_stack.f3[112U] = 0U; - rand_stack.f3[113U] = 0U; - rand_stack.f3[114U] = 0U; - rand_stack.f3[115U] = 0U; - rand_stack.f3[116U] = 0U; - rand_stack.f3[117U] = 0U; - rand_stack.f3[118U] = 0U; - rand_stack.f3[119U] = 0U; - rand_stack.f3[120U] = 0U; - rand_stack.f3[121U] = 0U; - rand_stack.f3[122U] = 0U; - rand_stack.f3[123U] = 0U; - rand_stack.f3[124U] = 0U; - rand_stack.f3[125U] = 0U; - rand_stack.f3[126U] = 0U; - rand_stack.f3[127U] = 0U; - rand_stack.f3[128U] = 0U; - rand_stack.f3[129U] = 0U; - rand_stack.f3[130U] = 0U; - rand_stack.f3[131U] = 0U; - rand_stack.f3[132U] = 0U; - rand_stack.f3[133U] = 0U; - rand_stack.f3[134U] = 0U; - rand_stack.f3[135U] = 0U; - rand_stack.f3[136U] = 0U; - rand_stack.f3[137U] = 0U; - rand_stack.f3[138U] = 0U; - rand_stack.f3[139U] = 0U; - rand_stack.f3[140U] = 0U; - rand_stack.f3[141U] = 0U; - rand_stack.f3[142U] = 0U; - rand_stack.f3[143U] = 0U; - rand_stack.f3[144U] = 0U; - rand_stack.f3[145U] = 0U; - rand_stack.f3[146U] = 0U; - rand_stack.f3[147U] = 0U; - rand_stack.f3[148U] = 0U; - rand_stack.f3[149U] = 0U; - rand_stack.f3[150U] = 0U; - rand_stack.f3[151U] = 0U; - rand_stack.f3[152U] = 0U; - rand_stack.f3[153U] = 0U; - rand_stack.f3[154U] = 0U; - rand_stack.f3[155U] = 0U; - rand_stack.f3[156U] = 0U; - rand_stack.f3[157U] = 0U; - rand_stack.f3[158U] = 0U; - rand_stack.f3[159U] = 0U; - rand_stack.f3[160U] = 0U; - rand_stack.f3[161U] = 0U; - rand_stack.f3[162U] = 0U; - rand_stack.f3[163U] = 0U; - rand_stack.f3[164U] = 0U; - rand_stack.f3[165U] = 0U; - rand_stack.f3[166U] = 0U; - rand_stack.f3[167U] = 0U; - rand_stack.f3[168U] = 0U; - rand_stack.f3[169U] = 0U; - rand_stack.f3[170U] = 0U; - rand_stack.f3[171U] = 0U; - rand_stack.f3[172U] = 0U; - rand_stack.f3[173U] = 0U; - rand_stack.f3[174U] = 0U; - rand_stack.f3[175U] = 0U; - rand_stack.f3[176U] = 0U; - rand_stack.f3[177U] = 0U; - rand_stack.f3[178U] = 0U; - rand_stack.f3[179U] = 0U; - rand_stack.f3[180U] = 0U; - rand_stack.f3[181U] = 0U; - rand_stack.f3[182U] = 0U; - rand_stack.f3[183U] = 0U; - rand_stack.f3[184U] = 0U; - rand_stack.f3[185U] = 0U; - rand_stack.f3[186U] = 0U; - rand_stack.f3[187U] = 0U; - rand_stack.f3[188U] = 0U; - rand_stack.f3[189U] = 0U; - rand_stack.f3[190U] = 0U; - rand_stack.f3[191U] = 0U; - rand_stack.f3[192U] = 0U; - rand_stack.f3[193U] = 0U; - rand_stack.f3[194U] = 0U; - rand_stack.f3[195U] = 0U; - rand_stack.f3[196U] = 0U; - rand_stack.f3[197U] = 0U; - rand_stack.f3[198U] = 0U; - rand_stack.f3[199U] = 0U; - rand_stack.f3[200U] = 0U; - rand_stack.f3[201U] = 0U; - rand_stack.f3[202U] = 0U; - rand_stack.f3[203U] = 0U; - rand_stack.f3[204U] = 0U; - rand_stack.f3[205U] = 0U; - rand_stack.f3[206U] = 0U; - rand_stack.f3[207U] = 0U; - rand_stack.f3[208U] = 0U; - rand_stack.f3[209U] = 0U; - rand_stack.f3[210U] = 0U; - rand_stack.f3[211U] = 0U; - rand_stack.f3[212U] = 0U; - rand_stack.f3[213U] = 0U; - rand_stack.f3[214U] = 0U; - rand_stack.f3[215U] = 0U; - rand_stack.f3[216U] = 0U; - rand_stack.f3[217U] = 0U; - rand_stack.f3[218U] = 0U; - rand_stack.f3[219U] = 0U; - rand_stack.f3[220U] = 0U; - rand_stack.f3[221U] = 0U; - rand_stack.f3[222U] = 0U; - rand_stack.f3[223U] = 0U; - rand_stack.f3[224U] = 0U; - rand_stack.f3[225U] = 0U; - rand_stack.f3[226U] = 0U; - rand_stack.f3[227U] = 0U; - rand_stack.f3[228U] = 0U; - rand_stack.f3[229U] = 0U; - rand_stack.f3[230U] = 0U; - rand_stack.f3[231U] = 0U; - rand_stack.f3[232U] = 0U; - rand_stack.f3[233U] = 0U; - rand_stack.f3[234U] = 0U; - rand_stack.f3[235U] = 0U; - rand_stack.f3[236U] = 0U; - rand_stack.f3[237U] = 0U; - rand_stack.f3[238U] = 0U; - rand_stack.f3[239U] = 0U; - rand_stack.f3[240U] = 0U; - rand_stack.f3[241U] = 0U; - rand_stack.f3[242U] = 0U; - rand_stack.f3[243U] = 0U; - rand_stack.f3[244U] = 0U; - rand_stack.f3[245U] = 0U; - rand_stack.f3[246U] = 0U; - rand_stack.f3[247U] = 0U; - rand_stack.f3[248U] = 0U; - rand_stack.f3[249U] = 0U; - rand_stack.f3[250U] = 0U; - rand_stack.f3[251U] = 0U; - rand_stack.f3[252U] = 0U; - rand_stack.f3[253U] = 0U; - rand_stack.f3[254U] = 0U; - rand_stack.f3[255U] = 0U; - rand_stack.f3[256U] = 0U; - rand_stack.f3[257U] = 0U; - rand_stack.f3[258U] = 0U; - rand_stack.f3[259U] = 0U; - rand_stack.f3[260U] = 0U; - rand_stack.f3[261U] = 0U; - rand_stack.f3[262U] = 0U; - rand_stack.f3[263U] = 0U; - rand_stack.f3[264U] = 0U; - rand_stack.f3[265U] = 0U; - rand_stack.f3[266U] = 0U; - rand_stack.f3[267U] = 0U; - rand_stack.f3[268U] = 0U; - rand_stack.f3[269U] = 0U; - rand_stack.f3[270U] = 0U; - rand_stack.f3[271U] = 0U; - rand_stack.f3[272U] = 0U; - rand_stack.f3[273U] = 0U; - rand_stack.f3[274U] = 0U; - rand_stack.f3[275U] = 0U; - rand_stack.f3[276U] = 0U; - rand_stack.f3[277U] = 0U; - rand_stack.f3[278U] = 0U; - rand_stack.f3[279U] = 0U; - rand_stack.f3[280U] = 0U; - rand_stack.f3[281U] = 0U; - rand_stack.f3[282U] = 0U; - rand_stack.f3[283U] = 0U; - rand_stack.f3[284U] = 0U; - rand_stack.f3[285U] = 0U; - rand_stack.f3[286U] = 0U; - rand_stack.f3[287U] = 0U; - rand_stack.f3[288U] = 0U; - rand_stack.f3[289U] = 0U; - rand_stack.f3[290U] = 0U; - rand_stack.f3[291U] = 0U; - rand_stack.f3[292U] = 0U; - rand_stack.f3[293U] = 0U; - rand_stack.f3[294U] = 0U; - rand_stack.f3[295U] = 0U; - rand_stack.f3[296U] = 0U; - rand_stack.f3[297U] = 0U; - rand_stack.f3[298U] = 0U; - rand_stack.f3[299U] = 0U; - rand_stack.f3[300U] = 0U; - rand_stack.f3[301U] = 0U; - rand_stack.f3[302U] = 0U; - rand_stack.f3[303U] = 0U; - rand_stack.f3[304U] = 0U; - rand_stack.f3[305U] = 0U; - rand_stack.f3[306U] = 0U; - rand_stack.f3[307U] = 0U; - rand_stack.f3[308U] = 0U; - rand_stack.f3[309U] = 0U; - rand_stack.f3[310U] = 0U; - rand_stack.f3[311U] = 0U; - rand_stack.f3[312U] = 0U; - rand_stack.f3[313U] = 0U; - rand_stack.f3[314U] = 0U; - rand_stack.f3[315U] = 0U; - rand_stack.f3[316U] = 0U; - rand_stack.f3[317U] = 0U; - rand_stack.f3[318U] = 0U; - rand_stack.f3[319U] = 0U; - rand_stack.f3[320U] = 0U; - rand_stack.f3[321U] = 0U; - rand_stack.f3[322U] = 0U; - rand_stack.f3[323U] = 0U; - rand_stack.f3[324U] = 0U; - rand_stack.f3[325U] = 0U; - rand_stack.f3[326U] = 0U; - rand_stack.f3[327U] = 0U; - rand_stack.f3[328U] = 0U; - rand_stack.f3[329U] = 0U; - rand_stack.f3[330U] = 0U; - rand_stack.f3[331U] = 0U; - rand_stack.f3[332U] = 0U; - rand_stack.f3[333U] = 0U; - rand_stack.f3[334U] = 0U; - rand_stack.f3[335U] = 0U; - rand_stack.f3[336U] = 0U; - rand_stack.f3[337U] = 0U; - rand_stack.f3[338U] = 0U; - rand_stack.f3[339U] = 0U; - rand_stack.f3[340U] = 0U; - rand_stack.f3[341U] = 0U; - rand_stack.f3[342U] = 0U; - rand_stack.f3[343U] = 0U; - rand_stack.f3[344U] = 0U; - rand_stack.f3[345U] = 0U; - rand_stack.f3[346U] = 0U; - rand_stack.f3[347U] = 0U; - rand_stack.f3[348U] = 0U; - rand_stack.f3[349U] = 0U; - rand_stack.f3[350U] = 0U; - rand_stack.f3[351U] = 0U; - rand_stack.f3[352U] = 0U; - rand_stack.f3[353U] = 0U; - rand_stack.f3[354U] = 0U; - rand_stack.f3[355U] = 0U; - rand_stack.f3[356U] = 0U; - rand_stack.f3[357U] = 0U; - rand_stack.f3[358U] = 0U; - rand_stack.f3[359U] = 0U; - rand_stack.f3[360U] = 0U; - rand_stack.f3[361U] = 0U; - rand_stack.f3[362U] = 0U; - rand_stack.f3[363U] = 0U; - rand_stack.f3[364U] = 0U; - rand_stack.f3[365U] = 0U; - rand_stack.f3[366U] = 0U; - rand_stack.f3[367U] = 0U; - rand_stack.f3[368U] = 0U; - rand_stack.f3[369U] = 0U; - rand_stack.f3[370U] = 0U; - rand_stack.f3[371U] = 0U; - rand_stack.f3[372U] = 0U; - rand_stack.f3[373U] = 0U; - rand_stack.f3[374U] = 0U; - rand_stack.f3[375U] = 0U; - rand_stack.f3[376U] = 0U; - rand_stack.f3[377U] = 0U; - rand_stack.f3[378U] = 0U; - rand_stack.f3[379U] = 0U; - rand_stack.f3[380U] = 0U; - rand_stack.f3[381U] = 0U; - rand_stack.f3[382U] = 0U; - rand_stack.f3[383U] = 0U; - rand_stack.f3[384U] = 0U; - rand_stack.f3[385U] = 0U; - rand_stack.f3[386U] = 0U; - rand_stack.f3[387U] = 0U; - rand_stack.f3[388U] = 0U; - rand_stack.f3[389U] = 0U; - rand_stack.f3[390U] = 0U; - rand_stack.f3[391U] = 0U; - rand_stack.f3[392U] = 0U; - rand_stack.f3[393U] = 0U; - rand_stack.f3[394U] = 0U; - rand_stack.f3[395U] = 0U; - rand_stack.f3[396U] = 0U; - rand_stack.f3[397U] = 0U; - rand_stack.f3[398U] = 0U; - rand_stack.f3[399U] = 0U; - rand_stack.f3[400U] = 0U; - rand_stack.f3[401U] = 0U; - rand_stack.f3[402U] = 0U; - rand_stack.f3[403U] = 0U; - rand_stack.f3[404U] = 0U; - rand_stack.f3[405U] = 0U; - rand_stack.f3[406U] = 0U; - rand_stack.f3[407U] = 0U; - rand_stack.f3[408U] = 0U; - rand_stack.f3[409U] = 0U; - rand_stack.f3[410U] = 0U; - rand_stack.f3[411U] = 0U; - rand_stack.f3[412U] = 0U; - rand_stack.f3[413U] = 0U; - rand_stack.f3[414U] = 0U; - rand_stack.f3[415U] = 0U; - rand_stack.f3[416U] = 0U; - rand_stack.f3[417U] = 0U; - rand_stack.f3[418U] = 0U; - rand_stack.f3[419U] = 0U; - rand_stack.f3[420U] = 0U; - rand_stack.f3[421U] = 0U; - rand_stack.f3[422U] = 0U; - rand_stack.f3[423U] = 0U; - rand_stack.f3[424U] = 0U; - rand_stack.f3[425U] = 0U; - rand_stack.f3[426U] = 0U; - rand_stack.f3[427U] = 0U; - rand_stack.f3[428U] = 0U; - rand_stack.f3[429U] = 0U; - rand_stack.f3[430U] = 0U; - rand_stack.f3[431U] = 0U; - rand_stack.f3[432U] = 0U; - rand_stack.f3[433U] = 0U; - rand_stack.f3[434U] = 0U; - rand_stack.f3[435U] = 0U; - rand_stack.f3[436U] = 0U; - rand_stack.f3[437U] = 0U; - rand_stack.f3[438U] = 0U; - rand_stack.f3[439U] = 0U; - rand_stack.f3[440U] = 0U; - rand_stack.f3[441U] = 0U; - rand_stack.f3[442U] = 0U; - rand_stack.f3[443U] = 0U; - rand_stack.f3[444U] = 0U; - rand_stack.f3[445U] = 0U; - rand_stack.f3[446U] = 0U; - rand_stack.f3[447U] = 0U; - rand_stack.f3[448U] = 0U; - rand_stack.f3[449U] = 0U; - rand_stack.f3[450U] = 0U; - rand_stack.f3[451U] = 0U; - rand_stack.f3[452U] = 0U; - rand_stack.f3[453U] = 0U; - rand_stack.f3[454U] = 0U; - rand_stack.f3[455U] = 0U; - rand_stack.f3[456U] = 0U; - rand_stack.f3[457U] = 0U; - rand_stack.f3[458U] = 0U; - rand_stack.f3[459U] = 0U; - rand_stack.f3[460U] = 0U; - rand_stack.f3[461U] = 0U; - rand_stack.f3[462U] = 0U; - rand_stack.f3[463U] = 0U; - rand_stack.f3[464U] = 0U; - rand_stack.f3[465U] = 0U; - rand_stack.f3[466U] = 0U; - rand_stack.f3[467U] = 0U; - rand_stack.f3[468U] = 0U; - rand_stack.f3[469U] = 0U; - rand_stack.f3[470U] = 0U; - rand_stack.f3[471U] = 0U; - rand_stack.f3[472U] = 0U; - rand_stack.f3[473U] = 0U; - rand_stack.f3[474U] = 0U; - rand_stack.f3[475U] = 0U; - rand_stack.f3[476U] = 0U; - rand_stack.f3[477U] = 0U; - rand_stack.f3[478U] = 0U; - rand_stack.f3[479U] = 0U; - rand_stack.f3[480U] = 0U; - rand_stack.f3[481U] = 0U; - rand_stack.f3[482U] = 0U; - rand_stack.f3[483U] = 0U; - rand_stack.f3[484U] = 0U; - rand_stack.f3[485U] = 0U; - rand_stack.f3[486U] = 0U; - rand_stack.f3[487U] = 0U; - rand_stack.f3[488U] = 0U; - rand_stack.f3[489U] = 0U; - rand_stack.f3[490U] = 0U; - rand_stack.f3[491U] = 0U; - rand_stack.f3[492U] = 0U; - rand_stack.f3[493U] = 0U; - rand_stack.f3[494U] = 0U; - rand_stack.f3[495U] = 0U; - rand_stack.f3[496U] = 0U; - rand_stack.f3[497U] = 0U; - rand_stack.f3[498U] = 0U; - rand_stack.f3[499U] = 0U; - rand_stack.f3[500U] = 0U; - rand_stack.f3[501U] = 0U; - rand_stack.f3[502U] = 0U; - rand_stack.f3[503U] = 0U; - rand_stack.f3[504U] = 0U; - rand_stack.f3[505U] = 0U; - rand_stack.f3[506U] = 0U; - rand_stack.f3[507U] = 0U; - rand_stack.f3[508U] = 0U; - rand_stack.f3[509U] = 0U; - rand_stack.f3[510U] = 0U; - rand_stack.f3[511U] = 0U; - rand_stack.f3[512U] = 0U; - rand_stack.f3[513U] = 0U; - rand_stack.f3[514U] = 0U; - rand_stack.f3[515U] = 0U; - rand_stack.f3[516U] = 0U; - rand_stack.f3[517U] = 0U; - rand_stack.f3[518U] = 0U; - rand_stack.f3[519U] = 0U; - rand_stack.f3[520U] = 0U; - rand_stack.f3[521U] = 0U; - rand_stack.f3[522U] = 0U; - rand_stack.f3[523U] = 0U; - rand_stack.f3[524U] = 0U; - rand_stack.f3[525U] = 0U; - rand_stack.f3[526U] = 0U; - rand_stack.f3[527U] = 0U; - rand_stack.f3[528U] = 0U; - rand_stack.f3[529U] = 0U; - rand_stack.f3[530U] = 0U; - rand_stack.f3[531U] = 0U; - rand_stack.f3[532U] = 0U; - rand_stack.f3[533U] = 0U; - rand_stack.f3[534U] = 0U; - rand_stack.f3[535U] = 0U; - rand_stack.f3[536U] = 0U; - rand_stack.f3[537U] = 0U; - rand_stack.f3[538U] = 0U; - rand_stack.f3[539U] = 0U; - rand_stack.f3[540U] = 0U; - rand_stack.f3[541U] = 0U; - rand_stack.f3[542U] = 0U; - rand_stack.f3[543U] = 0U; - rand_stack.f3[544U] = 0U; - rand_stack.f3[545U] = 0U; - rand_stack.f3[546U] = 0U; - rand_stack.f3[547U] = 0U; - rand_stack.f3[548U] = 0U; - rand_stack.f3[549U] = 0U; - rand_stack.f3[550U] = 0U; - rand_stack.f3[551U] = 0U; - rand_stack.f3[552U] = 0U; - rand_stack.f3[553U] = 0U; - rand_stack.f3[554U] = 0U; - rand_stack.f3[555U] = 0U; - rand_stack.f3[556U] = 0U; - rand_stack.f3[557U] = 0U; - rand_stack.f3[558U] = 0U; - rand_stack.f3[559U] = 0U; - rand_stack.f3[560U] = 0U; - rand_stack.f3[561U] = 0U; - rand_stack.f3[562U] = 0U; - rand_stack.f3[563U] = 0U; - rand_stack.f3[564U] = 0U; - rand_stack.f3[565U] = 0U; - rand_stack.f3[566U] = 0U; - rand_stack.f3[567U] = 0U; - rand_stack.f3[568U] = 0U; - rand_stack.f3[569U] = 0U; - rand_stack.f3[570U] = 0U; - rand_stack.f3[571U] = 0U; - rand_stack.f3[572U] = 0U; - rand_stack.f3[573U] = 0U; - rand_stack.f3[574U] = 0U; - rand_stack.f3[575U] = 0U; - rand_stack.f3[576U] = 0U; - rand_stack.f3[577U] = 0U; - rand_stack.f3[578U] = 0U; - rand_stack.f3[579U] = 0U; - rand_stack.f3[580U] = 0U; - rand_stack.f3[581U] = 0U; - rand_stack.f3[582U] = 0U; - rand_stack.f3[583U] = 0U; - rand_stack.f3[584U] = 0U; - rand_stack.f3[585U] = 0U; - rand_stack.f3[586U] = 0U; - rand_stack.f3[587U] = 0U; - rand_stack.f3[588U] = 0U; - rand_stack.f3[589U] = 0U; - rand_stack.f3[590U] = 0U; - rand_stack.f3[591U] = 0U; - rand_stack.f3[592U] = 0U; - rand_stack.f3[593U] = 0U; - rand_stack.f3[594U] = 0U; - rand_stack.f3[595U] = 0U; - rand_stack.f3[596U] = 0U; - rand_stack.f3[597U] = 0U; - rand_stack.f3[598U] = 0U; - rand_stack.f3[599U] = 0U; - rand_stack.f3[600U] = 0U; - rand_stack.f3[601U] = 0U; - rand_stack.f3[602U] = 0U; - rand_stack.f3[603U] = 0U; - rand_stack.f3[604U] = 0U; - rand_stack.f3[605U] = 0U; - rand_stack.f3[606U] = 0U; - rand_stack.f3[607U] = 0U; - rand_stack.f3[608U] = 0U; - rand_stack.f3[609U] = 0U; - rand_stack.f3[610U] = 0U; - rand_stack.f3[611U] = 0U; - rand_stack.f3[612U] = 0U; - rand_stack.f3[613U] = 0U; - rand_stack.f3[614U] = 0U; - rand_stack.f3[615U] = 0U; - rand_stack.f3[616U] = 0U; - rand_stack.f3[617U] = 0U; - rand_stack.f3[618U] = 0U; - rand_stack.f3[619U] = 0U; - rand_stack.f3[620U] = 0U; - rand_stack.f3[621U] = 0U; - rand_stack.f3[622U] = 0U; - rand_stack.f3[623U] = 0U; - rand_stack.f3[624U] = 0U; - rand_stack.f3[625U] = 0U; - rand_stack.f3[626U] = 0U; - rand_stack.f3[627U] = 0U; - rand_stack.f3[628U] = 0U; - rand_stack.f3[629U] = 0U; - rand_stack.f3[630U] = 0U; - rand_stack.f3[631U] = 0U; - rand_stack.f3[632U] = 0U; - rand_stack.f3[633U] = 0U; - rand_stack.f3[634U] = 0U; - rand_stack.f3[635U] = 0U; - rand_stack.f3[636U] = 0U; - rand_stack.f3[637U] = 0U; - rand_stack.f3[638U] = 0U; - rand_stack.f3[639U] = 0U; - rand_stack.f3[640U] = 0U; - rand_stack.f3[641U] = 0U; - rand_stack.f3[642U] = 0U; - rand_stack.f3[643U] = 0U; - rand_stack.f3[644U] = 0U; - rand_stack.f3[645U] = 0U; - rand_stack.f3[646U] = 0U; - rand_stack.f3[647U] = 0U; - rand_stack.f3[648U] = 0U; - rand_stack.f3[649U] = 0U; - rand_stack.f3[650U] = 0U; - rand_stack.f3[651U] = 0U; - rand_stack.f3[652U] = 0U; - rand_stack.f3[653U] = 0U; - rand_stack.f3[654U] = 0U; - rand_stack.f3[655U] = 0U; - rand_stack.f3[656U] = 0U; - rand_stack.f3[657U] = 0U; - rand_stack.f3[658U] = 0U; - rand_stack.f3[659U] = 0U; - rand_stack.f3[660U] = 0U; - rand_stack.f3[661U] = 0U; - rand_stack.f3[662U] = 0U; - rand_stack.f3[663U] = 0U; - rand_stack.f3[664U] = 0U; - rand_stack.f3[665U] = 0U; - rand_stack.f3[666U] = 0U; - rand_stack.f3[667U] = 0U; - rand_stack.f3[668U] = 0U; - rand_stack.f3[669U] = 0U; - rand_stack.f3[670U] = 0U; - rand_stack.f3[671U] = 0U; - rand_stack.f3[672U] = 0U; - rand_stack.f3[673U] = 0U; - rand_stack.f3[674U] = 0U; - rand_stack.f3[675U] = 0U; - rand_stack.f3[676U] = 0U; - rand_stack.f3[677U] = 0U; - rand_stack.f3[678U] = 0U; - rand_stack.f3[679U] = 0U; - rand_stack.f3[680U] = 0U; - rand_stack.f3[681U] = 0U; - rand_stack.f3[682U] = 0U; - rand_stack.f3[683U] = 0U; - rand_stack.f3[684U] = 0U; - rand_stack.f3[685U] = 0U; - rand_stack.f3[686U] = 0U; - rand_stack.f3[687U] = 0U; - rand_stack.f3[688U] = 0U; - rand_stack.f3[689U] = 0U; - rand_stack.f3[690U] = 0U; - rand_stack.f3[691U] = 0U; - rand_stack.f3[692U] = 0U; - rand_stack.f3[693U] = 0U; - rand_stack.f3[694U] = 0U; - rand_stack.f3[695U] = 0U; - rand_stack.f3[696U] = 0U; - rand_stack.f3[697U] = 0U; - rand_stack.f3[698U] = 0U; - rand_stack.f3[699U] = 0U; - rand_stack.f3[700U] = 0U; - rand_stack.f3[701U] = 0U; - rand_stack.f3[702U] = 0U; - rand_stack.f3[703U] = 0U; - rand_stack.f3[704U] = 0U; - rand_stack.f3[705U] = 0U; - rand_stack.f3[706U] = 0U; - rand_stack.f3[707U] = 0U; - rand_stack.f3[708U] = 0U; - rand_stack.f3[709U] = 0U; - rand_stack.f3[710U] = 0U; - rand_stack.f3[711U] = 0U; - rand_stack.f3[712U] = 0U; - rand_stack.f3[713U] = 0U; - rand_stack.f3[714U] = 0U; - rand_stack.f3[715U] = 0U; - rand_stack.f3[716U] = 0U; - rand_stack.f3[717U] = 0U; - rand_stack.f3[718U] = 0U; - rand_stack.f3[719U] = 0U; - rand_stack.f3[720U] = 0U; - rand_stack.f3[721U] = 0U; - rand_stack.f3[722U] = 0U; - rand_stack.f3[723U] = 0U; - rand_stack.f3[724U] = 0U; - rand_stack.f3[725U] = 0U; - rand_stack.f3[726U] = 0U; - rand_stack.f3[727U] = 0U; - rand_stack.f3[728U] = 0U; - rand_stack.f3[729U] = 0U; - rand_stack.f3[730U] = 0U; - rand_stack.f3[731U] = 0U; - rand_stack.f3[732U] = 0U; - rand_stack.f3[733U] = 0U; - rand_stack.f3[734U] = 0U; - rand_stack.f3[735U] = 0U; - rand_stack.f3[736U] = 0U; - rand_stack.f3[737U] = 0U; - rand_stack.f3[738U] = 0U; - rand_stack.f3[739U] = 0U; - rand_stack.f3[740U] = 0U; - rand_stack.f3[741U] = 0U; - rand_stack.f3[742U] = 0U; - rand_stack.f3[743U] = 0U; - rand_stack.f3[744U] = 0U; - rand_stack.f3[745U] = 0U; - rand_stack.f3[746U] = 0U; - rand_stack.f3[747U] = 0U; - rand_stack.f3[748U] = 0U; - rand_stack.f3[749U] = 0U; - rand_stack.f3[750U] = 0U; - rand_stack.f3[751U] = 0U; - rand_stack.f3[752U] = 0U; - rand_stack.f3[753U] = 0U; - rand_stack.f3[754U] = 0U; - rand_stack.f3[755U] = 0U; - rand_stack.f3[756U] = 0U; - rand_stack.f3[757U] = 0U; - rand_stack.f3[758U] = 0U; - rand_stack.f3[759U] = 0U; - rand_stack.f3[760U] = 0U; - rand_stack.f3[761U] = 0U; - rand_stack.f3[762U] = 0U; - rand_stack.f3[763U] = 0U; - rand_stack.f3[764U] = 0U; - rand_stack.f3[765U] = 0U; - rand_stack.f3[766U] = 0U; - rand_stack.f3[767U] = 0U; - rand_stack.f3[768U] = 0U; - rand_stack.f3[769U] = 0U; - rand_stack.f3[770U] = 0U; - rand_stack.f3[771U] = 0U; - rand_stack.f3[772U] = 0U; - rand_stack.f3[773U] = 0U; - rand_stack.f3[774U] = 0U; - rand_stack.f3[775U] = 0U; - rand_stack.f3[776U] = 0U; - rand_stack.f3[777U] = 0U; - rand_stack.f3[778U] = 0U; - rand_stack.f3[779U] = 0U; - rand_stack.f3[780U] = 0U; - rand_stack.f3[781U] = 0U; - rand_stack.f3[782U] = 0U; - rand_stack.f3[783U] = 0U; - rand_stack.f3[784U] = 0U; - rand_stack.f3[785U] = 0U; - rand_stack.f3[786U] = 0U; - rand_stack.f3[787U] = 0U; - rand_stack.f3[788U] = 0U; - rand_stack.f3[789U] = 0U; - rand_stack.f3[790U] = 0U; - rand_stack.f3[791U] = 0U; - rand_stack.f3[792U] = 0U; - rand_stack.f3[793U] = 0U; - rand_stack.f3[794U] = 0U; - rand_stack.f3[795U] = 0U; - rand_stack.f3[796U] = 0U; - rand_stack.f3[797U] = 0U; - rand_stack.f3[798U] = 0U; - rand_stack.f3[799U] = 0U; - rand_stack.f3[800U] = 0U; - rand_stack.f3[801U] = 0U; - rand_stack.f3[802U] = 0U; - rand_stack.f3[803U] = 0U; - rand_stack.f3[804U] = 0U; - rand_stack.f3[805U] = 0U; - rand_stack.f3[806U] = 0U; - rand_stack.f3[807U] = 0U; - rand_stack.f3[808U] = 0U; - rand_stack.f3[809U] = 0U; - rand_stack.f3[810U] = 0U; - rand_stack.f3[811U] = 0U; - rand_stack.f3[812U] = 0U; - rand_stack.f3[813U] = 0U; - rand_stack.f3[814U] = 0U; - rand_stack.f3[815U] = 0U; - rand_stack.f3[816U] = 0U; - rand_stack.f3[817U] = 0U; - rand_stack.f3[818U] = 0U; - rand_stack.f3[819U] = 0U; - rand_stack.f3[820U] = 0U; - rand_stack.f3[821U] = 0U; - rand_stack.f3[822U] = 0U; - rand_stack.f3[823U] = 0U; - rand_stack.f3[824U] = 0U; - rand_stack.f3[825U] = 0U; - rand_stack.f3[826U] = 0U; - rand_stack.f3[827U] = 0U; - rand_stack.f3[828U] = 0U; - rand_stack.f3[829U] = 0U; - rand_stack.f3[830U] = 0U; - rand_stack.f3[831U] = 0U; - rand_stack.f3[832U] = 0U; - rand_stack.f3[833U] = 0U; - rand_stack.f3[834U] = 0U; - rand_stack.f3[835U] = 0U; - rand_stack.f3[836U] = 0U; - rand_stack.f3[837U] = 0U; - rand_stack.f3[838U] = 0U; - rand_stack.f3[839U] = 0U; + uint8_t rand_stack0[840U] = {0U}; + uint8_t rand_stack1[840U] = {0U}; + uint8_t rand_stack2[840U] = {0U}; + uint8_t rand_stack3[840U] = {0U}; int32_t tmp_stack[4U][263U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; @@ -6282,7 +4610,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 2U}), (CLITERAL(uint8_t_x2){.fst = 0U, .snd = 3U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed, A, &rand_stack, + copy_of_seed, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf0, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6293,7 +4621,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 1U}), (CLITERAL(uint8_t_x2){.fst = 1U, .snd = 2U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed0, A, &rand_stack, + copy_of_seed0, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf1, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6304,7 +4632,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 0U}), (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 1U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed1, A, &rand_stack, + copy_of_seed1, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf2, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6315,7 +4643,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 2U, .snd = 4U}), (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 0U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed2, A, &rand_stack, + copy_of_seed2, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf3, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6326,7 +4654,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 3U}), (CLITERAL(uint8_t_x2){.fst = 3U, .snd = 4U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed3, A, &rand_stack, + copy_of_seed3, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf4, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6337,7 +4665,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 2U}), (CLITERAL(uint8_t_x2){.fst = 4U, .snd = 3U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed4, A, &rand_stack, + copy_of_seed4, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf5, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6348,7 +4676,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 1U}), (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 2U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed5, A, &rand_stack, + copy_of_seed5, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf6, (size_t)4U); /* Passing arrays by value in Rust generates a copy in C */ @@ -6359,7 +4687,7 @@ static KRML_MUSTINLINE void libcrux_ml_dsa_samplex4_matrix_A_6_by_5_49( (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 5U}), (CLITERAL(uint8_t_x2){.fst = 5U, .snd = 6U})}; libcrux_ml_dsa_sample_sample_up_to_four_ring_elements_49( - copy_of_seed6, A, &rand_stack, + copy_of_seed6, A, rand_stack0, rand_stack1, rand_stack2, rand_stack3, Eurydice_array_to_slice((size_t)4U, tmp_stack, int32_t[263U]), buf, (size_t)2U); memcpy(ret, A, diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h index a96bed3c2..876ec6f9b 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h index d798f2f87..ebba16495 100644 --- a/libcrux-ml-dsa/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-dsa/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b665364a6d86749566ce2d650d13fa12c8fab2c5 * Karamel: 96572bc631fde691a2aea7bce5a5a3838b3a5968 * F*: b0961063393215ca65927f017720cb365a193833-dirty - * Libcrux: c6c0198a72d0045f999b4b6a50ad7e917c8a9e42 + * Libcrux: 00424f6ff03ac7c79f2922ed628bf6a5b8723be3 */ #ifndef __libcrux_sha3_portable_H From 8c00dbf291da94dc6d4942e8a849a20997ed80c2 Mon Sep 17 00:00:00 2001 From: Jonas Schneider-Bensch Date: Thu, 19 Dec 2024 08:43:54 +0100 Subject: [PATCH 25/25] Address review comments - Comment location - Remove `sample_four_ring_elements_into!` macro --- libcrux-ml-dsa/src/sample.rs | 9 +- libcrux-ml-dsa/src/samplex4.rs | 523 ++++++++++++++------------------- 2 files changed, 231 insertions(+), 301 deletions(-) diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index be056a497..ea7f49291 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -37,13 +37,14 @@ fn rejection_sample_less_than_field_modulus( #[inline(always)] fn generate_domain_separator((row, column): (u8, u8)) -> u16 { (column as u16) | ((row as u16) << 8) -} // Doing deep updates like `a[1][1] = 3` causes a memory blowup in F* - // https://github.com/hacspec/hax/issues/1098 - // So we are instead using a matrix abstraction with a custom update function here. +} -type Matrix = +pub(crate) type Matrix = [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; +// Doing deep updates like `a[1][1] = 3` causes a memory blowup in F* +// https://github.com/hacspec/hax/issues/1098 +// So we are instead using a matrix abstraction with a custom update function here. fn update_matrix( m: &mut Matrix, i: usize, diff --git a/libcrux-ml-dsa/src/samplex4.rs b/libcrux-ml-dsa/src/samplex4.rs index 37c70280f..ddcf0ac40 100644 --- a/libcrux-ml-dsa/src/samplex4.rs +++ b/libcrux-ml-dsa/src/samplex4.rs @@ -1,7 +1,7 @@ use crate::{ hash_functions::{shake128, shake256}, polynomial::PolynomialRingElement, - sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements}, + sample::{sample_four_error_ring_elements, sample_up_to_four_ring_elements, Matrix}, simd::traits::Operations, }; @@ -14,27 +14,6 @@ pub(crate) trait X4Sampler { ) -> [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; } -type Matrix = - [[PolynomialRingElement; COLUMNS_IN_A]; ROWS_IN_A]; - -/// A call to sample four ring elements from $seed into $memory at indices $a, $b -/// $c, $d. -macro_rules! sample_four_ring_elements_into { - ($seed:ident, $matrix:ident, $rand_stack0:ident, $rand_stack1:ident, $rand_stack2:ident, $rand_stack3:ident, $tmp_stack:ident, $a:expr, $b:expr, $c:expr, $d:expr) => { - sample_up_to_four_ring_elements::( - $seed, - &mut $matrix, - &mut $rand_stack0, - &mut $rand_stack1, - &mut $rand_stack2, - &mut $rand_stack3, - &mut $tmp_stack, - &[$a, $b, $c, $d], - 4, - ); - }; -} - #[allow(non_snake_case)] #[inline(always)] #[cfg(feature = "mldsa44")] @@ -55,57 +34,49 @@ pub(crate) fn matrix_A_4_by_4< let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (0, 0), - (0, 1), - (0, 2), - (0, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (1, 0), - (1, 1), - (1, 2), - (1, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(1, 0), (1, 1), (1, 2), (1, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (2, 0), - (2, 1), - (2, 2), - (2, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(2, 0), (2, 1), (2, 2), (2, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (3, 0), - (3, 1), - (3, 2), - (3, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(3, 0), (3, 1), (3, 2), (3, 3)], + 4, ); A @@ -130,96 +101,82 @@ pub(crate) fn matrix_A_6_by_5< let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (0, 0), - (0, 1), - (0, 2), - (0, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (0, 4), - (1, 0), - (1, 1), - (1, 2) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(0, 4), (1, 0), (1, 1), (1, 2)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (1, 3), - (1, 4), - (2, 0), - (2, 1) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(1, 3), (1, 4), (2, 0), (2, 1)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (2, 2), - (2, 3), - (2, 4), - (3, 0) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(2, 2), (2, 3), (2, 4), (3, 0)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (3, 1), - (3, 2), - (3, 3), - (3, 4) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(3, 1), (3, 2), (3, 3), (3, 4)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (4, 0), - (4, 1), - (4, 2), - (4, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(4, 0), (4, 1), (4, 2), (4, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (4, 4), - (5, 0), - (5, 1), - (5, 2) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(4, 4), (5, 0), (5, 1), (5, 2)], + 4, ); // The last 2 sampled ring elements are discarded here. @@ -257,187 +214,159 @@ pub(crate) fn matrix_A_8_by_7< let mut rand_stack3 = [0u8; shake128::FIVE_BLOCKS_SIZE]; let mut tmp_stack = [[0i32; 263], [0i32; 263], [0i32; 263], [0i32; 263]]; - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (0, 0), - (0, 1), - (0, 2), - (0, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(0, 0), (0, 1), (0, 2), (0, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (0, 4), - (0, 5), - (0, 6), - (1, 0) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(0, 4), (0, 5), (0, 6), (1, 0)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (1, 1), - (1, 2), - (1, 3), - (1, 4) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(1, 1), (1, 2), (1, 3), (1, 4)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (1, 5), - (1, 6), - (2, 0), - (2, 1) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(1, 5), (1, 6), (2, 0), (2, 1)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (2, 2), - (2, 3), - (2, 4), - (2, 5) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(2, 2), (2, 3), (2, 4), (2, 5)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (2, 6), - (3, 0), - (3, 1), - (3, 2) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(2, 6), (3, 0), (3, 1), (3, 2)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (3, 3), - (3, 4), - (3, 5), - (3, 6) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(3, 3), (3, 4), (3, 5), (3, 6)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (4, 0), - (4, 1), - (4, 2), - (4, 3) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(4, 0), (4, 1), (4, 2), (4, 3)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (4, 4), - (4, 5), - (4, 6), - (5, 0) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(4, 4), (4, 5), (4, 6), (5, 0)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (5, 1), - (5, 2), - (5, 3), - (5, 4) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(5, 1), (5, 2), (5, 3), (5, 4)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (5, 5), - (5, 6), - (6, 0), - (6, 1) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(5, 5), (5, 6), (6, 0), (6, 1)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (6, 2), - (6, 3), - (6, 4), - (6, 5) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(6, 2), (6, 3), (6, 4), (6, 5)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (6, 6), - (7, 0), - (7, 1), - (7, 2) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(6, 6), (7, 0), (7, 1), (7, 2)], + 4, ); - sample_four_ring_elements_into!( + sample_up_to_four_ring_elements::( seed, - A, - rand_stack0, - rand_stack1, - rand_stack2, - rand_stack3, - tmp_stack, - (7, 3), - (7, 4), - (7, 5), - (7, 6) + &mut A, + &mut rand_stack0, + &mut rand_stack1, + &mut rand_stack2, + &mut rand_stack3, + &mut tmp_stack, + &[(7, 3), (7, 4), (7, 5), (7, 6)], + 4, ); A