Skip to content
/ faest-avx Public

FAEST implementation for AVX2 and other extensions on the x86-64 platform

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

faest-sign/faest-avx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Catch2 @ 3f0283d
Catch2 @ 3f0283d
 
 
XKCP @ 64404be
XKCP @ 64404be
 
 
avx2
avx2
 
 
avx2_vaes
avx2_vaes
 
 
ref
ref
 
 
scripts
scripts
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
KeccakHashtimes4.c
KeccakHashtimes4.c
 
 
KeccakHashtimes4.h
KeccakHashtimes4.h
 
 
KeccakSpongetimes4.c
KeccakSpongetimes4.c
 
 
KeccakSpongetimes4.h
KeccakSpongetimes4.h
 
 
KeccakSpongetimes4.inc
KeccakSpongetimes4.inc
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Makefile.in
Makefile.in
 
 
README.md
README.md
 
 
aes.c
aes.c
 
 
aes.h
aes.h
 
 
analyze.py
analyze.py
 
 
api.c
api.c
 
 
api.h.in
api.h.in
 
 
bench.sh
bench.sh
 
 
block.c
block.c
 
 
block.h
block.h
 
 
config.h.in
config.h.in
 
 
faest.c
faest.c
 
 
faest.h
faest.h
 
 
faest_details.h
faest_details.h
 
 
hash.c
hash.c
 
 
hash.h
hash.h
 
 
owf_proof.c
owf_proof.c
 
 
owf_proof.h
owf_proof.h
 
 
polynomials.c
polynomials.c
 
 
polynomials.h
polynomials.h
 
 
prgs.c
prgs.c
 
 
prgs.h
prgs.h
 
 
quicksilver.c
quicksilver.c
 
 
quicksilver.h
quicksilver.h
 
 
randomness.h
randomness.h
 
 
randomness_os.c
randomness_os.c
 
 
randomness_randombytes.c
randomness_randombytes.c
 
 
small_vole.c
small_vole.c
 
 
small_vole.h
small_vole.h
 
 
transpose.h
transpose.h
 
 
universal_hash.c
universal_hash.c
 
 
universal_hash.h
universal_hash.h
 
 
util.c
util.c
 
 
util.h
util.h
 
 
vector_com.c
vector_com.c
 
 
vector_com.h
vector_com.h
 
 
vole_check.c
vole_check.c
 
 
vole_check.h
vole_check.h
 
 
vole_commit.c
vole_commit.c
 
 
vole_commit.h
vole_commit.h
 
 
vole_params.h
vole_params.h
 
 

Repository files navigation

Platform Specific FAEST Implementation for x86-64 (With ISA Extensions)

Versions

The major version number of the FAEST implementation matches the major version number of the FAEST specification it implements. The implementation is currently at version 1.0.

Compilation

Building requires GNU make 4.4 or newer. Requires gcc 13.1.0 or higher Do not forget to pull the submodules To build all enabled settings, run make -j<number_of_threads>. Note: it can take a long time to compile them all. To build just a single setting, run make -j<number_of_threads> <setting_name>. The output will be in Additional_Implementations/<setting_name>.

Settings

There are many different settings of the FAEST implementation, which are all compiled independently from each other. Each setting is given a name: sec<security_parameter>_<primitives>_<𝜏>_<platform_setting>. Not all settings are included in the FAEST specification, so here are the settings the are:

  • sec128_cccs_11: FAEST-128s
  • sec128_cccs_16: FAEST-128f
  • sec192_cccs_16: FAEST-192s
  • sec192_cccs_24: FAEST-192f
  • sec256_cccs_22: FAEST-256s
  • sec256_cccs_32: FAEST-256f
  • sec128_eccs_11: FAEST-EM-128s
  • sec128_eccs_16: FAEST-EM-128f
  • sec192_eccs_16: FAEST-EM-192s
  • sec192_eccs_24: FAEST-EM-192f
  • sec256_eccs_22: FAEST-EM-256s
  • sec256_eccs_32: FAEST-EM-256f

Security Parameter

The security parameter can be 128, 192, or 256.

Primitives

FAEST is built out of hashes, PRGs, and a OWF. These can be set from the following options:

  • c: AES in CTR mode.
  • e: AES/Rijndael in Even–Mansour mode. Not available as a PRG for 192-bit security parameter.
  • s: SHAKE. Only available for the leaves of the GGM tree.

There are 4 independent primitives that can be set from these options.

  1. The one-way function that the signer proves knowledge of a preimage to.
  2. The PRG used to expand the seeds used to generate the VOLE correlation.
  3. The PRG used to expand the GGM tree.
  4. The hash/PRG used to commit to the leaves of the GGM tree.

The letters for these 4 settings are concatenated together in the setting name.

𝜏

𝜏 is the number of bits that need to be sent in the signature for each bit of the witness. Increasing 𝜏 gives faster but longer signatures.

Platform Settings

We plans for three sets of extensions that the implementation can use:

  • AVX2: The AVX2, AES-NI, PCLMULQDQ, and BMI1 instruction set extensions.
  • AVX2_VAES: The above, plus VAES and VPCLMULQDQ.
  • AVX512: The above, plus AVX512F and AVX512BW.

Currently we have only implemented the AVX2 set.

About

FAEST implementation for AVX2 and other extensions on the x86-64 platform

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages