brave-experiments · github-actions · Jan 29, 2025
@@ -1,6 +1,6 @@
 [package]
 name = "brave-miracl"
-version = "0.1.3"
+version = "0.2.0"
 edition = "2021"
 authors = ["Mike Scott <[email protected]>"]
 description = "Subset of the MIRACL Core library that includes the bn254 elliptic curve"

@@ -20,3 +20,4 @@
 pub type Chunk = i64;
 pub type DChunk = i128;
 pub const CHUNK: usize = 64;
+pub const CONDMS: i64 = 0x3cc3c33c5aa5a55a;
@@ -21,6 +21,7 @@ use crate::arch;
 use crate::arch::Chunk;
 
 use crate::arch::DChunk;
+use crate::arch::CONDMS;
 
 use crate::rand::RAND;
 use crate::bn254::dbig::DBIG;
@@ -187,37 +188,71 @@ impl BIG {
         (self.w[NLEN - 1] >> ((8 * MODBYTES) % BASEBITS)) as Chunk
     }
 
-    /* Conditional swap of two bigs depending on d using XOR - no branches */
-    pub fn cswap(&mut self, b: &mut BIG, d: isize) -> Chunk {
-        let c = -d as Chunk;
-        let mut w=0 as Chunk;
-        let r=self.w[0]^b.w[1];
-        let mut ra=r.wrapping_add(r); ra >>= 1;
+    /* Conditional swap of two bigs depending on d -  see Loiseau et al. 2021 */
+
+    pub fn cswap(&mut self, g: &mut BIG, b: isize) -> Chunk {
+        let r=CONDMS;
+        let bb=b as Chunk;
+        let c0=(!bb)&(r+1);
+        let c1=bb|r;
         for i in 0..NLEN {
-            let mut t = c & (self.w[i] ^ b.w[i]);
-            t^=r;
-            let mut e=self.w[i]^t; w^=e;
-            self.w[i]=e^ra; 
-            e=b.w[i]^t;  w^=e;
-            b.w[i]=e^ra;
+            let s = g.w[i];
+            let t = self.w[i];
+            let w=r*(t+s);
+            unsafe{core::ptr::write_volatile(&mut self.w[i],c0*t+c1*s)}  
+            self.w[i]-=w;
+            unsafe{core::ptr::write_volatile(&mut g.w[i],c0*s+c1*t)} 
+            g.w[i]-=w;
         }
-        return w;
+        return 0 as Chunk;
     }
+/*
+    pub fn cswap(&mut self, g: &mut BIG, d: isize) -> Chunk {
+        let r0=self.w[0]^g.w[1];
+        let r1=self.w[1]^g.w[0];
+        let dd=d as Chunk;
+        let c0=1-(dd-r0);
+        let c1=dd+r1;
 
-    pub fn cmove(&mut self, g: &BIG, d: isize)  -> Chunk {
-        let b = -d as Chunk;
-        let mut w=0 as Chunk;
-        let r=self.w[0]^g.w[1];
-        let mut ra=r.wrapping_add(r); ra >>= 1;
         for i in 0..NLEN {
-            let mut t = b & (self.w[i] ^ g.w[i]);
-            t^=r;
-            let e=self.w[i]^t; w^=e;
-            self.w[i]=e^ra; 
+            let t=self.w[i]; let s=g.w[i]; 
+            unsafe {core::ptr::write_volatile(&mut self.w[i],c0*t + c1*s);}
+            unsafe {core::ptr::write_volatile(&mut g.w[i],c0*s + c1*t);}
+            self.w[i]-=r0*t+r1*s;  
+            g.w[i]-=r0*s+r1*t;
         }
-        return w;
-    }
+        return 0 as Chunk;
+    }
+*/
+    pub fn cmove(&mut self, g: &BIG, b: isize)  -> Chunk {
+        let r=CONDMS;
+        let bb=b as Chunk;
+        let c0=(!bb)&(r+1);
+        let c1=bb|r;
+        for i in 0..NLEN {
+            let s = g.w[i];
+            let t = self.w[i];
+            unsafe{core::ptr::write_volatile(&mut self.w[i],c0*t+c1*s)}  
+            self.w[i]-=r*(t+s);
+        }
+        return 0 as Chunk;
+    }  
 
+/*
+    pub fn cmove(&mut self, g: &BIG, d: isize)  -> Chunk {
+        let r0=self.w[0]^g.w[1];
+        let r1=self.w[1]^g.w[0];
+        let dd=d as Chunk;
+        let c0=1-(dd-r0);
+        let c1=dd+r1;
+        for i in 0..NLEN {
+            let t=self.w[i];
+            unsafe {core::ptr::write_volatile(&mut self.w[i],c0*t + c1*g.w[i]);}
+            self.w[i]-=r0*t+r1*g.w[i];     
+        }
+        return 0 as Chunk;
+    }           
+*/
     /* Shift right by less than a word */
     pub fn fshr(&mut self, k: usize) -> isize {
         let n = k;

@@ -19,6 +19,7 @@
 
 use crate::arch;
 use crate::arch::Chunk;
+use crate::arch::CONDMS;
 use crate::bn254::big;
 use crate::bn254::big::BIG;
 
@@ -131,20 +132,34 @@ impl DBIG {
         }
     }
 
+    pub fn cmove(&mut self, g: &DBIG, b: isize) -> Chunk {
+        let r=CONDMS;
+        let bb=b as Chunk;
+        let c0=(!bb)&(r+1);
+        let c1=bb|r;
+        for i in 0..big::DNLEN {
+            let s = g.w[i];
+            let t = self.w[i];
+            unsafe{core::ptr::write_volatile(&mut self.w[i],c0*t+c1*s)}  
+            self.w[i]-=r*(t+s);
+        }
+        return 0 as Chunk;
+    }
+/*
     pub fn cmove(&mut self, g: &DBIG, d: isize) -> Chunk {
-        let b = -d as Chunk;
-        let mut w=0 as Chunk;
-        let r=self.w[0]^g.w[1];
-        let mut ra=r.wrapping_add(r); ra >>= 1;
+        let r0=self.w[0]^g.w[1];
+        let r1=self.w[1]^g.w[0];
+        let dd=d as Chunk;
+        let c0=1-(dd-r0);
+        let c1=dd+r1;
         for i in 0..big::DNLEN {
-            let mut t = b & (self.w[i] ^ g.w[i]);
-            t^=r;
-            let e=self.w[i]^t; w^=e;
-            self.w[i]=e^ra; 
+            let t=self.w[i];
+            unsafe {core::ptr::write_volatile(&mut self.w[i],c0*t + c1*g.w[i]);}
+            self.w[i]-=r0*t+r1*g.w[i];     
         }
-        return w;
+        return 0 as Chunk;
     }
-
+*/
     /* self+=x */
     pub fn add(&mut self, x: &DBIG) {
         for i in 0..big::DNLEN {

@@ -127,11 +127,13 @@ impl FP {
 
     /* convert back to regular form */
     pub fn redc(&self) -> BIG {
+        let mut f = FP::new_copy(self);
+        f.reduce();
         if MODTYPE != PSEUDO_MERSENNE && MODTYPE != GENERALISED_MERSENNE {
-            let mut d = DBIG::new_scopy(&(self.x));
+            let mut d = DBIG::new_scopy(&(f.x));
             FP::modulo(&mut d)
         } else {
-            BIG::new_copy(&(self.x))
+            BIG::new_copy(&(f.x))
         }
     }
+3 −1		c/arch.h
+71 −6		c/big.c
+3 −3		c/big.h
+111 −50		c/dilithium.c
+47 −10		c/dilithium.h
+2 −1		c/ecp.c
+2 −1		c/ecp2.c
+2 −1		c/ecp4.c
+3 −1		c/ecp8.c
+4 −0		c/fp.c
+1 −1		c/fp12.c
+1 −1		c/fp24.c
+1 −1		c/fp48.c
+1 −0		c/hash.c
+28 −1		c/kyber.c
+2 −0		c/kyber.h
+2 −2		c/testdlthm.c
+1 −1		c/x509.c
+3 −3		cpp/arch.h
+33 −40		cpp/big.cpp
+3 −3		cpp/big.h
+113 −53		cpp/dilithium.cpp
+47 −10		cpp/dilithium.h
+2 −1		cpp/ecp.cpp
+2 −1		cpp/ecp2.cpp
+2 −0		cpp/ecp4.cpp
+2 −0		cpp/ecp8.cpp
+4 −0		cpp/fp.cpp
+1 −1		cpp/fp12.cpp
+1 −1		cpp/fp24.cpp
+1 −1		cpp/fp48.cpp
+1 −0		cpp/hash.cpp
+39 −2		cpp/kyber.cpp
+2 −0		cpp/kyber.h
+2 −2		cpp/testdlthm.cpp
+1 −1		cpp/x509.cpp
+89 −47		go/DILITHIUM.go
+2 −1		go/FP.go
+62 −34		go/KYBER.go
+2 −2		go/TestDLTHM.go
+87 −48		java/DILITHIUM.java
+1 −0		java/FP32.java
+1 −0		java/FP64.java
+52 −27		java/KYBER.java
+8 −8		java/TestDLTHM.java
+2 −2		javascript/examples/browser/TestDLTHM.html
+87 −48		javascript/src/dilithium.js
+2 −2		javascript/src/fp.js
+32 −6		javascript/src/kyber.js
+2 −2		rust/TestDLTHM.rs
+1 −0		rust/arch32.rs
+1 −0		rust/arch64.rs
+59 −24		rust/big.rs
+31 −16		rust/config32.py
+32 −17		rust/config64.py
+25 −10		rust/dbig.rs
+123 −72		rust/dilithium.rs
+4 −2		rust/fp.rs
+16 −20		rust/gcm.rs
+6 −6		rust/hmac.rs
+56 −35		rust/kyber.rs
+2 −2		rust/nhs.rs
+9 −0		rust/readme.md
+2 −2		rust/sha3.rs
+2 −2		rust/share.rs
+7 −6		rust/x509.rs
+2 −2		swift/TestDLTHM.swift
+8 −8		swift/big.swift
+1 −1		swift/config_big.swift
+97 −48		swift/dilithium.swift
+3 −2		swift/fp.swift
+38 −12		swift/kyber.swift