From 79a0ddf3399067eb2de3b14d92331411b195bf10 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 14 Oct 2024 18:16:32 +0800 Subject: [PATCH] Update Kyber to final FIPS203 and rename to ML-KEM (#362) --- README.md | 20 +- benchmarks.csv | 72 ++-- benchmarks.md | 72 ++-- crypto_kem/kyber1024/m4fspeed/cbd.c | 1 - crypto_kem/kyber1024/m4fspeed/cbd.h | 1 - crypto_kem/kyber1024/m4fspeed/cmov_int16.S | 1 - crypto_kem/kyber1024/m4fspeed/fastaddsub.S | 1 - crypto_kem/kyber1024/m4fspeed/fastbasemul.S | 1 - crypto_kem/kyber1024/m4fspeed/fastinvntt.S | 1 - crypto_kem/kyber1024/m4fspeed/fastntt.S | 1 - crypto_kem/kyber1024/m4fspeed/indcpa.c | 1 - crypto_kem/kyber1024/m4fspeed/indcpa.h | 1 - crypto_kem/kyber1024/m4fspeed/kem.c | 1 - crypto_kem/kyber1024/m4fspeed/macros.i | 1 - crypto_kem/kyber1024/m4fspeed/matacc.c | 1 - crypto_kem/kyber1024/m4fspeed/matacc.h | 1 - crypto_kem/kyber1024/m4fspeed/matacc.i | 1 - crypto_kem/kyber1024/m4fspeed/matacc_asm.S | 1 - crypto_kem/kyber1024/m4fspeed/ntt.c | 1 - crypto_kem/kyber1024/m4fspeed/ntt.h | 1 - crypto_kem/kyber1024/m4fspeed/poly.c | 1 - crypto_kem/kyber1024/m4fspeed/poly.h | 1 - crypto_kem/kyber1024/m4fspeed/poly_asm.S | 1 - crypto_kem/kyber1024/m4fspeed/polyvec.c | 1 - crypto_kem/kyber1024/m4fspeed/polyvec.h | 1 - crypto_kem/kyber1024/m4fspeed/reduce.S | 1 - .../kyber1024/m4fspeed/symmetric-fips202.c | 1 - crypto_kem/kyber1024/m4fspeed/symmetric.h | 1 - crypto_kem/kyber1024/m4fspeed/verify.c | 1 - crypto_kem/kyber1024/m4fspeed/verify.h | 1 - crypto_kem/kyber1024/m4fstack/cmov_int16.S | 1 - crypto_kem/kyber1024/m4fstack/fastbasemul.S | 1 - crypto_kem/kyber1024/m4fstack/fastinvntt.S | 1 - crypto_kem/kyber1024/m4fstack/fastntt.S | 1 - crypto_kem/kyber1024/m4fstack/indcpa.c | 1 - crypto_kem/kyber1024/m4fstack/indcpa.h | 1 - crypto_kem/kyber1024/m4fstack/matacc.c | 1 - crypto_kem/kyber1024/m4fstack/matacc.h | 1 - crypto_kem/kyber1024/m4fstack/matacc.i | 1 - crypto_kem/kyber1024/m4fstack/matacc_asm.S | 1 - crypto_kem/kyber1024/m4fstack/poly.c | 1 - crypto_kem/kyber1024/m4fstack/poly.h | 1 - crypto_kem/kyber1024/m4fstack/poly_asm.S | 1 - crypto_kem/kyber512/m4fspeed/cmov_int16.S | 1 - crypto_kem/kyber512/m4fspeed/fastaddsub.S | 1 - crypto_kem/kyber512/m4fspeed/fastbasemul.S | 1 - crypto_kem/kyber512/m4fspeed/fastinvntt.S | 1 - crypto_kem/kyber512/m4fspeed/fastntt.S | 1 - crypto_kem/kyber512/m4fspeed/indcpa.h | 1 - crypto_kem/kyber512/m4fspeed/kem.c | 1 - crypto_kem/kyber512/m4fspeed/macros.i | 1 - crypto_kem/kyber512/m4fspeed/matacc.c | 1 - crypto_kem/kyber512/m4fspeed/matacc.h | 1 - crypto_kem/kyber512/m4fspeed/matacc.i | 1 - crypto_kem/kyber512/m4fspeed/matacc_asm.S | 1 - crypto_kem/kyber512/m4fspeed/ntt.c | 1 - crypto_kem/kyber512/m4fspeed/ntt.h | 1 - crypto_kem/kyber512/m4fspeed/poly_asm.S | 1 - crypto_kem/kyber512/m4fspeed/polyvec.c | 1 - crypto_kem/kyber512/m4fspeed/polyvec.h | 1 - crypto_kem/kyber512/m4fspeed/reduce.S | 1 - .../kyber512/m4fspeed/symmetric-fips202.c | 1 - crypto_kem/kyber512/m4fspeed/symmetric.h | 1 - crypto_kem/kyber512/m4fspeed/verify.c | 1 - crypto_kem/kyber512/m4fspeed/verify.h | 1 - crypto_kem/kyber512/m4fstack/cmov_int16.S | 1 - crypto_kem/kyber512/m4fstack/fastbasemul.S | 1 - crypto_kem/kyber512/m4fstack/fastinvntt.S | 356 ------------------ crypto_kem/kyber512/m4fstack/matacc.c | 1 - crypto_kem/kyber512/m4fstack/matacc.h | 1 - crypto_kem/kyber512/m4fstack/matacc.i | 1 - crypto_kem/kyber512/m4fstack/matacc_asm.S | 1 - crypto_kem/kyber512/m4fstack/poly_asm.S | 1 - .../kyber768/m4fstack/symmetric-fips202.c | 1 - .../{kyber1024 => ml-kem-1024}/m4fspeed/api.h | 0 crypto_kem/ml-kem-1024/m4fspeed/cbd.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/cbd.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/cmov_int16.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/fastaddsub.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/fastbasemul.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/fastinvntt.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/fastntt.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/indcpa.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/indcpa.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/kem.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/macros.i | 1 + crypto_kem/ml-kem-1024/m4fspeed/matacc.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/matacc.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/matacc.i | 1 + crypto_kem/ml-kem-1024/m4fspeed/matacc_asm.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/ntt.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/ntt.h | 1 + .../m4fspeed/params.h | 0 crypto_kem/ml-kem-1024/m4fspeed/poly.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/poly.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/poly_asm.S | 1 + crypto_kem/ml-kem-1024/m4fspeed/polyvec.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/polyvec.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/reduce.S | 1 + .../ml-kem-1024/m4fspeed/symmetric-fips202.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/symmetric.h | 1 + crypto_kem/ml-kem-1024/m4fspeed/verify.c | 1 + crypto_kem/ml-kem-1024/m4fspeed/verify.h | 1 + .../{kyber1024 => ml-kem-1024}/m4fstack/api.h | 0 .../{kyber1024 => ml-kem-1024}/m4fstack/cbd.c | 0 .../{kyber1024 => ml-kem-1024}/m4fstack/cbd.h | 0 crypto_kem/ml-kem-1024/m4fstack/cmov_int16.S | 1 + .../m4fstack/fastaddsub.S | 0 crypto_kem/ml-kem-1024/m4fstack/fastbasemul.S | 1 + crypto_kem/ml-kem-1024/m4fstack/fastinvntt.S | 1 + crypto_kem/ml-kem-1024/m4fstack/fastntt.S | 1 + crypto_kem/ml-kem-1024/m4fstack/indcpa.c | 1 + crypto_kem/ml-kem-1024/m4fstack/indcpa.h | 1 + .../{kyber1024 => ml-kem-1024}/m4fstack/kem.c | 0 .../m4fstack/macros.i | 0 crypto_kem/ml-kem-1024/m4fstack/matacc.c | 1 + crypto_kem/ml-kem-1024/m4fstack/matacc.h | 1 + crypto_kem/ml-kem-1024/m4fstack/matacc.i | 1 + crypto_kem/ml-kem-1024/m4fstack/matacc_asm.S | 1 + .../{kyber1024 => ml-kem-1024}/m4fstack/ntt.c | 0 .../{kyber1024 => ml-kem-1024}/m4fstack/ntt.h | 0 .../m4fstack/params.h | 0 crypto_kem/ml-kem-1024/m4fstack/poly.c | 1 + crypto_kem/ml-kem-1024/m4fstack/poly.h | 1 + crypto_kem/ml-kem-1024/m4fstack/poly_asm.S | 1 + .../m4fstack/polyvec.c | 0 .../m4fstack/polyvec.h | 0 .../m4fstack/reduce.S | 0 .../ml-kem-1024/m4fstack/symmetric-fips202.c | 1 + .../m4fstack/symmetric.h | 0 .../m4fstack/verify.c | 0 .../m4fstack/verify.h | 0 .../{kyber512 => ml-kem-512}/m4fspeed/api.h | 0 .../{kyber512 => ml-kem-512}/m4fspeed/cbd.c | 0 .../{kyber512 => ml-kem-512}/m4fspeed/cbd.h | 0 crypto_kem/ml-kem-512/m4fspeed/cmov_int16.S | 1 + crypto_kem/ml-kem-512/m4fspeed/fastaddsub.S | 1 + crypto_kem/ml-kem-512/m4fspeed/fastbasemul.S | 1 + crypto_kem/ml-kem-512/m4fspeed/fastinvntt.S | 1 + crypto_kem/ml-kem-512/m4fspeed/fastntt.S | 1 + .../m4fspeed/indcpa.c | 4 +- crypto_kem/ml-kem-512/m4fspeed/indcpa.h | 1 + crypto_kem/ml-kem-512/m4fspeed/kem.c | 1 + crypto_kem/ml-kem-512/m4fspeed/macros.i | 1 + crypto_kem/ml-kem-512/m4fspeed/matacc.c | 1 + crypto_kem/ml-kem-512/m4fspeed/matacc.h | 1 + crypto_kem/ml-kem-512/m4fspeed/matacc.i | 1 + crypto_kem/ml-kem-512/m4fspeed/matacc_asm.S | 1 + crypto_kem/ml-kem-512/m4fspeed/ntt.c | 1 + crypto_kem/ml-kem-512/m4fspeed/ntt.h | 1 + .../m4fspeed/params.h | 0 .../{kyber512 => ml-kem-512}/m4fspeed/poly.c | 0 .../{kyber512 => ml-kem-512}/m4fspeed/poly.h | 0 crypto_kem/ml-kem-512/m4fspeed/poly_asm.S | 1 + crypto_kem/ml-kem-512/m4fspeed/polyvec.c | 1 + crypto_kem/ml-kem-512/m4fspeed/polyvec.h | 1 + crypto_kem/ml-kem-512/m4fspeed/reduce.S | 1 + .../ml-kem-512/m4fspeed/symmetric-fips202. | 1 + .../ml-kem-512/m4fspeed/symmetric-fips202.c | 1 + crypto_kem/ml-kem-512/m4fspeed/symmetric.h | 1 + crypto_kem/ml-kem-512/m4fspeed/verify.c | 1 + crypto_kem/ml-kem-512/m4fspeed/verify.h | 1 + .../{kyber512 => ml-kem-512}/m4fstack/api.h | 0 .../{kyber512 => ml-kem-512}/m4fstack/cbd.c | 0 .../{kyber512 => ml-kem-512}/m4fstack/cbd.h | 0 crypto_kem/ml-kem-512/m4fstack/cmov_int16.S | 1 + .../m4fstack/fastaddsub.S | 0 crypto_kem/ml-kem-512/m4fstack/fastbasemul.S | 1 + crypto_kem/ml-kem-512/m4fstack/fastinvntt.S | 1 + .../m4fstack/fastntt.S | 0 .../m4fstack/indcpa.c | 4 +- .../m4fstack/indcpa.h | 0 .../{kyber512 => ml-kem-512}/m4fstack/kem.c | 0 .../m4fstack/macros.i | 0 crypto_kem/ml-kem-512/m4fstack/matacc.c | 1 + crypto_kem/ml-kem-512/m4fstack/matacc.h | 1 + crypto_kem/ml-kem-512/m4fstack/matacc.i | 1 + crypto_kem/ml-kem-512/m4fstack/matacc_asm.S | 1 + .../{kyber512 => ml-kem-512}/m4fstack/ntt.c | 0 .../{kyber512 => ml-kem-512}/m4fstack/ntt.h | 0 .../m4fstack/params.h | 0 .../{kyber512 => ml-kem-512}/m4fstack/poly.c | 0 .../{kyber512 => ml-kem-512}/m4fstack/poly.h | 0 crypto_kem/ml-kem-512/m4fstack/poly_asm.S | 1 + .../m4fstack/polyvec.c | 0 .../m4fstack/polyvec.h | 0 .../m4fstack/reduce.S | 0 .../m4fstack/symmetric-fips202.c | 0 .../m4fstack/symmetric.h | 0 .../m4fstack/verify.c | 0 .../m4fstack/verify.h | 0 .../{kyber768 => ml-kem-768}/m4fspeed/api.h | 0 .../{kyber768 => ml-kem-768}/m4fspeed/cbd.c | 0 .../{kyber768 => ml-kem-768}/m4fspeed/cbd.h | 0 .../m4fspeed/cmov_int16.S | 0 .../m4fspeed/fastaddsub.S | 0 .../m4fspeed/fastbasemul.S | 0 .../m4fspeed/fastinvntt.S | 0 .../m4fspeed/fastntt.S | 0 .../m4fspeed/indcpa.c | 4 +- .../m4fspeed/indcpa.h | 0 .../{kyber768 => ml-kem-768}/m4fspeed/kem.c | 0 .../m4fspeed/macros.i | 0 .../m4fspeed/matacc.c | 0 .../m4fspeed/matacc.h | 0 .../m4fspeed/matacc.i | 0 .../m4fspeed/matacc_asm.S | 0 .../{kyber768 => ml-kem-768}/m4fspeed/ntt.c | 0 .../{kyber768 => ml-kem-768}/m4fspeed/ntt.h | 0 .../m4fspeed/params.h | 0 .../{kyber768 => ml-kem-768}/m4fspeed/poly.c | 0 .../{kyber768 => ml-kem-768}/m4fspeed/poly.h | 0 .../m4fspeed/poly_asm.S | 0 .../m4fspeed/polyvec.c | 0 .../m4fspeed/polyvec.h | 0 .../m4fspeed/reduce.S | 0 .../m4fspeed/symmetric-fips202.c | 0 .../m4fspeed/symmetric.h | 0 .../m4fspeed/verify.c | 0 .../m4fspeed/verify.h | 0 .../{kyber768 => ml-kem-768}/m4fstack/api.h | 0 .../{kyber768 => ml-kem-768}/m4fstack/cbd.c | 0 .../{kyber768 => ml-kem-768}/m4fstack/cbd.h | 0 .../m4fstack/cmov_int16.S | 0 .../m4fstack/fastaddsub.S | 0 .../m4fstack/fastbasemul.S | 0 .../m4fstack/fastinvntt.S | 0 .../m4fstack/fastntt.S | 0 .../m4fstack/indcpa.c | 4 +- .../m4fstack/indcpa.h | 0 .../{kyber768 => ml-kem-768}/m4fstack/kem.c | 0 .../m4fstack/macros.i | 0 .../m4fstack/matacc.c | 0 .../m4fstack/matacc.h | 0 .../m4fstack/matacc.i | 0 .../m4fstack/matacc_asm.S | 0 .../{kyber768 => ml-kem-768}/m4fstack/ntt.c | 0 .../{kyber768 => ml-kem-768}/m4fstack/ntt.h | 0 .../m4fstack/params.h | 0 .../{kyber768 => ml-kem-768}/m4fstack/poly.c | 0 .../{kyber768 => ml-kem-768}/m4fstack/poly.h | 0 .../m4fstack/poly_asm.S | 0 .../m4fstack/polyvec.c | 0 .../m4fstack/polyvec.h | 0 .../m4fstack/reduce.S | 0 .../m4fstack/symmetric-fips202.c | 0 .../m4fstack/symmetric.h | 0 .../m4fstack/verify.c | 0 .../m4fstack/verify.h | 0 mupq | 2 +- skiplist.py | 18 +- 251 files changed, 176 insertions(+), 522 deletions(-) delete mode 120000 crypto_kem/kyber1024/m4fspeed/cbd.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/cbd.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/cmov_int16.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/fastaddsub.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/fastbasemul.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/fastinvntt.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/fastntt.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/indcpa.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/indcpa.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/kem.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/macros.i delete mode 120000 crypto_kem/kyber1024/m4fspeed/matacc.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/matacc.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/matacc.i delete mode 120000 crypto_kem/kyber1024/m4fspeed/matacc_asm.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/ntt.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/ntt.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/poly.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/poly.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/poly_asm.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/polyvec.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/polyvec.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/reduce.S delete mode 120000 crypto_kem/kyber1024/m4fspeed/symmetric-fips202.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/symmetric.h delete mode 120000 crypto_kem/kyber1024/m4fspeed/verify.c delete mode 120000 crypto_kem/kyber1024/m4fspeed/verify.h delete mode 120000 crypto_kem/kyber1024/m4fstack/cmov_int16.S delete mode 120000 crypto_kem/kyber1024/m4fstack/fastbasemul.S delete mode 120000 crypto_kem/kyber1024/m4fstack/fastinvntt.S delete mode 120000 crypto_kem/kyber1024/m4fstack/fastntt.S delete mode 120000 crypto_kem/kyber1024/m4fstack/indcpa.c delete mode 120000 crypto_kem/kyber1024/m4fstack/indcpa.h delete mode 120000 crypto_kem/kyber1024/m4fstack/matacc.c delete mode 120000 crypto_kem/kyber1024/m4fstack/matacc.h delete mode 120000 crypto_kem/kyber1024/m4fstack/matacc.i delete mode 120000 crypto_kem/kyber1024/m4fstack/matacc_asm.S delete mode 120000 crypto_kem/kyber1024/m4fstack/poly.c delete mode 120000 crypto_kem/kyber1024/m4fstack/poly.h delete mode 120000 crypto_kem/kyber1024/m4fstack/poly_asm.S delete mode 120000 crypto_kem/kyber512/m4fspeed/cmov_int16.S delete mode 120000 crypto_kem/kyber512/m4fspeed/fastaddsub.S delete mode 120000 crypto_kem/kyber512/m4fspeed/fastbasemul.S delete mode 120000 crypto_kem/kyber512/m4fspeed/fastinvntt.S delete mode 120000 crypto_kem/kyber512/m4fspeed/fastntt.S delete mode 120000 crypto_kem/kyber512/m4fspeed/indcpa.h delete mode 120000 crypto_kem/kyber512/m4fspeed/kem.c delete mode 120000 crypto_kem/kyber512/m4fspeed/macros.i delete mode 120000 crypto_kem/kyber512/m4fspeed/matacc.c delete mode 120000 crypto_kem/kyber512/m4fspeed/matacc.h delete mode 120000 crypto_kem/kyber512/m4fspeed/matacc.i delete mode 120000 crypto_kem/kyber512/m4fspeed/matacc_asm.S delete mode 120000 crypto_kem/kyber512/m4fspeed/ntt.c delete mode 120000 crypto_kem/kyber512/m4fspeed/ntt.h delete mode 120000 crypto_kem/kyber512/m4fspeed/poly_asm.S delete mode 120000 crypto_kem/kyber512/m4fspeed/polyvec.c delete mode 120000 crypto_kem/kyber512/m4fspeed/polyvec.h delete mode 120000 crypto_kem/kyber512/m4fspeed/reduce.S delete mode 120000 crypto_kem/kyber512/m4fspeed/symmetric-fips202.c delete mode 120000 crypto_kem/kyber512/m4fspeed/symmetric.h delete mode 120000 crypto_kem/kyber512/m4fspeed/verify.c delete mode 120000 crypto_kem/kyber512/m4fspeed/verify.h delete mode 120000 crypto_kem/kyber512/m4fstack/cmov_int16.S delete mode 120000 crypto_kem/kyber512/m4fstack/fastbasemul.S delete mode 100644 crypto_kem/kyber512/m4fstack/fastinvntt.S delete mode 120000 crypto_kem/kyber512/m4fstack/matacc.c delete mode 120000 crypto_kem/kyber512/m4fstack/matacc.h delete mode 120000 crypto_kem/kyber512/m4fstack/matacc.i delete mode 120000 crypto_kem/kyber512/m4fstack/matacc_asm.S delete mode 120000 crypto_kem/kyber512/m4fstack/poly_asm.S delete mode 120000 crypto_kem/kyber768/m4fstack/symmetric-fips202.c rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fspeed/api.h (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/cbd.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/cbd.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/cmov_int16.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/fastaddsub.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/fastbasemul.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/fastinvntt.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/fastntt.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/indcpa.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/indcpa.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/kem.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/macros.i create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/matacc.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/matacc.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/matacc.i create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/matacc_asm.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/ntt.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/ntt.h rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fspeed/params.h (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/poly.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/poly.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/poly_asm.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/polyvec.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/polyvec.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/reduce.S create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/symmetric-fips202.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/symmetric.h create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/verify.c create mode 120000 crypto_kem/ml-kem-1024/m4fspeed/verify.h rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/api.h (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/cbd.c (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/cbd.h (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fstack/cmov_int16.S rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/fastaddsub.S (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fstack/fastbasemul.S create mode 120000 crypto_kem/ml-kem-1024/m4fstack/fastinvntt.S create mode 120000 crypto_kem/ml-kem-1024/m4fstack/fastntt.S create mode 120000 crypto_kem/ml-kem-1024/m4fstack/indcpa.c create mode 120000 crypto_kem/ml-kem-1024/m4fstack/indcpa.h rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/kem.c (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/macros.i (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fstack/matacc.c create mode 120000 crypto_kem/ml-kem-1024/m4fstack/matacc.h create mode 120000 crypto_kem/ml-kem-1024/m4fstack/matacc.i create mode 120000 crypto_kem/ml-kem-1024/m4fstack/matacc_asm.S rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/ntt.c (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/ntt.h (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/params.h (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fstack/poly.c create mode 120000 crypto_kem/ml-kem-1024/m4fstack/poly.h create mode 120000 crypto_kem/ml-kem-1024/m4fstack/poly_asm.S rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/polyvec.c (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/polyvec.h (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/reduce.S (100%) create mode 120000 crypto_kem/ml-kem-1024/m4fstack/symmetric-fips202.c rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/symmetric.h (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/verify.c (100%) rename crypto_kem/{kyber1024 => ml-kem-1024}/m4fstack/verify.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/api.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/cbd.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/cbd.h (100%) create mode 120000 crypto_kem/ml-kem-512/m4fspeed/cmov_int16.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/fastaddsub.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/fastbasemul.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/fastinvntt.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/fastntt.S rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/indcpa.c (98%) create mode 120000 crypto_kem/ml-kem-512/m4fspeed/indcpa.h create mode 120000 crypto_kem/ml-kem-512/m4fspeed/kem.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/macros.i create mode 120000 crypto_kem/ml-kem-512/m4fspeed/matacc.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/matacc.h create mode 120000 crypto_kem/ml-kem-512/m4fspeed/matacc.i create mode 120000 crypto_kem/ml-kem-512/m4fspeed/matacc_asm.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/ntt.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/ntt.h rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/params.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/poly.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fspeed/poly.h (100%) create mode 120000 crypto_kem/ml-kem-512/m4fspeed/poly_asm.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/polyvec.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/polyvec.h create mode 120000 crypto_kem/ml-kem-512/m4fspeed/reduce.S create mode 120000 crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202. create mode 120000 crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/symmetric.h create mode 120000 crypto_kem/ml-kem-512/m4fspeed/verify.c create mode 120000 crypto_kem/ml-kem-512/m4fspeed/verify.h rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/api.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/cbd.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/cbd.h (100%) create mode 120000 crypto_kem/ml-kem-512/m4fstack/cmov_int16.S rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/fastaddsub.S (100%) create mode 120000 crypto_kem/ml-kem-512/m4fstack/fastbasemul.S create mode 120000 crypto_kem/ml-kem-512/m4fstack/fastinvntt.S rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/fastntt.S (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/indcpa.c (98%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/indcpa.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/kem.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/macros.i (100%) create mode 120000 crypto_kem/ml-kem-512/m4fstack/matacc.c create mode 120000 crypto_kem/ml-kem-512/m4fstack/matacc.h create mode 120000 crypto_kem/ml-kem-512/m4fstack/matacc.i create mode 120000 crypto_kem/ml-kem-512/m4fstack/matacc_asm.S rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/ntt.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/ntt.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/params.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/poly.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/poly.h (100%) create mode 120000 crypto_kem/ml-kem-512/m4fstack/poly_asm.S rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/polyvec.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/polyvec.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/reduce.S (100%) rename crypto_kem/{kyber1024 => ml-kem-512}/m4fstack/symmetric-fips202.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/symmetric.h (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/verify.c (100%) rename crypto_kem/{kyber512 => ml-kem-512}/m4fstack/verify.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/api.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/cbd.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/cbd.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/cmov_int16.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/fastaddsub.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/fastbasemul.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/fastinvntt.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/fastntt.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/indcpa.c (98%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/indcpa.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/kem.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/macros.i (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/matacc.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/matacc.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/matacc.i (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/matacc_asm.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/ntt.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/ntt.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/params.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/poly.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/poly.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/poly_asm.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/polyvec.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/polyvec.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/reduce.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/symmetric-fips202.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/symmetric.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/verify.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fspeed/verify.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/api.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/cbd.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/cbd.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/cmov_int16.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/fastaddsub.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/fastbasemul.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/fastinvntt.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/fastntt.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/indcpa.c (98%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/indcpa.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/kem.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/macros.i (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/matacc.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/matacc.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/matacc.i (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/matacc_asm.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/ntt.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/ntt.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/params.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/poly.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/poly.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/poly_asm.S (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/polyvec.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/polyvec.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/reduce.S (100%) rename crypto_kem/{kyber512 => ml-kem-768}/m4fstack/symmetric-fips202.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/symmetric.h (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/verify.c (100%) rename crypto_kem/{kyber768 => ml-kem-768}/m4fstack/verify.h (100%) diff --git a/README.md b/README.md index 3fff71bf..2c0ec888 100644 --- a/README.md +++ b/README.md @@ -163,22 +163,22 @@ int crypto_sign_open(unsigned char *m, size_t *mlen, ## Running tests and benchmarks -The build system compiles six binaries for each implemenation which can be used to test and benchmark the schemes. For example, for the reference implementation of [Kyber768](https://pq-crystals.org/kyber/) the following binaries are assembled: - - `bin/crypto_kem_kyber768_m4_test.bin` tests if the scheme works as expected. For KEMs this tests if Alice and Bob derive the same shared key and for signature schemes it tests if a generated signature can be verified correctly. Several failure cases are also checked, see [mupq/crypto_kem/test.c](https://github.com/mupq/mupq/blob/master/crypto_kem/test.c) and [mupq/crypto_sign/test.c](https://github.com/mupq/mupq/blob/master/crypto_sign/test.c) for details. - - `bin/crypto_kem_kyber768_m4_speed.bin` measures the runtime of `crypto_kem_keypair`, `crypto_kem_enc`, and `crypto_kem_dec` for KEMs and `crypto_sign_keypair`, `crypto_sign`, and `crypto_sign_open` for signatures. See [mupq/crypto_kem/speed.c](https://github.com/mupq/mupq/blob/master/crypto_kem/speed.c) and [mupq/crypto_sign/speed.c](https://github.com/mupq/mupq/blob/master/crypto_sign/speed.c). - - `bin/crypto_kem_kyber768_m4_hashing.bin` measures the cycles spent in SHA-2, SHA-3, and AES of `crypto_kem_keypair`, `crypto_kem_enc`, and `crypto_kem_dec` for KEMs and `crypto_sign_keypair`, `crypto_sign`, and `crypto_sign_open` for signatures. See [mupq/crypto_kem/hashing.c](https://github.com/mupq/mupq/blob/master/crypto_kem/speed.c) and [mupq/crypto_sign/speed.c](https://github.com/mupq/mupq/blob/master/crypto_sign/speed.c). - - `bin/crypto_kem_kyber768_m4_stack.bin` measures the stack consumption of each of the procedures involved. The memory allocated outside of the procedures (e.g., public keys, private keys, ciphertexts, signatures) is not included. See [mupq/crypto_kem/stack.c](https://github.com/mupq/mupq/blob/master/crypto_kem/stack.c) and [mupq/crypto_sign/stack.c](https://github.com/mupq/mupq/blob/master/crypto_sign/stack.c). - - `bin/crypto_kem_kyber768_m4_testvectors.bin` uses a deterministic random number generator to generate testvectors for the implementation. These can be used to cross-check different implemenatations of the same scheme. See [mupq/crypto_kem/testvectors.c](https://github.com/mupq/mupq/blob/master/crypto_kem/testvectors.c) and [mupq/crypto_sign/testvectors.c](https://github.com/mupq/mupq/blob/master/crypto_sign/testvectors.c). -- `bin-host/crypto_kem_kyber768_m4_testvectors` uses the same deterministic random number generator to create the testvectors on your host. See [mupq/crypto_kem/testvectors-host.c](https://github.com/mupq/mupq/blob/master/crypto_kem/testvectors-host.c) and [mupq/crypto_sign/testvectors-host.c](https://github.com/mupq/mupq/blob/master/crypto_sign/testvectors-host.c). +The build system compiles six binaries for each implemenation which can be used to test and benchmark the schemes. For example, for the reference implementation of [ML-KEM-768](https://pq-crystals.org/kyber/) the following binaries are assembled: + - `bin/crypto_kem_ml-kem-768_m4_test.bin` tests if the scheme works as expected. For KEMs this tests if Alice and Bob derive the same shared key and for signature schemes it tests if a generated signature can be verified correctly. Several failure cases are also checked, see [mupq/crypto_kem/test.c](https://github.com/mupq/mupq/blob/master/crypto_kem/test.c) and [mupq/crypto_sign/test.c](https://github.com/mupq/mupq/blob/master/crypto_sign/test.c) for details. + - `bin/crypto_kem_ml-kem-768_m4_speed.bin` measures the runtime of `crypto_kem_keypair`, `crypto_kem_enc`, and `crypto_kem_dec` for KEMs and `crypto_sign_keypair`, `crypto_sign`, and `crypto_sign_open` for signatures. See [mupq/crypto_kem/speed.c](https://github.com/mupq/mupq/blob/master/crypto_kem/speed.c) and [mupq/crypto_sign/speed.c](https://github.com/mupq/mupq/blob/master/crypto_sign/speed.c). + - `bin/crypto_kem_ml-kem-768_m4_hashing.bin` measures the cycles spent in SHA-2, SHA-3, and AES of `crypto_kem_keypair`, `crypto_kem_enc`, and `crypto_kem_dec` for KEMs and `crypto_sign_keypair`, `crypto_sign`, and `crypto_sign_open` for signatures. See [mupq/crypto_kem/hashing.c](https://github.com/mupq/mupq/blob/master/crypto_kem/speed.c) and [mupq/crypto_sign/speed.c](https://github.com/mupq/mupq/blob/master/crypto_sign/speed.c). + - `bin/crypto_kem_ml-kem-768_m4_stack.bin` measures the stack consumption of each of the procedures involved. The memory allocated outside of the procedures (e.g., public keys, private keys, ciphertexts, signatures) is not included. See [mupq/crypto_kem/stack.c](https://github.com/mupq/mupq/blob/master/crypto_kem/stack.c) and [mupq/crypto_sign/stack.c](https://github.com/mupq/mupq/blob/master/crypto_sign/stack.c). + - `bin/crypto_kem_ml-kem-768_m4_testvectors.bin` uses a deterministic random number generator to generate testvectors for the implementation. These can be used to cross-check different implemenatations of the same scheme. See [mupq/crypto_kem/testvectors.c](https://github.com/mupq/mupq/blob/master/crypto_kem/testvectors.c) and [mupq/crypto_sign/testvectors.c](https://github.com/mupq/mupq/blob/master/crypto_sign/testvectors.c). +- `bin-host/crypto_kem_ml-kem-768_m4_testvectors` uses the same deterministic random number generator to create the testvectors on your host. See [mupq/crypto_kem/testvectors-host.c](https://github.com/mupq/mupq/blob/master/crypto_kem/testvectors-host.c) and [mupq/crypto_sign/testvectors-host.c](https://github.com/mupq/mupq/blob/master/crypto_sign/testvectors-host.c). - An `elf` file for each binary is generated in the `elf/` folder if desired. The `elf` files or binaries can be flashed to your board using an appropriate -tool. For example, the `stm32f4discovery` platform uses `st-flash`, e.g., `st-flash write bin/crypto_kem_kyber768_m4_test.bin 0x8000000`. To receive the output, run `python3 hostside/host_unidirectional.py`. +tool. For example, the `stm32f4discovery` platform uses `st-flash`, e.g., `st-flash write bin/crypto_kem_ml-kem-768_m4_test.bin 0x8000000`. To receive the output, run `python3 hostside/host_unidirectional.py`. If you target the `mps2-an386` platform, you can also run the `elf` file using the QEMU ARM emulator: ``` -qemu-system-arm -M mps2-an386 -nographic -semihosting -kernel elf/crypto_kem_kyber512_m4_test.elf +qemu-system-arm -M mps2-an386 -nographic -semihosting -kernel elf/crypto_kem_ml-kem-512_m4_test.elf ``` The emulator should exit automatically when the test / benchmark completes. If you run into an error, you can exit QEMU pressing CTRL+A and then X. @@ -197,7 +197,7 @@ The scripts take a number of command line arguments, which you'll need to adapt: If you change any of these values, you'll need to run `make clean` (the build system will remind you). -In case you don't want to include all schemes, pass a list of schemes you want to include to any of the scripts, e.g., `python3 test.py kyber768 sphincs-shake256-128f-simple`. +In case you don't want to include all schemes, pass a list of schemes you want to include to any of the scripts, e.g., `python3 test.py ml-kem-768 sphincs-shake256-128f-simple`. In case you want to exclude certain schemes pass `--exclude`, e.g., `python3 test.py --exclude saber`. The benchmark results (in `benchmarks/`) created by diff --git a/benchmarks.csv b/benchmarks.csv index 28be1159..0fda9e5b 100644 --- a/benchmarks.csv +++ b/benchmarks.csv @@ -8,15 +8,15 @@ bikel3 (10 executions),opt,248083316,248083286,248083345,16405238,16405236,16405 hqc-128 (10 executions),clean,52705201,52705180,52705224,105650897,105650877,105650927,159569179,159569176,159569183 hqc-192 (10 executions),clean,161458617,161458590,161458638,323146261,323146250,323146292,486156251,486156214,486156266 hqc-256 (10 executions),clean,295934078,295934057,295934104,591853870,591853850,591853898,891163005,891162988,891163038 -kyber1024 (10 executions),clean,1540394,1537580,1549267,1712150,1709337,1721019,2024408,2021583,2033304 -kyber1024 (10 executions),m4fspeed,1006341,1004590,1016692,1029398,1027642,1039752,1091847,1090091,1102201 -kyber1024 (10 executions),m4fstack,1009603,1007702,1019835,1038001,1036100,1048226,1101208,1099307,1111470 -kyber512 (10 executions),clean,597372,596106,607563,702227,700957,712416,890274,889008,900467 -kyber512 (10 executions),m4fspeed,387341,386762,387769,391098,390520,391527,428365,427786,428794 -kyber512 (10 executions),m4fstack,386853,386573,387221,392801,392521,393166,430140,429861,430504 -kyber768 (10 executions),clean,989247,987825,999577,1138807,1137381,1149131,1388568,1387146,1398896 -kyber768 (10 executions),m4fspeed,631912,631599,632459,656455,656155,656969,705524,705223,706037 -kyber768 (10 executions),m4fstack,634213,632786,644273,662556,661130,672615,712081,710655,722140 +ml-kem-1024 (10 executions),clean,1540607,1535678,1547404,1712361,1707431,1719164,2024616,2019674,2031410 +ml-kem-1024 (10 executions),m4fspeed,1007759,1004549,1017159,1030702,1027443,1040101,1093153,1089895,1102552 +ml-kem-1024 (10 executions),m4fstack,1010100,1007459,1018999,1038190,1035550,1047090,1101234,1098594,1110134 +ml-kem-512 (10 executions),clean,595882,595636,596329,700689,700440,701134,888740,888494,889189 +ml-kem-512 (10 executions),m4fspeed,388544,387190,398814,392178,390825,402445,429456,428102,439722 +ml-kem-512 (10 executions),m4fstack,386999,386677,387465,392813,392492,393280,430152,429831,430619 +ml-kem-768 (10 executions),clean,990901,986123,997663,1140412,1135630,1147169,1390176,1385399,1396936 +ml-kem-768 (10 executions),m4fspeed,631949,631658,632164,656369,656082,656596,705436,705148,705663 +ml-kem-768 (10 executions),m4fstack,634227,632761,644635,662468,661003,672877,711996,710530,722405 Signature Schemes,,,,,,,,,, Scheme,Implementation,Key Generation [cycles] (mean),Key Generation [cycles] (min),Key Generation [cycles] (max),Sign [cycles] (mean),Sign [cycles] (min),Sign [cycles] (max),Verify [cycles] (mean),Verify [cycles] (min),Verify [cycles] (max) aimer128f (10 executions),mem_opt,564325,564324,564326,46875341,46874593,46876276,26989249,26988505,26989828 @@ -168,15 +168,15 @@ bikel3,opt,69444,50556,155388,,,,,, hqc-128,clean,33644,51428,55892,,,,,, hqc-192,clean,65668,101636,110660,,,,,, hqc-256,clean,103756,161508,175972,,,,,, -kyber1024,clean,15136,18784,20360,,,,,, -kyber1024,m4fspeed,6436,7500,7484,,,,,, -kyber1024,m4fstack,3332,3372,3356,,,,,, -kyber512,clean,6168,8800,9576,,,,,, -kyber512,m4fspeed,4364,5436,5412,,,,,, -kyber512,m4fstack,2292,2348,2332,,,,,, -kyber768,clean,10272,13408,14504,,,,,, -kyber768,m4fspeed,5396,6468,6452,,,,,, -kyber768,m4fstack,2820,2860,2844,,,,,, +ml-kem-1024,clean,15128,18776,20352,,,,,, +ml-kem-1024,m4fspeed,6436,7500,7484,,,,,, +ml-kem-1024,m4fstack,3332,3372,3356,,,,,, +ml-kem-512,clean,6152,8784,9560,,,,,, +ml-kem-512,m4fspeed,4372,5436,5412,,,,,, +ml-kem-512,m4fstack,2300,2348,2332,,,,,, +ml-kem-768,clean,10248,13384,14480,,,,,, +ml-kem-768,m4fspeed,5396,6468,6452,,,,,, +ml-kem-768,m4fstack,2820,2860,2844,,,,,, Signature Schemes,,,,,,,,,, Scheme,Implementation,Key Generation [bytes],Sign [bytes],Verify [bytes],,,,,, aimer128f,mem_opt,8728,13864,15440,,,,,, @@ -329,15 +329,15 @@ bikel3,opt,0.0,6.3,0.2,,,,,, hqc-128,clean,0.4,0.8,0.5,,,,,, hqc-192,clean,0.3,0.5,0.3,,,,,, hqc-256,clean,0.2,0.4,0.3,,,,,, -kyber1024,clean,49.9,45.6,38.6,,,,,, -kyber1024,m4fspeed,76.1,75.5,71.2,,,,,, -kyber1024,m4fstack,75.8,74.9,70.6,,,,,, -kyber512,clean,49.8,41.1,32.5,,,,,, -kyber512,m4fspeed,76.5,73.5,67.1,,,,,, -kyber512,m4fstack,76.5,73.1,66.8,,,,,, -kyber768,clean,48.5,43.2,35.4,,,,,, -kyber768,m4fspeed,75.4,74.4,69.2,,,,,, -kyber768,m4fstack,75.3,73.8,68.7,,,,,, +ml-kem-1024,clean,50.0,45.6,38.6,,,,,, +ml-kem-1024,m4fspeed,76.1,75.5,71.2,,,,,, +ml-kem-1024,m4fstack,75.9,74.9,70.7,,,,,, +ml-kem-512,clean,49.9,41.1,32.5,,,,,, +ml-kem-512,m4fspeed,76.5,73.5,67.2,,,,,, +ml-kem-512,m4fstack,76.6,73.2,66.9,,,,,, +ml-kem-768,clean,48.6,43.2,35.4,,,,,, +ml-kem-768,m4fspeed,75.5,74.4,69.3,,,,,, +ml-kem-768,m4fstack,75.3,73.9,68.7,,,,,, Signature Schemes,,,,,,,,,, Scheme,Implementation,Key Generation [%],Sign [%],Verify [%],,,,,, aimer128f,mem_opt,50.6,66.1,49.6,,,,,, @@ -489,15 +489,15 @@ bikel3,opt,43091,24,1,43116,,,,, hqc-128,clean,18628,0,0,18628,,,,, hqc-192,clean,21104,0,0,21104,,,,, hqc-256,clean,26260,0,0,26260,,,,, -kyber1024,clean,6264,0,0,6264,,,,, -kyber1024,m4fspeed,16884,0,0,16884,,,,, -kyber1024,m4fstack,14092,0,0,14092,,,,, -kyber512,clean,5132,0,0,5132,,,,, -kyber512,m4fspeed,15796,0,0,15796,,,,, -kyber512,m4fstack,13280,0,0,13280,,,,, -kyber768,clean,5136,0,0,5136,,,,, -kyber768,m4fspeed,15964,0,0,15964,,,,, -kyber768,m4fstack,13288,0,0,13288,,,,, +ml-kem-1024,clean,6160,0,0,6160,,,,, +ml-kem-1024,m4fspeed,16912,0,0,16912,,,,, +ml-kem-1024,m4fstack,14012,0,0,14012,,,,, +ml-kem-512,clean,5116,0,0,5116,,,,, +ml-kem-512,m4fspeed,15844,0,0,15844,,,,, +ml-kem-512,m4fstack,13324,0,0,13324,,,,, +ml-kem-768,clean,5120,0,0,5120,,,,, +ml-kem-768,m4fspeed,16012,0,0,16012,,,,, +ml-kem-768,m4fstack,13316,0,0,13316,,,,, Signature Schemes,,,,,,,,,, Scheme,Implementation,.text [bytes],.data [bytes],.bss [bytes],Total [bytes],,,,, aimer128f,mem_opt,17476,0,0,17476,,,,, diff --git a/benchmarks.md b/benchmarks.md index dfc2106f..a7788590 100644 --- a/benchmarks.md +++ b/benchmarks.md @@ -9,15 +9,15 @@ | hqc-128 (10 executions) | clean | AVG: 52,705,201
MIN: 52,705,180
MAX: 52,705,224 | AVG: 105,650,897
MIN: 105,650,877
MAX: 105,650,927 | AVG: 159,569,179
MIN: 159,569,176
MAX: 159,569,183 | | hqc-192 (10 executions) | clean | AVG: 161,458,617
MIN: 161,458,590
MAX: 161,458,638 | AVG: 323,146,261
MIN: 323,146,250
MAX: 323,146,292 | AVG: 486,156,251
MIN: 486,156,214
MAX: 486,156,266 | | hqc-256 (10 executions) | clean | AVG: 295,934,078
MIN: 295,934,057
MAX: 295,934,104 | AVG: 591,853,870
MIN: 591,853,850
MAX: 591,853,898 | AVG: 891,163,005
MIN: 891,162,988
MAX: 891,163,038 | -| kyber1024 (10 executions) | clean | AVG: 1,540,394
MIN: 1,537,580
MAX: 1,549,267 | AVG: 1,712,150
MIN: 1,709,337
MAX: 1,721,019 | AVG: 2,024,408
MIN: 2,021,583
MAX: 2,033,304 | -| kyber1024 (10 executions) | m4fspeed | AVG: 1,006,341
MIN: 1,004,590
MAX: 1,016,692 | AVG: 1,029,398
MIN: 1,027,642
MAX: 1,039,752 | AVG: 1,091,847
MIN: 1,090,091
MAX: 1,102,201 | -| kyber1024 (10 executions) | m4fstack | AVG: 1,009,603
MIN: 1,007,702
MAX: 1,019,835 | AVG: 1,038,001
MIN: 1,036,100
MAX: 1,048,226 | AVG: 1,101,208
MIN: 1,099,307
MAX: 1,111,470 | -| kyber512 (10 executions) | clean | AVG: 597,372
MIN: 596,106
MAX: 607,563 | AVG: 702,227
MIN: 700,957
MAX: 712,416 | AVG: 890,274
MIN: 889,008
MAX: 900,467 | -| kyber512 (10 executions) | m4fspeed | AVG: 387,341
MIN: 386,762
MAX: 387,769 | AVG: 391,098
MIN: 390,520
MAX: 391,527 | AVG: 428,365
MIN: 427,786
MAX: 428,794 | -| kyber512 (10 executions) | m4fstack | AVG: 386,853
MIN: 386,573
MAX: 387,221 | AVG: 392,801
MIN: 392,521
MAX: 393,166 | AVG: 430,140
MIN: 429,861
MAX: 430,504 | -| kyber768 (10 executions) | clean | AVG: 989,247
MIN: 987,825
MAX: 999,577 | AVG: 1,138,807
MIN: 1,137,381
MAX: 1,149,131 | AVG: 1,388,568
MIN: 1,387,146
MAX: 1,398,896 | -| kyber768 (10 executions) | m4fspeed | AVG: 631,912
MIN: 631,599
MAX: 632,459 | AVG: 656,455
MIN: 656,155
MAX: 656,969 | AVG: 705,524
MIN: 705,223
MAX: 706,037 | -| kyber768 (10 executions) | m4fstack | AVG: 634,213
MIN: 632,786
MAX: 644,273 | AVG: 662,556
MIN: 661,130
MAX: 672,615 | AVG: 712,081
MIN: 710,655
MAX: 722,140 | +| ml-kem-1024 (10 executions) | clean | AVG: 1,540,607
MIN: 1,535,678
MAX: 1,547,404 | AVG: 1,712,361
MIN: 1,707,431
MAX: 1,719,164 | AVG: 2,024,616
MIN: 2,019,674
MAX: 2,031,410 | +| ml-kem-1024 (10 executions) | m4fspeed | AVG: 1,007,759
MIN: 1,004,549
MAX: 1,017,159 | AVG: 1,030,702
MIN: 1,027,443
MAX: 1,040,101 | AVG: 1,093,153
MIN: 1,089,895
MAX: 1,102,552 | +| ml-kem-1024 (10 executions) | m4fstack | AVG: 1,010,100
MIN: 1,007,459
MAX: 1,018,999 | AVG: 1,038,190
MIN: 1,035,550
MAX: 1,047,090 | AVG: 1,101,234
MIN: 1,098,594
MAX: 1,110,134 | +| ml-kem-512 (10 executions) | clean | AVG: 595,882
MIN: 595,636
MAX: 596,329 | AVG: 700,689
MIN: 700,440
MAX: 701,134 | AVG: 888,740
MIN: 888,494
MAX: 889,189 | +| ml-kem-512 (10 executions) | m4fspeed | AVG: 388,544
MIN: 387,190
MAX: 398,814 | AVG: 392,178
MIN: 390,825
MAX: 402,445 | AVG: 429,456
MIN: 428,102
MAX: 439,722 | +| ml-kem-512 (10 executions) | m4fstack | AVG: 386,999
MIN: 386,677
MAX: 387,465 | AVG: 392,813
MIN: 392,492
MAX: 393,280 | AVG: 430,152
MIN: 429,831
MAX: 430,619 | +| ml-kem-768 (10 executions) | clean | AVG: 990,901
MIN: 986,123
MAX: 997,663 | AVG: 1,140,412
MIN: 1,135,630
MAX: 1,147,169 | AVG: 1,390,176
MIN: 1,385,399
MAX: 1,396,936 | +| ml-kem-768 (10 executions) | m4fspeed | AVG: 631,949
MIN: 631,658
MAX: 632,164 | AVG: 656,369
MIN: 656,082
MAX: 656,596 | AVG: 705,436
MIN: 705,148
MAX: 705,663 | +| ml-kem-768 (10 executions) | m4fstack | AVG: 634,227
MIN: 632,761
MAX: 644,635 | AVG: 662,468
MIN: 661,003
MAX: 672,877 | AVG: 711,996
MIN: 710,530
MAX: 722,405 | ## Signature Schemes | scheme | implementation | key generation [cycles] | sign [cycles] | verify [cycles] | | ------ | -------------- | ----------------------- | ------------- | --------------- | @@ -171,15 +171,15 @@ | hqc-128 | clean | 33,644 | 51,428 | 55,892 | | hqc-192 | clean | 65,668 | 101,636 | 110,660 | | hqc-256 | clean | 103,756 | 161,508 | 175,972 | -| kyber1024 | clean | 15,136 | 18,784 | 20,360 | -| kyber1024 | m4fspeed | 6,436 | 7,500 | 7,484 | -| kyber1024 | m4fstack | 3,332 | 3,372 | 3,356 | -| kyber512 | clean | 6,168 | 8,800 | 9,576 | -| kyber512 | m4fspeed | 4,364 | 5,436 | 5,412 | -| kyber512 | m4fstack | 2,292 | 2,348 | 2,332 | -| kyber768 | clean | 10,272 | 13,408 | 14,504 | -| kyber768 | m4fspeed | 5,396 | 6,468 | 6,452 | -| kyber768 | m4fstack | 2,820 | 2,860 | 2,844 | +| ml-kem-1024 | clean | 15,128 | 18,776 | 20,352 | +| ml-kem-1024 | m4fspeed | 6,436 | 7,500 | 7,484 | +| ml-kem-1024 | m4fstack | 3,332 | 3,372 | 3,356 | +| ml-kem-512 | clean | 6,152 | 8,784 | 9,560 | +| ml-kem-512 | m4fspeed | 4,372 | 5,436 | 5,412 | +| ml-kem-512 | m4fstack | 2,300 | 2,348 | 2,332 | +| ml-kem-768 | clean | 10,248 | 13,384 | 14,480 | +| ml-kem-768 | m4fspeed | 5,396 | 6,468 | 6,452 | +| ml-kem-768 | m4fstack | 2,820 | 2,860 | 2,844 | ## Signature Schemes | Scheme | Implementation | Key Generation [bytes] | Sign [bytes] | Verify [bytes] | | ------ | -------------- | ---------------------- | ------------ | -------------- | @@ -334,15 +334,15 @@ | hqc-128 | clean | 0.4% | 0.8% | 0.5% | | hqc-192 | clean | 0.3% | 0.5% | 0.3% | | hqc-256 | clean | 0.2% | 0.4% | 0.3% | -| kyber1024 | clean | 49.9% | 45.6% | 38.6% | -| kyber1024 | m4fspeed | 76.1% | 75.5% | 71.2% | -| kyber1024 | m4fstack | 75.8% | 74.9% | 70.6% | -| kyber512 | clean | 49.8% | 41.1% | 32.5% | -| kyber512 | m4fspeed | 76.5% | 73.5% | 67.1% | -| kyber512 | m4fstack | 76.5% | 73.1% | 66.8% | -| kyber768 | clean | 48.5% | 43.2% | 35.4% | -| kyber768 | m4fspeed | 75.4% | 74.4% | 69.2% | -| kyber768 | m4fstack | 75.3% | 73.8% | 68.7% | +| ml-kem-1024 | clean | 50.0% | 45.6% | 38.6% | +| ml-kem-1024 | m4fspeed | 76.1% | 75.5% | 71.2% | +| ml-kem-1024 | m4fstack | 75.9% | 74.9% | 70.7% | +| ml-kem-512 | clean | 49.9% | 41.1% | 32.5% | +| ml-kem-512 | m4fspeed | 76.5% | 73.5% | 67.2% | +| ml-kem-512 | m4fstack | 76.6% | 73.2% | 66.9% | +| ml-kem-768 | clean | 48.6% | 43.2% | 35.4% | +| ml-kem-768 | m4fspeed | 75.5% | 74.4% | 69.3% | +| ml-kem-768 | m4fstack | 75.3% | 73.9% | 68.7% | ## Signature Schemes | Scheme | Implementation | Key Generation [%] | Sign [%] | Verify [%] | | ------ | -------------- | ------------------ | -------- | ---------- | @@ -496,15 +496,15 @@ | hqc-128 | clean | 18,628 | 0 | 0 | 18,628 | | hqc-192 | clean | 21,104 | 0 | 0 | 21,104 | | hqc-256 | clean | 26,260 | 0 | 0 | 26,260 | -| kyber1024 | clean | 6,264 | 0 | 0 | 6,264 | -| kyber1024 | m4fspeed | 16,884 | 0 | 0 | 16,884 | -| kyber1024 | m4fstack | 14,092 | 0 | 0 | 14,092 | -| kyber512 | clean | 5,132 | 0 | 0 | 5,132 | -| kyber512 | m4fspeed | 15,796 | 0 | 0 | 15,796 | -| kyber512 | m4fstack | 13,280 | 0 | 0 | 13,280 | -| kyber768 | clean | 5,136 | 0 | 0 | 5,136 | -| kyber768 | m4fspeed | 15,964 | 0 | 0 | 15,964 | -| kyber768 | m4fstack | 13,288 | 0 | 0 | 13,288 | +| ml-kem-1024 | clean | 6,160 | 0 | 0 | 6,160 | +| ml-kem-1024 | m4fspeed | 16,912 | 0 | 0 | 16,912 | +| ml-kem-1024 | m4fstack | 14,012 | 0 | 0 | 14,012 | +| ml-kem-512 | clean | 5,116 | 0 | 0 | 5,116 | +| ml-kem-512 | m4fspeed | 15,844 | 0 | 0 | 15,844 | +| ml-kem-512 | m4fstack | 13,324 | 0 | 0 | 13,324 | +| ml-kem-768 | clean | 5,120 | 0 | 0 | 5,120 | +| ml-kem-768 | m4fspeed | 16,012 | 0 | 0 | 16,012 | +| ml-kem-768 | m4fstack | 13,316 | 0 | 0 | 13,316 | ## Signature Schemes | Scheme | Implementation | .text [bytes] | .data [bytes] | .bss [bytes] | Total [bytes] | | ------ | -------------- | ------------- | ------------- | ------------ | ------------- | diff --git a/crypto_kem/kyber1024/m4fspeed/cbd.c b/crypto_kem/kyber1024/m4fspeed/cbd.c deleted file mode 120000 index 37d243ad..00000000 --- a/crypto_kem/kyber1024/m4fspeed/cbd.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cbd.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/cbd.h b/crypto_kem/kyber1024/m4fspeed/cbd.h deleted file mode 120000 index c00c0559..00000000 --- a/crypto_kem/kyber1024/m4fspeed/cbd.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cbd.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/cmov_int16.S b/crypto_kem/kyber1024/m4fspeed/cmov_int16.S deleted file mode 120000 index e57b8b26..00000000 --- a/crypto_kem/kyber1024/m4fspeed/cmov_int16.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/fastaddsub.S b/crypto_kem/kyber1024/m4fspeed/fastaddsub.S deleted file mode 120000 index 462644bb..00000000 --- a/crypto_kem/kyber1024/m4fspeed/fastaddsub.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastaddsub.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/fastbasemul.S b/crypto_kem/kyber1024/m4fspeed/fastbasemul.S deleted file mode 120000 index 7156a2a8..00000000 --- a/crypto_kem/kyber1024/m4fspeed/fastbasemul.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/fastinvntt.S b/crypto_kem/kyber1024/m4fspeed/fastinvntt.S deleted file mode 120000 index 38ea2e36..00000000 --- a/crypto_kem/kyber1024/m4fspeed/fastinvntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/fastntt.S b/crypto_kem/kyber1024/m4fspeed/fastntt.S deleted file mode 120000 index 6314b554..00000000 --- a/crypto_kem/kyber1024/m4fspeed/fastntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/indcpa.c b/crypto_kem/kyber1024/m4fspeed/indcpa.c deleted file mode 120000 index 04181f8d..00000000 --- a/crypto_kem/kyber1024/m4fspeed/indcpa.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/indcpa.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/indcpa.h b/crypto_kem/kyber1024/m4fspeed/indcpa.h deleted file mode 120000 index 86639d83..00000000 --- a/crypto_kem/kyber1024/m4fspeed/indcpa.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/indcpa.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/kem.c b/crypto_kem/kyber1024/m4fspeed/kem.c deleted file mode 120000 index fba83bf4..00000000 --- a/crypto_kem/kyber1024/m4fspeed/kem.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/kem.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/macros.i b/crypto_kem/kyber1024/m4fspeed/macros.i deleted file mode 120000 index d184a0fa..00000000 --- a/crypto_kem/kyber1024/m4fspeed/macros.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/macros.i \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/matacc.c b/crypto_kem/kyber1024/m4fspeed/matacc.c deleted file mode 120000 index bf2438db..00000000 --- a/crypto_kem/kyber1024/m4fspeed/matacc.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/matacc.h b/crypto_kem/kyber1024/m4fspeed/matacc.h deleted file mode 120000 index 3288c40f..00000000 --- a/crypto_kem/kyber1024/m4fspeed/matacc.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/matacc.i b/crypto_kem/kyber1024/m4fspeed/matacc.i deleted file mode 120000 index e388a0ad..00000000 --- a/crypto_kem/kyber1024/m4fspeed/matacc.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.i \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/matacc_asm.S b/crypto_kem/kyber1024/m4fspeed/matacc_asm.S deleted file mode 120000 index 11b9cfc7..00000000 --- a/crypto_kem/kyber1024/m4fspeed/matacc_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/ntt.c b/crypto_kem/kyber1024/m4fspeed/ntt.c deleted file mode 120000 index 21c83bdf..00000000 --- a/crypto_kem/kyber1024/m4fspeed/ntt.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/ntt.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/ntt.h b/crypto_kem/kyber1024/m4fspeed/ntt.h deleted file mode 120000 index bd203902..00000000 --- a/crypto_kem/kyber1024/m4fspeed/ntt.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/ntt.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/poly.c b/crypto_kem/kyber1024/m4fspeed/poly.c deleted file mode 120000 index ed549db6..00000000 --- a/crypto_kem/kyber1024/m4fspeed/poly.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/poly.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/poly.h b/crypto_kem/kyber1024/m4fspeed/poly.h deleted file mode 120000 index 6f495407..00000000 --- a/crypto_kem/kyber1024/m4fspeed/poly.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/poly.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/poly_asm.S b/crypto_kem/kyber1024/m4fspeed/poly_asm.S deleted file mode 120000 index 4424e11a..00000000 --- a/crypto_kem/kyber1024/m4fspeed/poly_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/polyvec.c b/crypto_kem/kyber1024/m4fspeed/polyvec.c deleted file mode 120000 index 0aedeeef..00000000 --- a/crypto_kem/kyber1024/m4fspeed/polyvec.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/polyvec.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/polyvec.h b/crypto_kem/kyber1024/m4fspeed/polyvec.h deleted file mode 120000 index cee9bc6f..00000000 --- a/crypto_kem/kyber1024/m4fspeed/polyvec.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/polyvec.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/reduce.S b/crypto_kem/kyber1024/m4fspeed/reduce.S deleted file mode 120000 index 0b00788a..00000000 --- a/crypto_kem/kyber1024/m4fspeed/reduce.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/reduce.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/symmetric-fips202.c b/crypto_kem/kyber1024/m4fspeed/symmetric-fips202.c deleted file mode 120000 index 98f6a1ae..00000000 --- a/crypto_kem/kyber1024/m4fspeed/symmetric-fips202.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/symmetric.h b/crypto_kem/kyber1024/m4fspeed/symmetric.h deleted file mode 120000 index 56622b89..00000000 --- a/crypto_kem/kyber1024/m4fspeed/symmetric.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/symmetric.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/verify.c b/crypto_kem/kyber1024/m4fspeed/verify.c deleted file mode 120000 index 56596267..00000000 --- a/crypto_kem/kyber1024/m4fspeed/verify.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/verify.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/verify.h b/crypto_kem/kyber1024/m4fspeed/verify.h deleted file mode 120000 index 72b107fb..00000000 --- a/crypto_kem/kyber1024/m4fspeed/verify.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/verify.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/cmov_int16.S b/crypto_kem/kyber1024/m4fstack/cmov_int16.S deleted file mode 120000 index e57b8b26..00000000 --- a/crypto_kem/kyber1024/m4fstack/cmov_int16.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/fastbasemul.S b/crypto_kem/kyber1024/m4fstack/fastbasemul.S deleted file mode 120000 index 7ba7f7e4..00000000 --- a/crypto_kem/kyber1024/m4fstack/fastbasemul.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/fastinvntt.S b/crypto_kem/kyber1024/m4fstack/fastinvntt.S deleted file mode 120000 index 8b242d6c..00000000 --- a/crypto_kem/kyber1024/m4fstack/fastinvntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/fastntt.S b/crypto_kem/kyber1024/m4fstack/fastntt.S deleted file mode 120000 index 6314b554..00000000 --- a/crypto_kem/kyber1024/m4fstack/fastntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/indcpa.c b/crypto_kem/kyber1024/m4fstack/indcpa.c deleted file mode 120000 index 7d86b771..00000000 --- a/crypto_kem/kyber1024/m4fstack/indcpa.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/indcpa.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/indcpa.h b/crypto_kem/kyber1024/m4fstack/indcpa.h deleted file mode 120000 index 66fb14f7..00000000 --- a/crypto_kem/kyber1024/m4fstack/indcpa.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/indcpa.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/matacc.c b/crypto_kem/kyber1024/m4fstack/matacc.c deleted file mode 120000 index 9934856f..00000000 --- a/crypto_kem/kyber1024/m4fstack/matacc.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/matacc.h b/crypto_kem/kyber1024/m4fstack/matacc.h deleted file mode 120000 index 17b44879..00000000 --- a/crypto_kem/kyber1024/m4fstack/matacc.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/matacc.i b/crypto_kem/kyber1024/m4fstack/matacc.i deleted file mode 120000 index 3804c85d..00000000 --- a/crypto_kem/kyber1024/m4fstack/matacc.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.i \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/matacc_asm.S b/crypto_kem/kyber1024/m4fstack/matacc_asm.S deleted file mode 120000 index 4a77c2bd..00000000 --- a/crypto_kem/kyber1024/m4fstack/matacc_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/poly.c b/crypto_kem/kyber1024/m4fstack/poly.c deleted file mode 120000 index 209dba88..00000000 --- a/crypto_kem/kyber1024/m4fstack/poly.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/poly.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/poly.h b/crypto_kem/kyber1024/m4fstack/poly.h deleted file mode 120000 index e02915ca..00000000 --- a/crypto_kem/kyber1024/m4fstack/poly.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/poly.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/poly_asm.S b/crypto_kem/kyber1024/m4fstack/poly_asm.S deleted file mode 120000 index 9b529775..00000000 --- a/crypto_kem/kyber1024/m4fstack/poly_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/cmov_int16.S b/crypto_kem/kyber512/m4fspeed/cmov_int16.S deleted file mode 120000 index e57b8b26..00000000 --- a/crypto_kem/kyber512/m4fspeed/cmov_int16.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/fastaddsub.S b/crypto_kem/kyber512/m4fspeed/fastaddsub.S deleted file mode 120000 index 462644bb..00000000 --- a/crypto_kem/kyber512/m4fspeed/fastaddsub.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastaddsub.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/fastbasemul.S b/crypto_kem/kyber512/m4fspeed/fastbasemul.S deleted file mode 120000 index 7156a2a8..00000000 --- a/crypto_kem/kyber512/m4fspeed/fastbasemul.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/fastinvntt.S b/crypto_kem/kyber512/m4fspeed/fastinvntt.S deleted file mode 120000 index 38ea2e36..00000000 --- a/crypto_kem/kyber512/m4fspeed/fastinvntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/fastntt.S b/crypto_kem/kyber512/m4fspeed/fastntt.S deleted file mode 120000 index 6314b554..00000000 --- a/crypto_kem/kyber512/m4fspeed/fastntt.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/indcpa.h b/crypto_kem/kyber512/m4fspeed/indcpa.h deleted file mode 120000 index 86639d83..00000000 --- a/crypto_kem/kyber512/m4fspeed/indcpa.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/indcpa.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/kem.c b/crypto_kem/kyber512/m4fspeed/kem.c deleted file mode 120000 index fba83bf4..00000000 --- a/crypto_kem/kyber512/m4fspeed/kem.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/kem.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/macros.i b/crypto_kem/kyber512/m4fspeed/macros.i deleted file mode 120000 index d184a0fa..00000000 --- a/crypto_kem/kyber512/m4fspeed/macros.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/macros.i \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/matacc.c b/crypto_kem/kyber512/m4fspeed/matacc.c deleted file mode 120000 index bf2438db..00000000 --- a/crypto_kem/kyber512/m4fspeed/matacc.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/matacc.h b/crypto_kem/kyber512/m4fspeed/matacc.h deleted file mode 120000 index 3288c40f..00000000 --- a/crypto_kem/kyber512/m4fspeed/matacc.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/matacc.i b/crypto_kem/kyber512/m4fspeed/matacc.i deleted file mode 120000 index e388a0ad..00000000 --- a/crypto_kem/kyber512/m4fspeed/matacc.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc.i \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/matacc_asm.S b/crypto_kem/kyber512/m4fspeed/matacc_asm.S deleted file mode 120000 index 11b9cfc7..00000000 --- a/crypto_kem/kyber512/m4fspeed/matacc_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/ntt.c b/crypto_kem/kyber512/m4fspeed/ntt.c deleted file mode 120000 index 21c83bdf..00000000 --- a/crypto_kem/kyber512/m4fspeed/ntt.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/ntt.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/ntt.h b/crypto_kem/kyber512/m4fspeed/ntt.h deleted file mode 120000 index bd203902..00000000 --- a/crypto_kem/kyber512/m4fspeed/ntt.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/ntt.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/poly_asm.S b/crypto_kem/kyber512/m4fspeed/poly_asm.S deleted file mode 120000 index 4424e11a..00000000 --- a/crypto_kem/kyber512/m4fspeed/poly_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/polyvec.c b/crypto_kem/kyber512/m4fspeed/polyvec.c deleted file mode 120000 index 0aedeeef..00000000 --- a/crypto_kem/kyber512/m4fspeed/polyvec.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/polyvec.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/polyvec.h b/crypto_kem/kyber512/m4fspeed/polyvec.h deleted file mode 120000 index cee9bc6f..00000000 --- a/crypto_kem/kyber512/m4fspeed/polyvec.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/polyvec.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/reduce.S b/crypto_kem/kyber512/m4fspeed/reduce.S deleted file mode 120000 index 0b00788a..00000000 --- a/crypto_kem/kyber512/m4fspeed/reduce.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/reduce.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/symmetric-fips202.c b/crypto_kem/kyber512/m4fspeed/symmetric-fips202.c deleted file mode 120000 index 98f6a1ae..00000000 --- a/crypto_kem/kyber512/m4fspeed/symmetric-fips202.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/symmetric.h b/crypto_kem/kyber512/m4fspeed/symmetric.h deleted file mode 120000 index 56622b89..00000000 --- a/crypto_kem/kyber512/m4fspeed/symmetric.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/symmetric.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/verify.c b/crypto_kem/kyber512/m4fspeed/verify.c deleted file mode 120000 index 56596267..00000000 --- a/crypto_kem/kyber512/m4fspeed/verify.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/verify.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/verify.h b/crypto_kem/kyber512/m4fspeed/verify.h deleted file mode 120000 index 72b107fb..00000000 --- a/crypto_kem/kyber512/m4fspeed/verify.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/verify.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/cmov_int16.S b/crypto_kem/kyber512/m4fstack/cmov_int16.S deleted file mode 120000 index e57b8b26..00000000 --- a/crypto_kem/kyber512/m4fstack/cmov_int16.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/fastbasemul.S b/crypto_kem/kyber512/m4fstack/fastbasemul.S deleted file mode 120000 index 7ba7f7e4..00000000 --- a/crypto_kem/kyber512/m4fstack/fastbasemul.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/fastinvntt.S b/crypto_kem/kyber512/m4fstack/fastinvntt.S deleted file mode 100644 index 12577f38..00000000 --- a/crypto_kem/kyber512/m4fstack/fastinvntt.S +++ /dev/null @@ -1,356 +0,0 @@ -/****************************************************************************** -* Integrating the improved Plantard arithmetic into Kyber. -* -* Efficient Plantard arithmetic enables a faster Kyber implementation with the -* same stack usage. -* -* See the paper at https://eprint.iacr.org/2022/956.pdf for more details. -* -* @author Junhao Huang, BNU-HKBU United International College, Zhuhai, China -* jhhuang_nuaa@126.com -* -* @date September 2022 -******************************************************************************/ -#include "macros.i" - -.syntax unified -.cpu cortex-m4 -.thumb - -.macro mul_twiddle_plant a, twiddle, tmp, q, qa - smulwb \tmp, \twiddle, \a - smulwt \a, \twiddle, \a - smlabt \tmp, \tmp, \q, \qa - smlabt \a, \a, \q, \qa - pkhtb \a, \a, \tmp, asr#16 -.endm - -.macro doublebutterfly_plant a0, a1, twiddle, tmp, q, qa - smulwb \tmp, \twiddle, \a1 - smulwt \a1, \twiddle, \a1 - smlabt \tmp, \tmp, \q, \qa - smlabt \a1, \a1, \q, \qa - pkhtb \tmp, \a1, \tmp, asr#16 - usub16 \a1, \a0, \tmp - uadd16 \a0, \a0, \tmp -.endm - -.macro two_doublebutterfly_plant a0, a1, a2, a3, twiddle0, twiddle1, tmp, q, qa - doublebutterfly_plant \a0, \a1, \twiddle0, \tmp, \q, \qa - doublebutterfly_plant \a2, \a3, \twiddle1, \tmp, \q, \qa -.endm - -.macro fullplant a0, a1, a2, a3, a4, a5, a6, a7, tmp, q, qa, plantconst - movw \plantconst, #44984 - movt \plantconst, #19 - doubleplant \a0, \tmp, \q, \qa, \plantconst - doubleplant \a1, \tmp, \q, \qa, \plantconst - doubleplant \a2, \tmp, \q, \qa, \plantconst - doubleplant \a3, \tmp, \q, \qa, \plantconst - doubleplant \a4, \tmp, \q, \qa, \plantconst - doubleplant \a5, \tmp, \q, \qa, \plantconst - doubleplant \a6, \tmp, \q, \qa, \plantconst - doubleplant \a7, \tmp, \q, \qa, \plantconst -.endm - -.macro halfplant a0, a1, a2, a3, tmp, q, qa, plantconst - movw \plantconst, #44984 - movt \plantconst, #19 - doubleplant \a0, \tmp, \q, \qa, \plantconst - doubleplant \a1, \tmp, \q, \qa, \plantconst - doubleplant \a2, \tmp, \q, \qa, \plantconst - doubleplant \a3, \tmp, \q, \qa, \plantconst -.endm - - -// input: 0.5/1q -.macro _3_layer_double_inv_CT_16_plant_light c0, c1, c2, c3, c4, c5, c6, c7, xi2, xi4, xi5, xi6, twiddle1, tmp2, q, qa, tmp - - // layer 1 - sadd16.w \tmp, \c0, \c1 // c0, c1 - ssub16.w \c1, \c0, \c1 - sadd16.w \tmp2, \c2, \c3 // c2, c3 - ssub16.w \c3, \c2, \c3 - // tmp, c1, tmp2, c3: 1q maximum - sadd16.w \c0, \c4, \c5 // c4, c5 - ssub16.w \c5, \c4, \c5 - sadd16.w \c2, \c6, \c7 // c6, c7 - ssub16.w \c7, \c6, \c7 - // c4, c6 are free at this point - // c0,c5,c2,c7 1q maximum - - // layer 2 - sadd16.w \c6, \tmp, \tmp2 // c0, c2 - ssub16.w \tmp2, \tmp, \tmp2 - sadd16.w \c4, \c0, \c2 // c4, c6 - ssub16.w \c2, \c0, \c2 - // c6, tmp2, c4, c2: 2q maximum - - vmov.w \twiddle1, \xi2 - doublebutterfly_plant \c1, \c3, \twiddle1, \tmp, \q, \qa - doublebutterfly_plant \c5, \c7, \twiddle1, \tmp, \q, \qa - // c1, c3, c7, c5: 1.5q maximum; - - // tmp and c0 are free at this point - // layer 3 - sadd16.w \c0, \c6, \c4 // c0, c4 - ssub16.w \c4, \c6, \c4 - // c0, c4: 4q - // c6 are free at this point - vmov.w \twiddle1, \xi4 - doublebutterfly_plant \c1, \c5, \twiddle1, \tmp, \q, \qa - // c1, c5: 2q maximum - - vmov.w \twiddle1, \xi5 - // this block is one doublebutterfly - smulwb \tmp, \twiddle1, \c2 // c2, c6 - smulwt \c2, \twiddle1, \c2 - smlabt \tmp, \tmp, \q, \qa - smlabt \c2, \c2, \q, \qa - pkhtb \tmp, \c2, \tmp, asr#16 - ssub16.w \c6, \tmp2, \tmp - sadd16.w \c2, \tmp2, \tmp - //c6, c2: 4.5q - vmov.w \twiddle1, \xi6 - doublebutterfly_plant \c3, \c7, \twiddle1, \tmp, \q, \qa - //c3, c7: 2.5q maximum -.endm -.macro _3_layer_double_inv_CT_16_plant c0, c1, c2, c3, c4, c5, c6, c7, twiddle1, twiddle2, twiddle_ptr, q, qa, tmp - // layer 3 - ldr.w \twiddle1, [\twiddle_ptr], #4 - two_doublebutterfly_plant \c0, \c1, \c2, \c3, \twiddle1, \twiddle1, \tmp, \q, \qa - two_doublebutterfly_plant \c4, \c5, \c6, \c7, \twiddle1, \twiddle1, \tmp, \q, \qa - - // layer 2 - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - two_doublebutterfly_plant \c0, \c2, \c1, \c3, \twiddle1, \twiddle2, \tmp, \q, \qa - - two_doublebutterfly_plant \c4, \c6, \c5, \c7, \twiddle1, \twiddle2, \tmp, \q, \qa - - // layer 1 - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - two_doublebutterfly_plant \c0, \c4, \c1, \c5, \twiddle1, \twiddle2, \tmp, \q, \qa - - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - two_doublebutterfly_plant \c2, \c6, \c3, \c7, \twiddle1, \twiddle2, \tmp, \q, \qa -.endm - -.macro _3_layer_double_inv_twist_16_plant c0, c1, c2, c3, c4, c5, c6, c7, twiddle1, twiddle2, twiddle_ptr, q, qa, tmp - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - mul_twiddle_plant \c0, \twiddle1, \tmp, \q, \qa - mul_twiddle_plant \c1, \twiddle2, \tmp, \q, \qa - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - mul_twiddle_plant \c2, \twiddle1, \tmp, \q, \qa - mul_twiddle_plant \c3, \twiddle2, \tmp, \q, \qa - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - mul_twiddle_plant \c4, \twiddle1, \tmp, \q, \qa - mul_twiddle_plant \c5, \twiddle2, \tmp, \q, \qa - ldrd \twiddle1, \twiddle2, [\twiddle_ptr], #8 - mul_twiddle_plant \c6, \twiddle1, \tmp, \q, \qa - mul_twiddle_plant \c7, \twiddle2, \tmp, \q, \qa -.endm - -.global invntt_fast -.type invntt_fast, %function -.align 2 -invntt_fast: - push {r4-r11, r14} - vpush.w {s16-s23} - poly .req r0 - twiddle_ptr .req r1 - poly0 .req r2 - poly1 .req r3 - poly2 .req r4 - poly3 .req r5 - poly4 .req r6 - poly5 .req r7 - poly6 .req r8 - poly7 .req r9 - twiddle1 .req r10 - twiddle2 .req r11 - q .req r12 - // at the top of r12 - qa .req r0 - // qa=2^a q;a=3; at the bottom of r12 - tmp .req r14 - - movt q, #3329 - - ### LAYER 7+6+5+4 - .equ distance, 16 - .equ offset, 32 - .equ strincr, 64 - - // pre-load twiddle factors to FPU registers - vldm twiddle_ptr!, {s8-s22} - - add.w tmp, poly, #8*strincr - vmov s8, tmp - 1: - vmov s23, poly - // load a1, a3, ..., a15 - load poly, poly0, poly1, poly2, poly3, #offset, #distance/4+offset, #2*distance/4+offset, #3*distance/4+offset - load poly, poly4, poly5, poly6, poly7, #distance+offset, #5*distance/4+offset, #6*distance/4+offset, #7*distance/4+offset - - movw qa, #26632 - - // NTT on a1, a3, ..., a15 - // twiddle2 is used as tmp2 - _3_layer_double_inv_CT_16_plant_light poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, s10, s12, s13, s14, twiddle1, twiddle2, q, qa, tmp - - // multiply coeffs by layer 4 twiddles for later use - // vmov twiddle1, s15 - vmov twiddle2, s16 - // mul_twiddle_plant poly0, twiddle1, tmp, q, qa // could be omitted but kept for reduction only - mul_twiddle_plant poly1, twiddle2, tmp, q, qa - - vmov twiddle1, s17 - vmov twiddle2, s18 - mul_twiddle_plant poly2, twiddle1, tmp, q, qa - mul_twiddle_plant poly3, twiddle2, tmp, q, qa - - vmov twiddle1, s19 - vmov twiddle2, s20 - mul_twiddle_plant poly4, twiddle1, tmp, q, qa - mul_twiddle_plant poly5, twiddle2, tmp, q, qa - - vmov twiddle1, s21 - vmov twiddle2, s22 - mul_twiddle_plant poly6, twiddle1, tmp, q, qa - mul_twiddle_plant poly7, twiddle2, tmp, q, qa - - vmov s0, poly0 // a1 - vmov s1, poly1 // a3 - vmov s2, poly2 // a5 - vmov s3, poly3 // a7 - vmov s4, poly4 // a9 - vmov s5, poly5 // a11 - vmov s6, poly6 // a13 - vmov s7, poly7 // a15 - // 0.5q - // ---------- - - vmov poly, s23 - // load a0, a2, ..., a14 - load poly, poly0, poly1, poly2, poly3, #0, #distance/4, #2*distance/4, #3*distance/4 - load poly, poly4, poly5, poly6, poly7, #distance, #5*distance/4, #6*distance/4, #7*distance/4 - - movw qa, #26632 - // NTT on a0, a2, ..., a14 - // twiddle2 is used as tmp2 - _3_layer_double_inv_CT_16_plant_light poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, s10, s12, s13, s14, twiddle1, twiddle2, q, qa, tmp - // 1,3,5,7: <5q; 0,2,4,6:<1q - // layer 4 - 1 - // addsub: (a2, a6, a10, a14), (a3, a7, a11, a15) - vmov poly, s23 - vmov twiddle2, s1 // load a3 - uadd16 tmp, poly1, twiddle2 - usub16 poly1, poly1, twiddle2 - str.w tmp, [poly, #1*distance/4] - str.w poly1, [poly, #1*distance/4+offset] - - vmov twiddle2, s3 // load a7 - uadd16 tmp, poly3, twiddle2 - usub16 poly3, poly3, twiddle2 - str.w tmp, [poly, #3*distance/4] - str.w poly3, [poly, #3*distance/4+offset] - - vmov twiddle2, s5 // load a11 - uadd16 tmp, poly5, twiddle2 - usub16 poly5, poly5, twiddle2 - str.w tmp, [poly, #5*distance/4] - str.w poly5, [poly, #5*distance/4+offset] - - vmov twiddle2, s7 // load a15 - uadd16 tmp, poly7, twiddle2 - usub16 poly7, poly7, twiddle2 - str.w tmp, [poly, #7*distance/4] - str.w poly7, [poly, #7*distance/4+offset] - //1,3,5,7: < 5.5q - - // layer 4 - 2 - // addsub: (a0, a4, a8, a12), (a1, a5, a9, a13) - vmov poly3, s2 // load a5 - uadd16 tmp, poly2, poly3 - usub16 twiddle2, poly2, poly3 - str.w tmp, [poly, #2*distance/4] - str.w twiddle2, [poly, #2*distance/4+offset] - - vmov poly5, s4 // load a9 - uadd16 tmp, poly4, poly5 - usub16 twiddle2, poly4, poly5 - str.w tmp, [poly, #4*distance/4] - str.w twiddle2, [poly, #4*distance/4+offset] - - vmov poly7, s6 // load a13 - uadd16 tmp, poly6, poly7 - usub16 twiddle2, poly6, poly7 - str.w tmp, [poly, #6*distance/4] - str.w twiddle2, [poly, #6*distance/4+offset] - - vmov poly1, s0 // load a1 - uadd16 tmp, poly0, poly1 - usub16 twiddle2, poly0, poly1 - str.w twiddle2, [poly, #offset] - str.w tmp, [poly], #strincr // increase 2*8*4 = 64 (2 * 8 loads of 4 bytes each) - //0,2,4,6: < 1.5q - vmov tmp, s8 - cmp.w poly, tmp - bne.w 1b - - sub.w poly, #8*strincr - - ### LAYER 3+2+1 - - .equ distance, distance*16 - .equ strincr, 4 - - // ITER 0 - vmov s6, poly - load poly, poly0, poly1, poly2, poly3, #0, #distance/4, #2*distance/4, #3*distance/4 - load poly, poly4, poly5, poly6, poly7, #distance, #5*distance/4, #6*distance/4, #7*distance/4 - - vldm twiddle_ptr!, {s0-s5} - movw qa, #26632 - fullplant poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7 tmp, q, qa, twiddle1 - // twiddle2 is used as tmp2 - _3_layer_double_inv_CT_16_plant_light poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, s1, s3, s4, s5, twiddle1, twiddle2, q, qa, tmp - - // twisting - _3_layer_double_inv_twist_16_plant poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, twiddle1, twiddle2, twiddle_ptr, q, qa, tmp - - vmov poly, s6 - store poly, poly4, poly5, poly6, poly7, #distance, #5*distance/4, #6*distance/4, #7*distance/4 - str.w poly1, [poly, #distance/4] - str.w poly2, [poly, #2*distance/4] - str.w poly3, [poly, #3*distance/4] - str.w poly0, [poly], #4 - - // ITER 1-15 - add.w tmp, poly, #strincr*3*(5) - vmov s14, tmp - 2: - vmov s6, poly - // polys upto 5.5q - load poly, poly0, poly1, poly2, poly3, #0, #distance/4, #2*distance/4, #3*distance/4 - load poly, poly4, poly5, poly6, poly7, #distance, #5*distance/4, #6*distance/4, #7*distance/4 - - movw qa, #26632 - _3_layer_double_inv_CT_16_plant poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, twiddle1, twiddle2, twiddle_ptr, q, qa, tmp - - // twisting - _3_layer_double_inv_twist_16_plant poly0, poly1, poly2, poly3, poly4, poly5, poly6, poly7, twiddle1, twiddle2, twiddle_ptr, q, qa, tmp - - vmov poly, s6 - store poly, poly4, poly5, poly6, poly7, #distance, #5*distance/4, #6*distance/4, #7*distance/4 - str.w poly1, [poly, #distance/4] - str.w poly2, [poly, #2*distance/4] - str.w poly3, [poly, #3*distance/4] - str.w poly0, [poly], #4 - - vmov tmp, s14 - cmp.w poly, tmp - bne.w 2b - - vpop.w {s16-s23} - pop {r4-r11, pc} diff --git a/crypto_kem/kyber512/m4fstack/matacc.c b/crypto_kem/kyber512/m4fstack/matacc.c deleted file mode 120000 index 9934856f..00000000 --- a/crypto_kem/kyber512/m4fstack/matacc.c +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.c \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/matacc.h b/crypto_kem/kyber512/m4fstack/matacc.h deleted file mode 120000 index 17b44879..00000000 --- a/crypto_kem/kyber512/m4fstack/matacc.h +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/matacc.i b/crypto_kem/kyber512/m4fstack/matacc.i deleted file mode 120000 index 3804c85d..00000000 --- a/crypto_kem/kyber512/m4fstack/matacc.i +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc.i \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/matacc_asm.S b/crypto_kem/kyber512/m4fstack/matacc_asm.S deleted file mode 120000 index 4a77c2bd..00000000 --- a/crypto_kem/kyber512/m4fstack/matacc_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/poly_asm.S b/crypto_kem/kyber512/m4fstack/poly_asm.S deleted file mode 120000 index 9b529775..00000000 --- a/crypto_kem/kyber512/m4fstack/poly_asm.S +++ /dev/null @@ -1 +0,0 @@ -../../kyber768/m4fstack/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber768/m4fstack/symmetric-fips202.c b/crypto_kem/kyber768/m4fstack/symmetric-fips202.c deleted file mode 120000 index fa4ba9ac..00000000 --- a/crypto_kem/kyber768/m4fstack/symmetric-fips202.c +++ /dev/null @@ -1 +0,0 @@ -../m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/api.h b/crypto_kem/ml-kem-1024/m4fspeed/api.h similarity index 100% rename from crypto_kem/kyber1024/m4fspeed/api.h rename to crypto_kem/ml-kem-1024/m4fspeed/api.h diff --git a/crypto_kem/ml-kem-1024/m4fspeed/cbd.c b/crypto_kem/ml-kem-1024/m4fspeed/cbd.c new file mode 120000 index 00000000..801f7f81 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/cbd.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cbd.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/cbd.h b/crypto_kem/ml-kem-1024/m4fspeed/cbd.h new file mode 120000 index 00000000..4f9e3afa --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/cbd.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cbd.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/cmov_int16.S b/crypto_kem/ml-kem-1024/m4fspeed/cmov_int16.S new file mode 120000 index 00000000..bdef6f46 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/cmov_int16.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/fastaddsub.S b/crypto_kem/ml-kem-1024/m4fspeed/fastaddsub.S new file mode 120000 index 00000000..aa555642 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/fastaddsub.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastaddsub.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/fastbasemul.S b/crypto_kem/ml-kem-1024/m4fspeed/fastbasemul.S new file mode 120000 index 00000000..4384e1d1 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/fastbasemul.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/fastinvntt.S b/crypto_kem/ml-kem-1024/m4fspeed/fastinvntt.S new file mode 120000 index 00000000..ede60d79 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/fastinvntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/fastntt.S b/crypto_kem/ml-kem-1024/m4fspeed/fastntt.S new file mode 120000 index 00000000..d34524f9 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/fastntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/indcpa.c b/crypto_kem/ml-kem-1024/m4fspeed/indcpa.c new file mode 120000 index 00000000..25db6b1a --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/indcpa.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/indcpa.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/indcpa.h b/crypto_kem/ml-kem-1024/m4fspeed/indcpa.h new file mode 120000 index 00000000..e6f36626 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/indcpa.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/indcpa.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/kem.c b/crypto_kem/ml-kem-1024/m4fspeed/kem.c new file mode 120000 index 00000000..489b6f94 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/kem.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/kem.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/macros.i b/crypto_kem/ml-kem-1024/m4fspeed/macros.i new file mode 120000 index 00000000..a7d8e742 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/macros.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/macros.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/matacc.c b/crypto_kem/ml-kem-1024/m4fspeed/matacc.c new file mode 120000 index 00000000..71d72340 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/matacc.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/matacc.h b/crypto_kem/ml-kem-1024/m4fspeed/matacc.h new file mode 120000 index 00000000..19b67726 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/matacc.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/matacc.i b/crypto_kem/ml-kem-1024/m4fspeed/matacc.i new file mode 120000 index 00000000..39b6e23d --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/matacc.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/matacc_asm.S b/crypto_kem/ml-kem-1024/m4fspeed/matacc_asm.S new file mode 120000 index 00000000..3c7d05e1 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/matacc_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/ntt.c b/crypto_kem/ml-kem-1024/m4fspeed/ntt.c new file mode 120000 index 00000000..971c6b0c --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/ntt.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/ntt.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/ntt.h b/crypto_kem/ml-kem-1024/m4fspeed/ntt.h new file mode 120000 index 00000000..11e111d3 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/ntt.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/ntt.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fspeed/params.h b/crypto_kem/ml-kem-1024/m4fspeed/params.h similarity index 100% rename from crypto_kem/kyber1024/m4fspeed/params.h rename to crypto_kem/ml-kem-1024/m4fspeed/params.h diff --git a/crypto_kem/ml-kem-1024/m4fspeed/poly.c b/crypto_kem/ml-kem-1024/m4fspeed/poly.c new file mode 120000 index 00000000..b432b8a0 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/poly.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/poly.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/poly.h b/crypto_kem/ml-kem-1024/m4fspeed/poly.h new file mode 120000 index 00000000..6003dc34 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/poly.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/poly.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/poly_asm.S b/crypto_kem/ml-kem-1024/m4fspeed/poly_asm.S new file mode 120000 index 00000000..c4bda05f --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/poly_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/polyvec.c b/crypto_kem/ml-kem-1024/m4fspeed/polyvec.c new file mode 120000 index 00000000..c3f7d0a6 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/polyvec.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/polyvec.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/polyvec.h b/crypto_kem/ml-kem-1024/m4fspeed/polyvec.h new file mode 120000 index 00000000..47cf6c34 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/polyvec.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/polyvec.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/reduce.S b/crypto_kem/ml-kem-1024/m4fspeed/reduce.S new file mode 120000 index 00000000..2edf10c8 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/reduce.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/reduce.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/symmetric-fips202.c b/crypto_kem/ml-kem-1024/m4fspeed/symmetric-fips202.c new file mode 120000 index 00000000..5adc9ae6 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/symmetric-fips202.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/symmetric.h b/crypto_kem/ml-kem-1024/m4fspeed/symmetric.h new file mode 120000 index 00000000..698a10dc --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/symmetric.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/verify.c b/crypto_kem/ml-kem-1024/m4fspeed/verify.c new file mode 120000 index 00000000..85d7f505 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/verify.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/verify.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fspeed/verify.h b/crypto_kem/ml-kem-1024/m4fspeed/verify.h new file mode 120000 index 00000000..e19a3016 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fspeed/verify.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/verify.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/api.h b/crypto_kem/ml-kem-1024/m4fstack/api.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/api.h rename to crypto_kem/ml-kem-1024/m4fstack/api.h diff --git a/crypto_kem/kyber1024/m4fstack/cbd.c b/crypto_kem/ml-kem-1024/m4fstack/cbd.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/cbd.c rename to crypto_kem/ml-kem-1024/m4fstack/cbd.c diff --git a/crypto_kem/kyber1024/m4fstack/cbd.h b/crypto_kem/ml-kem-1024/m4fstack/cbd.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/cbd.h rename to crypto_kem/ml-kem-1024/m4fstack/cbd.h diff --git a/crypto_kem/ml-kem-1024/m4fstack/cmov_int16.S b/crypto_kem/ml-kem-1024/m4fstack/cmov_int16.S new file mode 120000 index 00000000..bdef6f46 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/cmov_int16.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/fastaddsub.S b/crypto_kem/ml-kem-1024/m4fstack/fastaddsub.S similarity index 100% rename from crypto_kem/kyber1024/m4fstack/fastaddsub.S rename to crypto_kem/ml-kem-1024/m4fstack/fastaddsub.S diff --git a/crypto_kem/ml-kem-1024/m4fstack/fastbasemul.S b/crypto_kem/ml-kem-1024/m4fstack/fastbasemul.S new file mode 120000 index 00000000..531385d1 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/fastbasemul.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/fastinvntt.S b/crypto_kem/ml-kem-1024/m4fstack/fastinvntt.S new file mode 120000 index 00000000..ede60d79 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/fastinvntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/fastntt.S b/crypto_kem/ml-kem-1024/m4fstack/fastntt.S new file mode 120000 index 00000000..d34524f9 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/fastntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/indcpa.c b/crypto_kem/ml-kem-1024/m4fstack/indcpa.c new file mode 120000 index 00000000..a4103b16 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/indcpa.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/indcpa.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/indcpa.h b/crypto_kem/ml-kem-1024/m4fstack/indcpa.h new file mode 120000 index 00000000..9e56c804 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/indcpa.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/indcpa.h \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/kem.c b/crypto_kem/ml-kem-1024/m4fstack/kem.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/kem.c rename to crypto_kem/ml-kem-1024/m4fstack/kem.c diff --git a/crypto_kem/kyber1024/m4fstack/macros.i b/crypto_kem/ml-kem-1024/m4fstack/macros.i similarity index 100% rename from crypto_kem/kyber1024/m4fstack/macros.i rename to crypto_kem/ml-kem-1024/m4fstack/macros.i diff --git a/crypto_kem/ml-kem-1024/m4fstack/matacc.c b/crypto_kem/ml-kem-1024/m4fstack/matacc.c new file mode 120000 index 00000000..5558ec8f --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/matacc.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/matacc.h b/crypto_kem/ml-kem-1024/m4fstack/matacc.h new file mode 120000 index 00000000..4eb7706e --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/matacc.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/matacc.i b/crypto_kem/ml-kem-1024/m4fstack/matacc.i new file mode 120000 index 00000000..0d39b07b --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/matacc.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/matacc_asm.S b/crypto_kem/ml-kem-1024/m4fstack/matacc_asm.S new file mode 120000 index 00000000..0079bb51 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/matacc_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/ntt.c b/crypto_kem/ml-kem-1024/m4fstack/ntt.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/ntt.c rename to crypto_kem/ml-kem-1024/m4fstack/ntt.c diff --git a/crypto_kem/kyber1024/m4fstack/ntt.h b/crypto_kem/ml-kem-1024/m4fstack/ntt.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/ntt.h rename to crypto_kem/ml-kem-1024/m4fstack/ntt.h diff --git a/crypto_kem/kyber1024/m4fstack/params.h b/crypto_kem/ml-kem-1024/m4fstack/params.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/params.h rename to crypto_kem/ml-kem-1024/m4fstack/params.h diff --git a/crypto_kem/ml-kem-1024/m4fstack/poly.c b/crypto_kem/ml-kem-1024/m4fstack/poly.c new file mode 120000 index 00000000..df6f119a --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/poly.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/poly.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/poly.h b/crypto_kem/ml-kem-1024/m4fstack/poly.h new file mode 120000 index 00000000..ad89400e --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/poly.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/poly.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-1024/m4fstack/poly_asm.S b/crypto_kem/ml-kem-1024/m4fstack/poly_asm.S new file mode 120000 index 00000000..167ee5ee --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/poly_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/polyvec.c b/crypto_kem/ml-kem-1024/m4fstack/polyvec.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/polyvec.c rename to crypto_kem/ml-kem-1024/m4fstack/polyvec.c diff --git a/crypto_kem/kyber1024/m4fstack/polyvec.h b/crypto_kem/ml-kem-1024/m4fstack/polyvec.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/polyvec.h rename to crypto_kem/ml-kem-1024/m4fstack/polyvec.h diff --git a/crypto_kem/kyber1024/m4fstack/reduce.S b/crypto_kem/ml-kem-1024/m4fstack/reduce.S similarity index 100% rename from crypto_kem/kyber1024/m4fstack/reduce.S rename to crypto_kem/ml-kem-1024/m4fstack/reduce.S diff --git a/crypto_kem/ml-kem-1024/m4fstack/symmetric-fips202.c b/crypto_kem/ml-kem-1024/m4fstack/symmetric-fips202.c new file mode 120000 index 00000000..5adc9ae6 --- /dev/null +++ b/crypto_kem/ml-kem-1024/m4fstack/symmetric-fips202.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/kyber1024/m4fstack/symmetric.h b/crypto_kem/ml-kem-1024/m4fstack/symmetric.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/symmetric.h rename to crypto_kem/ml-kem-1024/m4fstack/symmetric.h diff --git a/crypto_kem/kyber1024/m4fstack/verify.c b/crypto_kem/ml-kem-1024/m4fstack/verify.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/verify.c rename to crypto_kem/ml-kem-1024/m4fstack/verify.c diff --git a/crypto_kem/kyber1024/m4fstack/verify.h b/crypto_kem/ml-kem-1024/m4fstack/verify.h similarity index 100% rename from crypto_kem/kyber1024/m4fstack/verify.h rename to crypto_kem/ml-kem-1024/m4fstack/verify.h diff --git a/crypto_kem/kyber512/m4fspeed/api.h b/crypto_kem/ml-kem-512/m4fspeed/api.h similarity index 100% rename from crypto_kem/kyber512/m4fspeed/api.h rename to crypto_kem/ml-kem-512/m4fspeed/api.h diff --git a/crypto_kem/kyber512/m4fspeed/cbd.c b/crypto_kem/ml-kem-512/m4fspeed/cbd.c similarity index 100% rename from crypto_kem/kyber512/m4fspeed/cbd.c rename to crypto_kem/ml-kem-512/m4fspeed/cbd.c diff --git a/crypto_kem/kyber512/m4fspeed/cbd.h b/crypto_kem/ml-kem-512/m4fspeed/cbd.h similarity index 100% rename from crypto_kem/kyber512/m4fspeed/cbd.h rename to crypto_kem/ml-kem-512/m4fspeed/cbd.h diff --git a/crypto_kem/ml-kem-512/m4fspeed/cmov_int16.S b/crypto_kem/ml-kem-512/m4fspeed/cmov_int16.S new file mode 120000 index 00000000..bdef6f46 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/cmov_int16.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/fastaddsub.S b/crypto_kem/ml-kem-512/m4fspeed/fastaddsub.S new file mode 120000 index 00000000..aa555642 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/fastaddsub.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastaddsub.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/fastbasemul.S b/crypto_kem/ml-kem-512/m4fspeed/fastbasemul.S new file mode 120000 index 00000000..4384e1d1 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/fastbasemul.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/fastinvntt.S b/crypto_kem/ml-kem-512/m4fspeed/fastinvntt.S new file mode 120000 index 00000000..ede60d79 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/fastinvntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/fastntt.S b/crypto_kem/ml-kem-512/m4fspeed/fastntt.S new file mode 120000 index 00000000..d34524f9 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/fastntt.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/fastntt.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/indcpa.c b/crypto_kem/ml-kem-512/m4fspeed/indcpa.c similarity index 98% rename from crypto_kem/kyber512/m4fspeed/indcpa.c rename to crypto_kem/ml-kem-512/m4fspeed/indcpa.c index 5e7fd5ca..99f5b3c1 100644 --- a/crypto_kem/kyber512/m4fspeed/indcpa.c +++ b/crypto_kem/ml-kem-512/m4fspeed/indcpa.c @@ -34,7 +34,9 @@ void indcpa_keypair_derand(unsigned char *pk, int i; unsigned char nonce = 0; - hash_g(buf, coins, KYBER_SYMBYTES); + memcpy(buf, coins, KYBER_SYMBYTES); + buf[KYBER_SYMBYTES] = KYBER_K; + hash_g(buf, buf, KYBER_SYMBYTES + 1); for (i = 0; i < KYBER_K; i++) poly_getnoise_eta1(skpv.vec + i, noiseseed, nonce++); diff --git a/crypto_kem/ml-kem-512/m4fspeed/indcpa.h b/crypto_kem/ml-kem-512/m4fspeed/indcpa.h new file mode 120000 index 00000000..e6f36626 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/indcpa.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/indcpa.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/kem.c b/crypto_kem/ml-kem-512/m4fspeed/kem.c new file mode 120000 index 00000000..489b6f94 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/kem.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/kem.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/macros.i b/crypto_kem/ml-kem-512/m4fspeed/macros.i new file mode 120000 index 00000000..a7d8e742 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/macros.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/macros.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/matacc.c b/crypto_kem/ml-kem-512/m4fspeed/matacc.c new file mode 120000 index 00000000..71d72340 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/matacc.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/matacc.h b/crypto_kem/ml-kem-512/m4fspeed/matacc.h new file mode 120000 index 00000000..19b67726 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/matacc.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/matacc.i b/crypto_kem/ml-kem-512/m4fspeed/matacc.i new file mode 120000 index 00000000..39b6e23d --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/matacc.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/matacc_asm.S b/crypto_kem/ml-kem-512/m4fspeed/matacc_asm.S new file mode 120000 index 00000000..3c7d05e1 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/matacc_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/ntt.c b/crypto_kem/ml-kem-512/m4fspeed/ntt.c new file mode 120000 index 00000000..971c6b0c --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/ntt.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/ntt.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/ntt.h b/crypto_kem/ml-kem-512/m4fspeed/ntt.h new file mode 120000 index 00000000..11e111d3 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/ntt.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/ntt.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fspeed/params.h b/crypto_kem/ml-kem-512/m4fspeed/params.h similarity index 100% rename from crypto_kem/kyber512/m4fspeed/params.h rename to crypto_kem/ml-kem-512/m4fspeed/params.h diff --git a/crypto_kem/kyber512/m4fspeed/poly.c b/crypto_kem/ml-kem-512/m4fspeed/poly.c similarity index 100% rename from crypto_kem/kyber512/m4fspeed/poly.c rename to crypto_kem/ml-kem-512/m4fspeed/poly.c diff --git a/crypto_kem/kyber512/m4fspeed/poly.h b/crypto_kem/ml-kem-512/m4fspeed/poly.h similarity index 100% rename from crypto_kem/kyber512/m4fspeed/poly.h rename to crypto_kem/ml-kem-512/m4fspeed/poly.h diff --git a/crypto_kem/ml-kem-512/m4fspeed/poly_asm.S b/crypto_kem/ml-kem-512/m4fspeed/poly_asm.S new file mode 120000 index 00000000..c4bda05f --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/poly_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/polyvec.c b/crypto_kem/ml-kem-512/m4fspeed/polyvec.c new file mode 120000 index 00000000..c3f7d0a6 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/polyvec.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/polyvec.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/polyvec.h b/crypto_kem/ml-kem-512/m4fspeed/polyvec.h new file mode 120000 index 00000000..47cf6c34 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/polyvec.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/polyvec.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/reduce.S b/crypto_kem/ml-kem-512/m4fspeed/reduce.S new file mode 120000 index 00000000..2edf10c8 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/reduce.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/reduce.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202. b/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202. new file mode 120000 index 00000000..e49ba066 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202. @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric-fips202. \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202.c b/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202.c new file mode 120000 index 00000000..5adc9ae6 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/symmetric-fips202.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric-fips202.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/symmetric.h b/crypto_kem/ml-kem-512/m4fspeed/symmetric.h new file mode 120000 index 00000000..698a10dc --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/symmetric.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/symmetric.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/verify.c b/crypto_kem/ml-kem-512/m4fspeed/verify.c new file mode 120000 index 00000000..85d7f505 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/verify.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/verify.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fspeed/verify.h b/crypto_kem/ml-kem-512/m4fspeed/verify.h new file mode 120000 index 00000000..e19a3016 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fspeed/verify.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/verify.h \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/api.h b/crypto_kem/ml-kem-512/m4fstack/api.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/api.h rename to crypto_kem/ml-kem-512/m4fstack/api.h diff --git a/crypto_kem/kyber512/m4fstack/cbd.c b/crypto_kem/ml-kem-512/m4fstack/cbd.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/cbd.c rename to crypto_kem/ml-kem-512/m4fstack/cbd.c diff --git a/crypto_kem/kyber512/m4fstack/cbd.h b/crypto_kem/ml-kem-512/m4fstack/cbd.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/cbd.h rename to crypto_kem/ml-kem-512/m4fstack/cbd.h diff --git a/crypto_kem/ml-kem-512/m4fstack/cmov_int16.S b/crypto_kem/ml-kem-512/m4fstack/cmov_int16.S new file mode 120000 index 00000000..bdef6f46 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/cmov_int16.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fspeed/cmov_int16.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/fastaddsub.S b/crypto_kem/ml-kem-512/m4fstack/fastaddsub.S similarity index 100% rename from crypto_kem/kyber512/m4fstack/fastaddsub.S rename to crypto_kem/ml-kem-512/m4fstack/fastaddsub.S diff --git a/crypto_kem/ml-kem-512/m4fstack/fastbasemul.S b/crypto_kem/ml-kem-512/m4fstack/fastbasemul.S new file mode 120000 index 00000000..531385d1 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/fastbasemul.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/fastbasemul.S \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fstack/fastinvntt.S b/crypto_kem/ml-kem-512/m4fstack/fastinvntt.S new file mode 120000 index 00000000..1ad2d319 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/fastinvntt.S @@ -0,0 +1 @@ +../m4fspeed/fastinvntt.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/fastntt.S b/crypto_kem/ml-kem-512/m4fstack/fastntt.S similarity index 100% rename from crypto_kem/kyber512/m4fstack/fastntt.S rename to crypto_kem/ml-kem-512/m4fstack/fastntt.S diff --git a/crypto_kem/kyber512/m4fstack/indcpa.c b/crypto_kem/ml-kem-512/m4fstack/indcpa.c similarity index 98% rename from crypto_kem/kyber512/m4fstack/indcpa.c rename to crypto_kem/ml-kem-512/m4fstack/indcpa.c index 764d494d..94d6a57a 100644 --- a/crypto_kem/kyber512/m4fstack/indcpa.c +++ b/crypto_kem/ml-kem-512/m4fstack/indcpa.c @@ -29,7 +29,9 @@ void indcpa_keypair_derand(unsigned char *pk, int i; unsigned char nonce = 0; - hash_g(buf, coins, KYBER_SYMBYTES); + memcpy(buf, coins, KYBER_SYMBYTES); + buf[KYBER_SYMBYTES] = KYBER_K; + hash_g(buf, buf, KYBER_SYMBYTES + 1); for (i = 0; i < KYBER_K; i++) poly_getnoise_eta1(skpv.vec + i, noiseseed, nonce++); diff --git a/crypto_kem/kyber512/m4fstack/indcpa.h b/crypto_kem/ml-kem-512/m4fstack/indcpa.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/indcpa.h rename to crypto_kem/ml-kem-512/m4fstack/indcpa.h diff --git a/crypto_kem/kyber512/m4fstack/kem.c b/crypto_kem/ml-kem-512/m4fstack/kem.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/kem.c rename to crypto_kem/ml-kem-512/m4fstack/kem.c diff --git a/crypto_kem/kyber512/m4fstack/macros.i b/crypto_kem/ml-kem-512/m4fstack/macros.i similarity index 100% rename from crypto_kem/kyber512/m4fstack/macros.i rename to crypto_kem/ml-kem-512/m4fstack/macros.i diff --git a/crypto_kem/ml-kem-512/m4fstack/matacc.c b/crypto_kem/ml-kem-512/m4fstack/matacc.c new file mode 120000 index 00000000..5558ec8f --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/matacc.c @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.c \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fstack/matacc.h b/crypto_kem/ml-kem-512/m4fstack/matacc.h new file mode 120000 index 00000000..4eb7706e --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/matacc.h @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.h \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fstack/matacc.i b/crypto_kem/ml-kem-512/m4fstack/matacc.i new file mode 120000 index 00000000..0d39b07b --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/matacc.i @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc.i \ No newline at end of file diff --git a/crypto_kem/ml-kem-512/m4fstack/matacc_asm.S b/crypto_kem/ml-kem-512/m4fstack/matacc_asm.S new file mode 120000 index 00000000..0079bb51 --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/matacc_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/matacc_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/ntt.c b/crypto_kem/ml-kem-512/m4fstack/ntt.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/ntt.c rename to crypto_kem/ml-kem-512/m4fstack/ntt.c diff --git a/crypto_kem/kyber512/m4fstack/ntt.h b/crypto_kem/ml-kem-512/m4fstack/ntt.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/ntt.h rename to crypto_kem/ml-kem-512/m4fstack/ntt.h diff --git a/crypto_kem/kyber512/m4fstack/params.h b/crypto_kem/ml-kem-512/m4fstack/params.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/params.h rename to crypto_kem/ml-kem-512/m4fstack/params.h diff --git a/crypto_kem/kyber512/m4fstack/poly.c b/crypto_kem/ml-kem-512/m4fstack/poly.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/poly.c rename to crypto_kem/ml-kem-512/m4fstack/poly.c diff --git a/crypto_kem/kyber512/m4fstack/poly.h b/crypto_kem/ml-kem-512/m4fstack/poly.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/poly.h rename to crypto_kem/ml-kem-512/m4fstack/poly.h diff --git a/crypto_kem/ml-kem-512/m4fstack/poly_asm.S b/crypto_kem/ml-kem-512/m4fstack/poly_asm.S new file mode 120000 index 00000000..167ee5ee --- /dev/null +++ b/crypto_kem/ml-kem-512/m4fstack/poly_asm.S @@ -0,0 +1 @@ +../../ml-kem-768/m4fstack/poly_asm.S \ No newline at end of file diff --git a/crypto_kem/kyber512/m4fstack/polyvec.c b/crypto_kem/ml-kem-512/m4fstack/polyvec.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/polyvec.c rename to crypto_kem/ml-kem-512/m4fstack/polyvec.c diff --git a/crypto_kem/kyber512/m4fstack/polyvec.h b/crypto_kem/ml-kem-512/m4fstack/polyvec.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/polyvec.h rename to crypto_kem/ml-kem-512/m4fstack/polyvec.h diff --git a/crypto_kem/kyber512/m4fstack/reduce.S b/crypto_kem/ml-kem-512/m4fstack/reduce.S similarity index 100% rename from crypto_kem/kyber512/m4fstack/reduce.S rename to crypto_kem/ml-kem-512/m4fstack/reduce.S diff --git a/crypto_kem/kyber1024/m4fstack/symmetric-fips202.c b/crypto_kem/ml-kem-512/m4fstack/symmetric-fips202.c similarity index 100% rename from crypto_kem/kyber1024/m4fstack/symmetric-fips202.c rename to crypto_kem/ml-kem-512/m4fstack/symmetric-fips202.c diff --git a/crypto_kem/kyber512/m4fstack/symmetric.h b/crypto_kem/ml-kem-512/m4fstack/symmetric.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/symmetric.h rename to crypto_kem/ml-kem-512/m4fstack/symmetric.h diff --git a/crypto_kem/kyber512/m4fstack/verify.c b/crypto_kem/ml-kem-512/m4fstack/verify.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/verify.c rename to crypto_kem/ml-kem-512/m4fstack/verify.c diff --git a/crypto_kem/kyber512/m4fstack/verify.h b/crypto_kem/ml-kem-512/m4fstack/verify.h similarity index 100% rename from crypto_kem/kyber512/m4fstack/verify.h rename to crypto_kem/ml-kem-512/m4fstack/verify.h diff --git a/crypto_kem/kyber768/m4fspeed/api.h b/crypto_kem/ml-kem-768/m4fspeed/api.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/api.h rename to crypto_kem/ml-kem-768/m4fspeed/api.h diff --git a/crypto_kem/kyber768/m4fspeed/cbd.c b/crypto_kem/ml-kem-768/m4fspeed/cbd.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/cbd.c rename to crypto_kem/ml-kem-768/m4fspeed/cbd.c diff --git a/crypto_kem/kyber768/m4fspeed/cbd.h b/crypto_kem/ml-kem-768/m4fspeed/cbd.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/cbd.h rename to crypto_kem/ml-kem-768/m4fspeed/cbd.h diff --git a/crypto_kem/kyber768/m4fspeed/cmov_int16.S b/crypto_kem/ml-kem-768/m4fspeed/cmov_int16.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/cmov_int16.S rename to crypto_kem/ml-kem-768/m4fspeed/cmov_int16.S diff --git a/crypto_kem/kyber768/m4fspeed/fastaddsub.S b/crypto_kem/ml-kem-768/m4fspeed/fastaddsub.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/fastaddsub.S rename to crypto_kem/ml-kem-768/m4fspeed/fastaddsub.S diff --git a/crypto_kem/kyber768/m4fspeed/fastbasemul.S b/crypto_kem/ml-kem-768/m4fspeed/fastbasemul.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/fastbasemul.S rename to crypto_kem/ml-kem-768/m4fspeed/fastbasemul.S diff --git a/crypto_kem/kyber768/m4fspeed/fastinvntt.S b/crypto_kem/ml-kem-768/m4fspeed/fastinvntt.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/fastinvntt.S rename to crypto_kem/ml-kem-768/m4fspeed/fastinvntt.S diff --git a/crypto_kem/kyber768/m4fspeed/fastntt.S b/crypto_kem/ml-kem-768/m4fspeed/fastntt.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/fastntt.S rename to crypto_kem/ml-kem-768/m4fspeed/fastntt.S diff --git a/crypto_kem/kyber768/m4fspeed/indcpa.c b/crypto_kem/ml-kem-768/m4fspeed/indcpa.c similarity index 98% rename from crypto_kem/kyber768/m4fspeed/indcpa.c rename to crypto_kem/ml-kem-768/m4fspeed/indcpa.c index 6e9d5b06..1aceabed 100644 --- a/crypto_kem/kyber768/m4fspeed/indcpa.c +++ b/crypto_kem/ml-kem-768/m4fspeed/indcpa.c @@ -32,7 +32,9 @@ void indcpa_keypair_derand(unsigned char *pk, int i; unsigned char nonce = 0; - hash_g(buf, coins, KYBER_SYMBYTES); + memcpy(buf, coins, KYBER_SYMBYTES); + buf[KYBER_SYMBYTES] = KYBER_K; + hash_g(buf, buf, KYBER_SYMBYTES + 1); for (i = 0; i < KYBER_K; i++) poly_getnoise(skpv.vec + i, noiseseed, nonce++); diff --git a/crypto_kem/kyber768/m4fspeed/indcpa.h b/crypto_kem/ml-kem-768/m4fspeed/indcpa.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/indcpa.h rename to crypto_kem/ml-kem-768/m4fspeed/indcpa.h diff --git a/crypto_kem/kyber768/m4fspeed/kem.c b/crypto_kem/ml-kem-768/m4fspeed/kem.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/kem.c rename to crypto_kem/ml-kem-768/m4fspeed/kem.c diff --git a/crypto_kem/kyber768/m4fspeed/macros.i b/crypto_kem/ml-kem-768/m4fspeed/macros.i similarity index 100% rename from crypto_kem/kyber768/m4fspeed/macros.i rename to crypto_kem/ml-kem-768/m4fspeed/macros.i diff --git a/crypto_kem/kyber768/m4fspeed/matacc.c b/crypto_kem/ml-kem-768/m4fspeed/matacc.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/matacc.c rename to crypto_kem/ml-kem-768/m4fspeed/matacc.c diff --git a/crypto_kem/kyber768/m4fspeed/matacc.h b/crypto_kem/ml-kem-768/m4fspeed/matacc.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/matacc.h rename to crypto_kem/ml-kem-768/m4fspeed/matacc.h diff --git a/crypto_kem/kyber768/m4fspeed/matacc.i b/crypto_kem/ml-kem-768/m4fspeed/matacc.i similarity index 100% rename from crypto_kem/kyber768/m4fspeed/matacc.i rename to crypto_kem/ml-kem-768/m4fspeed/matacc.i diff --git a/crypto_kem/kyber768/m4fspeed/matacc_asm.S b/crypto_kem/ml-kem-768/m4fspeed/matacc_asm.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/matacc_asm.S rename to crypto_kem/ml-kem-768/m4fspeed/matacc_asm.S diff --git a/crypto_kem/kyber768/m4fspeed/ntt.c b/crypto_kem/ml-kem-768/m4fspeed/ntt.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/ntt.c rename to crypto_kem/ml-kem-768/m4fspeed/ntt.c diff --git a/crypto_kem/kyber768/m4fspeed/ntt.h b/crypto_kem/ml-kem-768/m4fspeed/ntt.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/ntt.h rename to crypto_kem/ml-kem-768/m4fspeed/ntt.h diff --git a/crypto_kem/kyber768/m4fspeed/params.h b/crypto_kem/ml-kem-768/m4fspeed/params.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/params.h rename to crypto_kem/ml-kem-768/m4fspeed/params.h diff --git a/crypto_kem/kyber768/m4fspeed/poly.c b/crypto_kem/ml-kem-768/m4fspeed/poly.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/poly.c rename to crypto_kem/ml-kem-768/m4fspeed/poly.c diff --git a/crypto_kem/kyber768/m4fspeed/poly.h b/crypto_kem/ml-kem-768/m4fspeed/poly.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/poly.h rename to crypto_kem/ml-kem-768/m4fspeed/poly.h diff --git a/crypto_kem/kyber768/m4fspeed/poly_asm.S b/crypto_kem/ml-kem-768/m4fspeed/poly_asm.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/poly_asm.S rename to crypto_kem/ml-kem-768/m4fspeed/poly_asm.S diff --git a/crypto_kem/kyber768/m4fspeed/polyvec.c b/crypto_kem/ml-kem-768/m4fspeed/polyvec.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/polyvec.c rename to crypto_kem/ml-kem-768/m4fspeed/polyvec.c diff --git a/crypto_kem/kyber768/m4fspeed/polyvec.h b/crypto_kem/ml-kem-768/m4fspeed/polyvec.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/polyvec.h rename to crypto_kem/ml-kem-768/m4fspeed/polyvec.h diff --git a/crypto_kem/kyber768/m4fspeed/reduce.S b/crypto_kem/ml-kem-768/m4fspeed/reduce.S similarity index 100% rename from crypto_kem/kyber768/m4fspeed/reduce.S rename to crypto_kem/ml-kem-768/m4fspeed/reduce.S diff --git a/crypto_kem/kyber768/m4fspeed/symmetric-fips202.c b/crypto_kem/ml-kem-768/m4fspeed/symmetric-fips202.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/symmetric-fips202.c rename to crypto_kem/ml-kem-768/m4fspeed/symmetric-fips202.c diff --git a/crypto_kem/kyber768/m4fspeed/symmetric.h b/crypto_kem/ml-kem-768/m4fspeed/symmetric.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/symmetric.h rename to crypto_kem/ml-kem-768/m4fspeed/symmetric.h diff --git a/crypto_kem/kyber768/m4fspeed/verify.c b/crypto_kem/ml-kem-768/m4fspeed/verify.c similarity index 100% rename from crypto_kem/kyber768/m4fspeed/verify.c rename to crypto_kem/ml-kem-768/m4fspeed/verify.c diff --git a/crypto_kem/kyber768/m4fspeed/verify.h b/crypto_kem/ml-kem-768/m4fspeed/verify.h similarity index 100% rename from crypto_kem/kyber768/m4fspeed/verify.h rename to crypto_kem/ml-kem-768/m4fspeed/verify.h diff --git a/crypto_kem/kyber768/m4fstack/api.h b/crypto_kem/ml-kem-768/m4fstack/api.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/api.h rename to crypto_kem/ml-kem-768/m4fstack/api.h diff --git a/crypto_kem/kyber768/m4fstack/cbd.c b/crypto_kem/ml-kem-768/m4fstack/cbd.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/cbd.c rename to crypto_kem/ml-kem-768/m4fstack/cbd.c diff --git a/crypto_kem/kyber768/m4fstack/cbd.h b/crypto_kem/ml-kem-768/m4fstack/cbd.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/cbd.h rename to crypto_kem/ml-kem-768/m4fstack/cbd.h diff --git a/crypto_kem/kyber768/m4fstack/cmov_int16.S b/crypto_kem/ml-kem-768/m4fstack/cmov_int16.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/cmov_int16.S rename to crypto_kem/ml-kem-768/m4fstack/cmov_int16.S diff --git a/crypto_kem/kyber768/m4fstack/fastaddsub.S b/crypto_kem/ml-kem-768/m4fstack/fastaddsub.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/fastaddsub.S rename to crypto_kem/ml-kem-768/m4fstack/fastaddsub.S diff --git a/crypto_kem/kyber768/m4fstack/fastbasemul.S b/crypto_kem/ml-kem-768/m4fstack/fastbasemul.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/fastbasemul.S rename to crypto_kem/ml-kem-768/m4fstack/fastbasemul.S diff --git a/crypto_kem/kyber768/m4fstack/fastinvntt.S b/crypto_kem/ml-kem-768/m4fstack/fastinvntt.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/fastinvntt.S rename to crypto_kem/ml-kem-768/m4fstack/fastinvntt.S diff --git a/crypto_kem/kyber768/m4fstack/fastntt.S b/crypto_kem/ml-kem-768/m4fstack/fastntt.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/fastntt.S rename to crypto_kem/ml-kem-768/m4fstack/fastntt.S diff --git a/crypto_kem/kyber768/m4fstack/indcpa.c b/crypto_kem/ml-kem-768/m4fstack/indcpa.c similarity index 98% rename from crypto_kem/kyber768/m4fstack/indcpa.c rename to crypto_kem/ml-kem-768/m4fstack/indcpa.c index bb0ce408..38697978 100644 --- a/crypto_kem/kyber768/m4fstack/indcpa.c +++ b/crypto_kem/ml-kem-768/m4fstack/indcpa.c @@ -29,7 +29,9 @@ void indcpa_keypair_derand(unsigned char *pk, int i; unsigned char nonce = 0; - hash_g(buf, coins, KYBER_SYMBYTES); + memcpy(buf, coins, KYBER_SYMBYTES); + buf[KYBER_SYMBYTES] = KYBER_K; + hash_g(buf, buf, KYBER_SYMBYTES + 1); for (i = 0; i < KYBER_K; i++) poly_getnoise(skpv.vec + i, noiseseed, nonce++); diff --git a/crypto_kem/kyber768/m4fstack/indcpa.h b/crypto_kem/ml-kem-768/m4fstack/indcpa.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/indcpa.h rename to crypto_kem/ml-kem-768/m4fstack/indcpa.h diff --git a/crypto_kem/kyber768/m4fstack/kem.c b/crypto_kem/ml-kem-768/m4fstack/kem.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/kem.c rename to crypto_kem/ml-kem-768/m4fstack/kem.c diff --git a/crypto_kem/kyber768/m4fstack/macros.i b/crypto_kem/ml-kem-768/m4fstack/macros.i similarity index 100% rename from crypto_kem/kyber768/m4fstack/macros.i rename to crypto_kem/ml-kem-768/m4fstack/macros.i diff --git a/crypto_kem/kyber768/m4fstack/matacc.c b/crypto_kem/ml-kem-768/m4fstack/matacc.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/matacc.c rename to crypto_kem/ml-kem-768/m4fstack/matacc.c diff --git a/crypto_kem/kyber768/m4fstack/matacc.h b/crypto_kem/ml-kem-768/m4fstack/matacc.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/matacc.h rename to crypto_kem/ml-kem-768/m4fstack/matacc.h diff --git a/crypto_kem/kyber768/m4fstack/matacc.i b/crypto_kem/ml-kem-768/m4fstack/matacc.i similarity index 100% rename from crypto_kem/kyber768/m4fstack/matacc.i rename to crypto_kem/ml-kem-768/m4fstack/matacc.i diff --git a/crypto_kem/kyber768/m4fstack/matacc_asm.S b/crypto_kem/ml-kem-768/m4fstack/matacc_asm.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/matacc_asm.S rename to crypto_kem/ml-kem-768/m4fstack/matacc_asm.S diff --git a/crypto_kem/kyber768/m4fstack/ntt.c b/crypto_kem/ml-kem-768/m4fstack/ntt.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/ntt.c rename to crypto_kem/ml-kem-768/m4fstack/ntt.c diff --git a/crypto_kem/kyber768/m4fstack/ntt.h b/crypto_kem/ml-kem-768/m4fstack/ntt.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/ntt.h rename to crypto_kem/ml-kem-768/m4fstack/ntt.h diff --git a/crypto_kem/kyber768/m4fstack/params.h b/crypto_kem/ml-kem-768/m4fstack/params.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/params.h rename to crypto_kem/ml-kem-768/m4fstack/params.h diff --git a/crypto_kem/kyber768/m4fstack/poly.c b/crypto_kem/ml-kem-768/m4fstack/poly.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/poly.c rename to crypto_kem/ml-kem-768/m4fstack/poly.c diff --git a/crypto_kem/kyber768/m4fstack/poly.h b/crypto_kem/ml-kem-768/m4fstack/poly.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/poly.h rename to crypto_kem/ml-kem-768/m4fstack/poly.h diff --git a/crypto_kem/kyber768/m4fstack/poly_asm.S b/crypto_kem/ml-kem-768/m4fstack/poly_asm.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/poly_asm.S rename to crypto_kem/ml-kem-768/m4fstack/poly_asm.S diff --git a/crypto_kem/kyber768/m4fstack/polyvec.c b/crypto_kem/ml-kem-768/m4fstack/polyvec.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/polyvec.c rename to crypto_kem/ml-kem-768/m4fstack/polyvec.c diff --git a/crypto_kem/kyber768/m4fstack/polyvec.h b/crypto_kem/ml-kem-768/m4fstack/polyvec.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/polyvec.h rename to crypto_kem/ml-kem-768/m4fstack/polyvec.h diff --git a/crypto_kem/kyber768/m4fstack/reduce.S b/crypto_kem/ml-kem-768/m4fstack/reduce.S similarity index 100% rename from crypto_kem/kyber768/m4fstack/reduce.S rename to crypto_kem/ml-kem-768/m4fstack/reduce.S diff --git a/crypto_kem/kyber512/m4fstack/symmetric-fips202.c b/crypto_kem/ml-kem-768/m4fstack/symmetric-fips202.c similarity index 100% rename from crypto_kem/kyber512/m4fstack/symmetric-fips202.c rename to crypto_kem/ml-kem-768/m4fstack/symmetric-fips202.c diff --git a/crypto_kem/kyber768/m4fstack/symmetric.h b/crypto_kem/ml-kem-768/m4fstack/symmetric.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/symmetric.h rename to crypto_kem/ml-kem-768/m4fstack/symmetric.h diff --git a/crypto_kem/kyber768/m4fstack/verify.c b/crypto_kem/ml-kem-768/m4fstack/verify.c similarity index 100% rename from crypto_kem/kyber768/m4fstack/verify.c rename to crypto_kem/ml-kem-768/m4fstack/verify.c diff --git a/crypto_kem/kyber768/m4fstack/verify.h b/crypto_kem/ml-kem-768/m4fstack/verify.h similarity index 100% rename from crypto_kem/kyber768/m4fstack/verify.h rename to crypto_kem/ml-kem-768/m4fstack/verify.h diff --git a/mupq b/mupq index c15e900c..18fd6be4 160000 --- a/mupq +++ b/mupq @@ -1 +1 @@ -Subproject commit c15e900c693afd6ca7165405bc5650efdbcce02d +Subproject commit 18fd6be462667a908a689702a46ec3005e9708fa diff --git a/skiplist.py b/skiplist.py index f483bfb7..b05b0ff5 100644 --- a/skiplist.py +++ b/skiplist.py @@ -84,15 +84,15 @@ {'scheme': 'hqc-128', 'implementation': 'clean', 'estmemory': 66560}, {'scheme': 'hqc-192', 'implementation': 'clean', 'estmemory': 130048}, {'scheme': 'hqc-256', 'implementation': 'clean', 'estmemory': 205824}, - {'scheme': 'kyber1024', 'implementation': 'clean', 'estmemory': 27648}, - {'scheme': 'kyber1024', 'implementation': 'm4fspeed', 'estmemory': 16384}, - {'scheme': 'kyber1024', 'implementation': 'm4fstack', 'estmemory': 12288}, - {'scheme': 'kyber512', 'implementation': 'clean', 'estmemory': 14336}, - {'scheme': 'kyber512', 'implementation': 'm4fspeed', 'estmemory': 10240}, - {'scheme': 'kyber512', 'implementation': 'm4fstack', 'estmemory': 7168}, - {'scheme': 'kyber768', 'implementation': 'clean', 'estmemory': 20480}, - {'scheme': 'kyber768', 'implementation': 'm4fspeed', 'estmemory': 13312}, - {'scheme': 'kyber768', 'implementation': 'm4fstack', 'estmemory': 10240}, + {'scheme': 'ml-kem-1024', 'implementation': 'clean', 'estmemory': 27648}, + {'scheme': 'ml-kem-1024', 'implementation': 'm4fspeed', 'estmemory': 16384}, + {'scheme': 'ml-kem-1024', 'implementation': 'm4fstack', 'estmemory': 12288}, + {'scheme': 'ml-kem-512', 'implementation': 'clean', 'estmemory': 14336}, + {'scheme': 'ml-kem-512', 'implementation': 'm4fspeed', 'estmemory': 10240}, + {'scheme': 'ml-kem-512', 'implementation': 'm4fstack', 'estmemory': 7168}, + {'scheme': 'ml-kem-768', 'implementation': 'clean', 'estmemory': 20480}, + {'scheme': 'ml-kem-768', 'implementation': 'm4fspeed', 'estmemory': 13312}, + {'scheme': 'ml-kem-768', 'implementation': 'm4fstack', 'estmemory': 10240}, {'scheme': 'mayo1', 'implementation': 'm4f', 'estmemory': 446464}, {'scheme': 'mayo1', 'implementation': 'ref', 'estmemory': 404480}, {'scheme': 'mayo2', 'implementation': 'm4f', 'estmemory': 287744},