From 7a3dff18e4c475ac1007cebd3319f60fe5d565a7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 22 Oct 2024 09:26:28 +0200 Subject: [PATCH] after cycle bundling fix --- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fst | 69 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fsti | 4 +- .../extraction/Libcrux_ml_dsa.Constants.fst | 46 - .../extraction/Libcrux_ml_dsa.Constants.fsti | 34 +- .../Libcrux_ml_dsa.Encoding.Commitment.fst | 38 +- .../Libcrux_ml_dsa.Encoding.Commitment.fsti | 4 +- .../Libcrux_ml_dsa.Encoding.Error.fst | 236 +- .../Libcrux_ml_dsa.Encoding.Error.fsti | 18 +- .../Libcrux_ml_dsa.Encoding.Gamma1.fst | 184 +- .../Libcrux_ml_dsa.Encoding.Gamma1.fsti | 18 +- .../Libcrux_ml_dsa.Encoding.Signature.fst | 93 +- .../Libcrux_ml_dsa.Encoding.Signing_key.fst | 184 +- .../Libcrux_ml_dsa.Encoding.Signing_key.fsti | 23 +- .../extraction/Libcrux_ml_dsa.Encoding.T0.fst | 115 +- .../Libcrux_ml_dsa.Encoding.T0.fsti | 14 +- .../extraction/Libcrux_ml_dsa.Encoding.T1.fst | 115 +- .../Libcrux_ml_dsa.Encoding.T1.fsti | 14 +- ...bcrux_ml_dsa.Encoding.Verification_key.fst | 150 +- ...crux_ml_dsa.Encoding.Verification_key.fsti | 18 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fst | 555 --- .../Libcrux_ml_dsa.Hash_functions.Neon.fsti | 319 +- ...ibcrux_ml_dsa.Hash_functions.Portable.fsti | 325 +- ...Libcrux_ml_dsa.Hash_functions.Shake128.fst | 80 - ...ibcrux_ml_dsa.Hash_functions.Shake128.fsti | 44 +- ...Libcrux_ml_dsa.Hash_functions.Shake256.fst | 114 - ...ibcrux_ml_dsa.Hash_functions.Shake256.fsti | 24 +- ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti | 249 +- .../extraction/Libcrux_ml_dsa.Matrix.fst | 6 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst | 78 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti | 30 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst | 74 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti | 62 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst | 78 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti | 30 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst | 74 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti | 62 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst | 77 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst | 78 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti | 30 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst | 74 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti | 62 +- ...dsa.Ml_dsa_generic.Instantiations.Avx2.fst | 23 +- ...sa.Ml_dsa_generic.Instantiations.Avx2.fsti | 6 +- ...dsa.Ml_dsa_generic.Instantiations.Neon.fst | 25 +- ...sa.Ml_dsa_generic.Instantiations.Neon.fsti | 6 +- ...Ml_dsa_generic.Instantiations.Portable.fst | 23 +- ...l_dsa_generic.Instantiations.Portable.fsti | 6 +- ...rux_ml_dsa.Ml_dsa_generic.Multiplexing.fst | 6 +- ...ux_ml_dsa.Ml_dsa_generic.Multiplexing.fsti | 6 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fst | 400 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fsti | 40 +- .../fstar/extraction/Libcrux_ml_dsa.Ntt.fst | 188 +- .../fstar/extraction/Libcrux_ml_dsa.Ntt.fsti | 166 +- .../extraction/Libcrux_ml_dsa.Polynomial.fst | 155 +- .../extraction/Libcrux_ml_dsa.Polynomial.fsti | 24 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fst | 13 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fsti | 87 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 836 ++-- .../extraction/Libcrux_ml_dsa.Sample.fsti | 44 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 1160 +++-- .../extraction/Libcrux_ml_dsa.Samplex4.fsti | 16 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst | 96 +- ...x_ml_dsa.Simd.Avx2.Encoding.Commitment.fst | 129 +- ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst | 199 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti | 10 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 196 +- ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti | 18 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst | 107 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti | 5 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst | 114 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti | 5 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst | 386 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti | 32 +- ...md.Avx2.Rejection_sample.Less_than_eta.fst | 40 +- ...jection_sample.Less_than_field_modulus.fst | 64 +- ...ection_sample.Less_than_field_modulus.fsti | 3 +- ...md.Avx2.Rejection_sample.Shuffle_table.fst | 122 +- ...d.Avx2.Rejection_sample.Shuffle_table.fsti | 137 +- .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst | 6 +- .../Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Simd.Avx2.fsti | 44 +- ...ibcrux_ml_dsa.Simd.Portable.Arithmetic.fst | 737 +--- ...bcrux_ml_dsa.Simd.Portable.Arithmetic.fsti | 96 - ..._dsa.Simd.Portable.Encoding.Commitment.fst | 44 +- ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst | 434 +- ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti | 49 - ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst | 971 +--- ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti | 61 - ...bcrux_ml_dsa.Simd.Portable.Encoding.T0.fst | 857 +--- ...crux_ml_dsa.Simd.Portable.Encoding.T0.fsti | 28 - ...bcrux_ml_dsa.Simd.Portable.Encoding.T1.fst | 238 +- ...crux_ml_dsa.Simd.Portable.Encoding.T1.fsti | 19 - .../Libcrux_ml_dsa.Simd.Portable.Ntt.fst | 1556 +------ .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti | 101 - ...dsa.Simd.Portable.Rec_bundle_437004224.fst | 3895 +++++++++++++++++ ...a.Simd.Portable.Rec_bundle_437004224.fsti} | 341 +- .../Libcrux_ml_dsa.Simd.Portable.Sample.fst | 70 +- ...bcrux_ml_dsa.Simd.Portable.Vector_type.fst | 32 +- ...crux_ml_dsa.Simd.Portable.Vector_type.fsti | 8 +- .../Libcrux_ml_dsa.Simd.Portable.fst | 356 +- .../Libcrux_ml_dsa.Simd.Traits.fsti | 185 +- .../fstar/extraction/Libcrux_ml_dsa.Types.fst | 16 +- .../extraction/Libcrux_ml_dsa.Types.fsti | 58 +- .../fstar/extraction/Libcrux_ml_dsa.Utils.fst | 6 +- .../proofs/fstar/extraction/dep.graph | 1223 +++--- 117 files changed, 8453 insertions(+), 12342 deletions(-) delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fst delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fst delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fsti delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T1.fsti delete mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti create mode 100644 libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fst rename libcrux-ml-dsa/proofs/fstar/extraction/{Libcrux_ml_dsa.Simd.Portable.fsti => Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fsti} (57%) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 85b37b740..16d93fb14 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -126,7 +126,7 @@ include BitVec.Intrinsics {mm256_sllv_epi32} val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 - (requires v_SHIFT_BY >=. Rust_primitives.mk_i32 0 && v_SHIFT_BY <. Rust_primitives.mk_i32 16) + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) (ensures fun result -> let result:t_Vec256 = result in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst index 3abc0037c..4899b5510 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst @@ -35,7 +35,7 @@ let decompose_vector let vector_high, vector_low:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_DIMENSION (fun temp_0_ temp_1_ -> let vector_high, vector_low:(t_Array @@ -56,11 +56,9 @@ let decompose_vector temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit - ((vector_low.[ Rust_primitives.mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) + ((vector_low.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun temp_0_ temp_1_ -> @@ -111,7 +109,7 @@ let decompose_vector j low <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -134,7 +132,7 @@ let decompose_vector j high <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -245,7 +243,7 @@ let power2round_vector j t0_unit <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -265,7 +263,7 @@ let power2round_vector j t1_unit <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -321,7 +319,7 @@ let shift_left_then_reduce <: v_SIMDUnit) <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -335,7 +333,7 @@ let use_hint (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (hint: t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION) + (hint: t_Array (t_Array i32 (sz 256)) v_DIMENSION) (re_vector: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) = @@ -346,7 +344,7 @@ let use_hint v_DIMENSION in let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_DIMENSION (fun result temp_1_ -> let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -365,11 +363,9 @@ let use_hint let hint_simd:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (hint.[ i ] <: t_Slice i32) in - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit - ((result.[ Rust_primitives.mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) + ((result.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun result temp_1_ -> @@ -410,7 +406,7 @@ let use_hint <: v_SIMDUnit) <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -463,39 +459,28 @@ let make_hint Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (low high: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) = - let hint:t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_usize 256) - <: - t_Array i32 (Rust_primitives.mk_usize 256)) + let hint:t_Array (t_Array i32 (sz 256)) v_DIMENSION = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) v_DIMENSION in - let true_hints:usize = Rust_primitives.mk_usize 0 in - let hint, true_hints:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + let true_hints:usize = sz 0 in + let hint, true_hints:(t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) v_DIMENSION (fun temp_0_ temp_1_ -> - let hint, true_hints:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & - usize) = - temp_0_ - in + let hint, true_hints:(t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize) = temp_0_ in let _:usize = temp_1_ in true) - (hint, true_hints - <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & usize)) + (hint, true_hints <: (t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize)) (fun temp_0_ i -> - let hint, true_hints:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & - usize) = - temp_0_ - in + let hint, true_hints:(t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize) = temp_0_ in let i:usize = i in let hint_simd:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () in let hint_simd, true_hints:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (hint_simd.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -549,15 +534,13 @@ let make_hint <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in - let hint:t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION = + let hint:t_Array (t_Array i32 (sz 256)) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint i (Libcrux_ml_dsa.Polynomial.impl__to_i32_array #v_SIMDUnit hint_simd <: - t_Array i32 (Rust_primitives.mk_usize 256)) + t_Array i32 (sz 256)) in - hint, true_hints - <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & usize)) + hint, true_hints <: (t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize)) in - hint, true_hints <: (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & usize) + hint, true_hints <: (t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti index 17f6f2d36..aa749b797 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti @@ -46,7 +46,7 @@ val use_hint (v_DIMENSION: usize) (v_GAMMA2: i32) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (hint: t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION) + (hint: t_Array (t_Array i32 (sz 256)) v_DIMENSION) (re_vector: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION ) : Prims.Pure @@ -68,6 +68,6 @@ val make_hint (v_GAMMA2: i32) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (low high: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) - : Prims.Pure (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_DIMENSION & usize) + : Prims.Pure (t_Array (t_Array i32 (sz 256)) v_DIMENSION & usize) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst deleted file mode 100644 index 2837735e9..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst +++ /dev/null @@ -1,46 +0,0 @@ -module Libcrux_ml_dsa.Constants -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_BITS_IN_LOWER_PART_OF_T: usize = Rust_primitives.mk_usize 13 - -let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = Rust_primitives.mk_usize 64 - -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.mk_usize 256 - -/// The length of `context` is serialized to a single `u8`. -let v_CONTEXT_MAX_LEN: usize = Rust_primitives.mk_usize 255 - -let v_FIELD_MODULUS: i32 = Rust_primitives.mk_i32 8380417 - -let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = Rust_primitives.mk_usize 23 - -let v_BITS_IN_UPPER_PART_OF_T: usize = - v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T - -/// Number of bytes of entropy required for key generation. -let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = Rust_primitives.mk_usize 32 - -let v_MASK_SEED_SIZE: usize = Rust_primitives.mk_usize 64 - -let v_MESSAGE_REPRESENTATIVE_SIZE: usize = Rust_primitives.mk_usize 64 - -let v_REJECTION_SAMPLE_BOUND_SIGN: usize = Rust_primitives.mk_usize 814 - -let v_RING_ELEMENT_OF_T0S_SIZE: usize = - (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 - -let v_RING_ELEMENT_OF_T1S_SIZE: usize = - (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 - -let v_SEED_FOR_A_SIZE: usize = Rust_primitives.mk_usize 32 - -let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = Rust_primitives.mk_usize 64 - -let v_SEED_FOR_SIGNING_SIZE: usize = Rust_primitives.mk_usize 32 - -/// Number of bytes of entropy required for signing. -let v_SIGNING_RANDOMNESS_SIZE: usize = Rust_primitives.mk_usize 32 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti index f0d48b7bc..6263c2610 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti @@ -3,44 +3,42 @@ module Libcrux_ml_dsa.Constants open Core open FStar.Mul -let v_BITS_IN_LOWER_PART_OF_T: usize = Rust_primitives.mk_usize 13 +let v_BITS_IN_LOWER_PART_OF_T: usize = sz 13 -let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = Rust_primitives.mk_usize 64 +let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = sz 64 -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.mk_usize 256 +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 /// The length of `context` is serialized to a single `u8`. -let v_CONTEXT_MAX_LEN: usize = Rust_primitives.mk_usize 255 +let v_CONTEXT_MAX_LEN: usize = sz 255 -let v_FIELD_MODULUS: i32 = Rust_primitives.mk_i32 8380417 +let v_FIELD_MODULUS: i32 = 8380417l -let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = Rust_primitives.mk_usize 23 +let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = sz 23 let v_BITS_IN_UPPER_PART_OF_T: usize = v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T /// Number of bytes of entropy required for key generation. -let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = Rust_primitives.mk_usize 32 +let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = sz 32 -let v_MASK_SEED_SIZE: usize = Rust_primitives.mk_usize 64 +let v_MASK_SEED_SIZE: usize = sz 64 -let v_MESSAGE_REPRESENTATIVE_SIZE: usize = Rust_primitives.mk_usize 64 +let v_MESSAGE_REPRESENTATIVE_SIZE: usize = sz 64 -let v_REJECTION_SAMPLE_BOUND_SIGN: usize = Rust_primitives.mk_usize 814 +let v_REJECTION_SAMPLE_BOUND_SIGN: usize = sz 814 let v_RING_ELEMENT_OF_T0S_SIZE: usize = - (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 let v_RING_ELEMENT_OF_T1S_SIZE: usize = - (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 -let v_SEED_FOR_A_SIZE: usize = Rust_primitives.mk_usize 32 +let v_SEED_FOR_A_SIZE: usize = sz 32 -let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = Rust_primitives.mk_usize 64 +let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = sz 64 -let v_SEED_FOR_SIGNING_SIZE: usize = Rust_primitives.mk_usize 32 +let v_SEED_FOR_SIGNING_SIZE: usize = sz 32 /// Number of bytes of entropy required for signing. -let v_SIGNING_RANDOMNESS_SIZE: usize = Rust_primitives.mk_usize 32 +let v_SIGNING_RANDOMNESS_SIZE: usize = sz 32 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst index 0474a942c..8634dfbe9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst @@ -17,11 +17,9 @@ let serialize Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in match cast (v_OUTPUT_SIZE <: usize) <: u8 with - | 128 -> + | 128uy -> let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: @@ -39,10 +37,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -51,10 +46,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -62,7 +54,7 @@ let serialize t_Slice u8) (Libcrux_ml_dsa.Simd.Traits.f_commitment_serialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 4) + (sz 4) simd_unit <: t_Slice u8) @@ -72,7 +64,7 @@ let serialize t_Array u8 v_OUTPUT_SIZE) in serialized - | 192 -> + | 192uy -> let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: @@ -90,10 +82,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize } <: Core.Ops.Range.t_Range usize) @@ -104,10 +93,7 @@ let serialize i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -115,7 +101,7 @@ let serialize t_Slice u8) (Libcrux_ml_dsa.Simd.Traits.f_commitment_serialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 6) + (sz 6) simd_unit <: t_Slice u8) @@ -139,10 +125,8 @@ let serialize_vector Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (vector: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - let (offset: usize):usize = Rust_primitives.mk_usize 0 in + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + let (offset: usize):usize = sz 0 in let offset, serialized:(usize & t_Array u8 v_OUTPUT_SIZE) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti index cde34c804..0becaf037 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fsti @@ -9,9 +9,9 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = Rust_primitives.mk_usize 4 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 4 -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = Rust_primitives.mk_usize 6 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 6 val serialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst index 3cc36259d..84a413aa5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst @@ -9,128 +9,6 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize - (#v_SIMDUnit: Type0) - (v_ETA v_OUTPUT_SIZE: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - match cast (v_ETA <: usize) <: u8 with - | 2 -> - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (serialized.[ { - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 3) - simd_unit - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 v_OUTPUT_SIZE) - in - serialized - | 4 -> - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (serialized.[ { - Core.Ops.Range.f_start - = - i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 4) - simd_unit - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 v_OUTPUT_SIZE) - in - serialized - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" - - <: - Rust_primitives.Hax.t_Never) - let deserialize (#v_SIMDUnit: Type0) (v_ETA: usize) @@ -141,8 +19,8 @@ let deserialize = let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = match cast (v_ETA <: usize) <: u8 with - | 2 -> Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 3) - | 4 -> Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 4) + | 2uy -> Core.Slice.impl__chunks #u8 serialized (sz 3) + | 4uy -> Core.Slice.impl__chunks #u8 serialized (sz 4) | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -154,7 +32,7 @@ let deserialize in let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -255,3 +133,111 @@ let deserialize_to_vector_then_ntt t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) in ring_elements + +let serialize + (#v_SIMDUnit: Type0) + (v_ETA v_OUTPUT_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + = + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + match cast (v_ETA <: usize) <: u8 with + | 2uy -> + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + (sz 3) + simd_unit + <: + t_Slice u8) + <: + t_Slice u8) + <: + t_Array u8 v_OUTPUT_SIZE) + in + serialized + | 4uy -> + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { + Core.Ops.Range.f_start + = + i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Libcrux_ml_dsa.Simd.Traits.f_error_serialize #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + (sz 4) + simd_unit + <: + t_Slice u8) + <: + t_Slice u8) + <: + t_Array u8 v_OUTPUT_SIZE) + in + serialized + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti index af124508e..199d62d48 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fsti @@ -9,16 +9,9 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = Rust_primitives.mk_usize 3 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 3 -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = Rust_primitives.mk_usize 4 - -val serialize - (#v_SIMDUnit: Type0) - (v_ETA v_OUTPUT_SIZE: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 4 val deserialize (#v_SIMDUnit: Type0) @@ -38,3 +31,10 @@ val deserialize_to_vector_then_ntt (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) Prims.l_True (fun _ -> Prims.l_True) + +val serialize + (#v_SIMDUnit: Type0) + (v_ETA v_OUTPUT_SIZE: usize) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst index 97c3946ad..470cf8ab6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst @@ -9,6 +9,82 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () +let deserialize + (#v_SIMDUnit: Type0) + (v_GAMMA1_EXPONENT: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (serialized: t_Slice u8) + = + let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = + match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with + | 17uy -> Core.Slice.impl__chunks #u8 serialized (sz 18) + | 19uy -> Core.Slice.impl__chunks #u8 serialized (sz 20) + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + in + let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = + Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () + in + let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & + Core.Slice.Iter.t_Chunks u8) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_SIMDUnit + (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) + <: + usize) + (fun temp_0_ temp_1_ -> + let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement + v_SIMDUnit & + Core.Slice.Iter.t_Chunks u8) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (result, serialized_chunks + <: + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8) + ) + (fun temp_0_ i -> + let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement + v_SIMDUnit & + Core.Slice.Iter.t_Chunks u8) = + temp_0_ + in + let i:usize = i in + let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) = + Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8) + #FStar.Tactics.Typeclasses.solve + serialized_chunks + in + let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in + ({ + result with + Libcrux_ml_dsa.Polynomial.f_simd_units + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_dsa.Polynomial.f_simd_units + i + (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + v_GAMMA1_EXPONENT + (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8) + <: + v_SIMDUnit) + } + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit), + serialized_chunks + <: + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & + Core.Slice.Iter.t_Chunks u8)) + in + result + let serialize (#v_SIMDUnit: Type0) (v_GAMMA1_EXPONENT v_OUTPUT_BYTES: usize) @@ -17,11 +93,9 @@ let serialize Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - let serialized:t_Array u8 v_OUTPUT_BYTES = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_BYTES - in + let serialized:t_Array u8 v_OUTPUT_BYTES = Rust_primitives.Hax.repeat 0uy v_OUTPUT_BYTES in match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with - | 17 -> + | 17uy -> let serialized:t_Array u8 v_OUTPUT_BYTES = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: @@ -39,10 +113,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -51,10 +122,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -62,7 +130,7 @@ let serialize t_Slice u8) (Libcrux_ml_dsa.Simd.Traits.f_gamma1_serialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 18) + (sz 18) simd_unit <: t_Slice u8) @@ -72,7 +140,7 @@ let serialize t_Array u8 v_OUTPUT_BYTES) in serialized - | 19 -> + | 19uy -> let serialized:t_Array u8 v_OUTPUT_BYTES = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: @@ -90,10 +158,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize } <: Core.Ops.Range.t_Range usize) @@ -104,10 +169,7 @@ let serialize i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 - <: - usize + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -115,7 +177,7 @@ let serialize t_Slice u8) (Libcrux_ml_dsa.Simd.Traits.f_gamma1_serialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 20) + (sz 20) simd_unit <: t_Slice u8) @@ -130,79 +192,3 @@ let serialize <: Rust_primitives.Hax.t_Never) - -let deserialize - (#v_SIMDUnit: Type0) - (v_GAMMA1_EXPONENT: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (serialized: t_Slice u8) - = - let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = - match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with - | 17 -> Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 18) - | 19 -> Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 20) - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" - - <: - Rust_primitives.Hax.t_Never) - in - let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () - in - let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Core.Slice.Iter.t_Chunks u8) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #v_SIMDUnit - (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) - <: - usize) - (fun temp_0_ temp_1_ -> - let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement - v_SIMDUnit & - Core.Slice.Iter.t_Chunks u8) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (result, serialized_chunks - <: - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8) - ) - (fun temp_0_ i -> - let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement - v_SIMDUnit & - Core.Slice.Iter.t_Chunks u8) = - temp_0_ - in - let i:usize = i in - let tmp0, out:(Core.Slice.Iter.t_Chunks u8 & Core.Option.t_Option (t_Slice u8)) = - Core.Iter.Traits.Iterator.f_next #(Core.Slice.Iter.t_Chunks u8) - #FStar.Tactics.Typeclasses.solve - serialized_chunks - in - let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = tmp0 in - ({ - result with - Libcrux_ml_dsa.Polynomial.f_simd_units - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_dsa.Polynomial.f_simd_units - i - (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - v_GAMMA1_EXPONENT - (Core.Option.impl__unwrap #(t_Slice u8) out <: t_Slice u8) - <: - v_SIMDUnit) - } - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit), - serialized_chunks - <: - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & - Core.Slice.Iter.t_Chunks u8)) - in - result diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti index e29d4b782..c6b16420b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fsti @@ -9,16 +9,9 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = Rust_primitives.mk_usize 18 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 18 -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = Rust_primitives.mk_usize 20 - -val serialize - (#v_SIMDUnit: Type0) - (v_GAMMA1_EXPONENT v_OUTPUT_BYTES: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_BYTES) Prims.l_True (fun _ -> Prims.l_True) +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT_1: usize = sz 20 val deserialize (#v_SIMDUnit: Type0) @@ -28,3 +21,10 @@ val deserialize : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) + +val serialize + (#v_SIMDUnit: Type0) + (v_GAMMA1_EXPONENT v_OUTPUT_BYTES: usize) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_BYTES) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst index 301e92d69..974a66ac7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst @@ -35,7 +35,7 @@ let impl__deserialize in let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_COLUMNS_IN_A (fun signer_response temp_1_ -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -59,9 +59,7 @@ let impl__deserialize Core.Ops.Range.f_start = i *! v_GAMMA1_RING_ELEMENT_SIZE <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! v_GAMMA1_RING_ELEMENT_SIZE - <: - usize + (i +! sz 1 <: usize) *! v_GAMMA1_RING_ELEMENT_SIZE <: usize } <: Core.Ops.Range.t_Range usize ] @@ -72,24 +70,20 @@ let impl__deserialize <: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) in - let hint:t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_usize 256) - <: - t_Array i32 (Rust_primitives.mk_usize 256)) + let hint:t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) v_ROWS_IN_A in - let previous_true_hints_seen:usize = Rust_primitives.mk_usize 0 in - let i:usize = Rust_primitives.mk_usize 0 in + let previous_true_hints_seen:usize = sz 0 in + let i:usize = sz 0 in let malformed_hint:bool = false in - let hint, i, malformed_hint, previous_true_hints_seen:(t_Array - (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & + let hint, i, malformed_hint, previous_true_hints_seen:(t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool & usize) = Rust_primitives.f_while_loop (fun temp_0_ -> - let hint, i, malformed_hint, previous_true_hints_seen:(t_Array - (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & + let hint, i, malformed_hint, previous_true_hints_seen:(t_Array (t_Array i32 (sz 256)) + v_ROWS_IN_A & usize & bool & usize) = @@ -98,10 +92,10 @@ let impl__deserialize (i <. v_ROWS_IN_A <: bool) && (~.malformed_hint <: bool)) (hint, i, malformed_hint, previous_true_hints_seen <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool & usize)) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool & usize)) (fun temp_0_ -> - let hint, i, malformed_hint, previous_true_hints_seen:(t_Array - (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & + let hint, i, malformed_hint, previous_true_hints_seen:(t_Array (t_Array i32 (sz 256)) + v_ROWS_IN_A & usize & bool & usize) = @@ -120,25 +114,18 @@ let impl__deserialize else malformed_hint in let j:usize = previous_true_hints_seen in - let hint, j, malformed_hint:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) - v_ROWS_IN_A & - usize & - bool) = + let hint, j, malformed_hint:(t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool) = Rust_primitives.f_while_loop (fun temp_0_ -> - let hint, j, malformed_hint:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) - v_ROWS_IN_A & - usize & + let hint, j, malformed_hint:(t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool) = temp_0_ in (~.malformed_hint <: bool) && (j <. current_true_hints_seen <: bool)) (hint, j, malformed_hint <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool)) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool)) (fun temp_0_ -> - let hint, j, malformed_hint:(t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) - v_ROWS_IN_A & - usize & + let hint, j, malformed_hint:(t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool) = temp_0_ in @@ -146,7 +133,7 @@ let impl__deserialize if j >. previous_true_hints_seen && (hint_serialized.[ j ] <: u8) <=. - (hint_serialized.[ j -! Rust_primitives.mk_usize 1 <: usize ] <: u8) + (hint_serialized.[ j -! sz 1 <: usize ] <: u8) then let malformed_hint:bool = true in malformed_hint @@ -154,41 +141,37 @@ let impl__deserialize in if ~.malformed_hint then - let hint:t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A = + let hint:t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint i (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (hint.[ i ] <: - t_Array i32 (Rust_primitives.mk_usize 256)) + t_Array i32 (sz 256)) (cast (hint_serialized.[ j ] <: u8) <: usize) - (Rust_primitives.mk_i32 1) + 1l <: - t_Array i32 (Rust_primitives.mk_usize 256)) + t_Array i32 (sz 256)) in - let j:usize = j +! Rust_primitives.mk_usize 1 in + let j:usize = j +! sz 1 in hint, j, malformed_hint <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool - ) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool) else hint, j, malformed_hint <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool - )) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool)) in if ~.malformed_hint then let previous_true_hints_seen:usize = current_true_hints_seen in - let i:usize = i +! Rust_primitives.mk_usize 1 in + let i:usize = i +! sz 1 in hint, i, malformed_hint, previous_true_hints_seen <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool & usize - ) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool & usize) else hint, i, malformed_hint, previous_true_hints_seen <: - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A & usize & bool & usize - )) + (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A & usize & bool & usize)) in let i:usize = previous_true_hints_seen in let i, malformed_hint:(usize & bool) = @@ -199,13 +182,13 @@ let impl__deserialize (fun temp_0_ -> let i, malformed_hint:(usize & bool) = temp_0_ in let malformed_hint:bool = - if (hint_serialized.[ i ] <: u8) <>. Rust_primitives.mk_u8 0 + if (hint_serialized.[ i ] <: u8) <>. 0uy then let malformed_hint:bool = true in malformed_hint else malformed_hint in - let i:usize = i +! Rust_primitives.mk_usize 1 in + let i:usize = i +! sz 1 in i, malformed_hint <: (usize & bool)) in if malformed_hint @@ -254,10 +237,8 @@ let impl__serialize v_COLUMNS_IN_A v_ROWS_IN_A) = - let signature:t_Array u8 v_SIGNATURE_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_SIGNATURE_SIZE - in - let offset:usize = Rust_primitives.mk_usize 0 in + let signature:t_Array u8 v_SIGNATURE_SIZE = Rust_primitives.Hax.repeat 0uy v_SIGNATURE_SIZE in + let offset:usize = sz 0 in let signature:t_Array u8 v_SIGNATURE_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signature ({ @@ -281,7 +262,7 @@ let impl__serialize in let offset:usize = offset +! v_COMMITMENT_HASH_SIZE in let offset, signature:(usize & t_Array u8 v_SIGNATURE_SIZE) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_COLUMNS_IN_A (fun temp_0_ temp_1_ -> let offset, signature:(usize & t_Array u8 v_SIGNATURE_SIZE) = temp_0_ in @@ -322,9 +303,9 @@ let impl__serialize let offset:usize = offset +! v_GAMMA1_RING_ELEMENT_SIZE in offset, signature <: (usize & t_Array u8 v_SIGNATURE_SIZE)) in - let true_hints_seen:usize = Rust_primitives.mk_usize 0 in + let true_hints_seen:usize = sz 0 in let signature, true_hints_seen:(t_Array u8 v_SIGNATURE_SIZE & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_ROWS_IN_A (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Array u8 v_SIGNATURE_SIZE & usize) = temp_0_ in @@ -337,7 +318,7 @@ let impl__serialize let signature, true_hints_seen:(t_Array u8 v_SIGNATURE_SIZE & usize) = Rust_primitives.Hax.Folds.fold_enumerated_slice (self.Libcrux_ml_dsa.Types.f_hint.[ i ] <: - t_Array i32 (Rust_primitives.mk_usize 256)) + t_Array i32 (sz 256)) (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Array u8 v_SIGNATURE_SIZE & usize) = temp_0_ in let _:usize = temp_1_ in @@ -346,14 +327,14 @@ let impl__serialize (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Array u8 v_SIGNATURE_SIZE & usize) = temp_0_ in let j, hint:(usize & i32) = temp_1_ in - if hint =. Rust_primitives.mk_i32 1 <: bool + if hint =. 1l <: bool then let signature:t_Array u8 v_SIGNATURE_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize signature (offset +! true_hints_seen <: usize) (cast (j <: usize) <: u8) in - let true_hints_seen:usize = true_hints_seen +! Rust_primitives.mk_usize 1 in + let true_hints_seen:usize = true_hints_seen +! sz 1 in signature, true_hints_seen <: (t_Array u8 v_SIGNATURE_SIZE & usize) else signature, true_hints_seen <: (t_Array u8 v_SIGNATURE_SIZE & usize)) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst index faed8897f..1394c5939 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst @@ -10,6 +10,90 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () +let deserialize_then_ntt + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (serialized: t_Array u8 v_SIGNING_KEY_SIZE) + = + let seed_for_A, remaining_serialized:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (serialized <: t_Slice u8) + Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE + in + let seed_for_signing, remaining_serialized:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + remaining_serialized + Libcrux_ml_dsa.Constants.v_SEED_FOR_SIGNING_SIZE + in + let verification_key_hash, remaining_serialized:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + remaining_serialized + Libcrux_ml_dsa.Constants.v_BYTES_FOR_VERIFICATION_KEY_HASH + in + let s1_serialized, remaining_serialized:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + remaining_serialized + (v_ERROR_RING_ELEMENT_SIZE *! v_COLUMNS_IN_A <: usize) + in + let s2_serialized, t0_serialized:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + remaining_serialized + (v_ERROR_RING_ELEMENT_SIZE *! v_ROWS_IN_A <: usize) + in + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + v_COLUMNS_IN_A = + Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit + v_COLUMNS_IN_A + v_ETA + v_ERROR_RING_ELEMENT_SIZE + s1_serialized + in + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = + Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit + v_ROWS_IN_A + v_ETA + v_ERROR_RING_ELEMENT_SIZE + s2_serialized + in + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = + Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit v_ROWS_IN_A t0_serialized + in + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_A + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError), + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_signing + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError), + Core.Result.impl__unwrap #(t_Array u8 (sz 64)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 64)) + #FStar.Tactics.Typeclasses.solve + verification_key_hash + <: + Core.Result.t_Result (t_Array u8 (sz 64)) Core.Array.t_TryFromSliceError), + s1_as_ntt, + s2_as_ntt, + t0_as_ntt + <: + (t_Array u8 (sz 32) & t_Array u8 (sz 32) & t_Array u8 (sz 64) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) + let generate_serialized (#v_SIMDUnit #v_Shake256: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) @@ -24,9 +108,9 @@ let generate_serialized (s2 t0: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = let signing_key_serialized:t_Array u8 v_SIGNING_KEY_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_SIGNING_KEY_SIZE + Rust_primitives.Hax.repeat 0uy v_SIGNING_KEY_SIZE in - let offset:usize = Rust_primitives.mk_usize 0 in + let offset:usize = sz 0 in let signing_key_serialized:t_Array u8 v_SIGNING_KEY_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signing_key_serialized ({ @@ -73,13 +157,11 @@ let generate_serialized t_Slice u8) in let offset:usize = offset +! Libcrux_ml_dsa.Constants.v_SEED_FOR_SIGNING_SIZE in - let verification_key_hash:t_Array u8 (Rust_primitives.mk_usize 64) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 64) - in - let verification_key_hash:t_Array u8 (Rust_primitives.mk_usize 64) = + let verification_key_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let verification_key_hash:t_Array u8 (sz 64) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 64) + (sz 64) verification_key verification_key_hash in @@ -244,91 +326,3 @@ let generate_serialized offset, signing_key_serialized <: (usize & t_Array u8 v_SIGNING_KEY_SIZE)) in signing_key_serialized - -let deserialize_then_ntt - (#v_SIMDUnit: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (serialized: t_Array u8 v_SIGNING_KEY_SIZE) - = - let seed_for_A, remaining_serialized:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (serialized <: t_Slice u8) - Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE - in - let seed_for_signing, remaining_serialized:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - remaining_serialized - Libcrux_ml_dsa.Constants.v_SEED_FOR_SIGNING_SIZE - in - let verification_key_hash, remaining_serialized:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - remaining_serialized - Libcrux_ml_dsa.Constants.v_BYTES_FOR_VERIFICATION_KEY_HASH - in - let s1_serialized, remaining_serialized:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - remaining_serialized - (v_ERROR_RING_ELEMENT_SIZE *! v_COLUMNS_IN_A <: usize) - in - let s2_serialized, t0_serialized:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - remaining_serialized - (v_ERROR_RING_ELEMENT_SIZE *! v_ROWS_IN_A <: usize) - in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_COLUMNS_IN_A = - Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit - v_COLUMNS_IN_A - v_ETA - v_ERROR_RING_ELEMENT_SIZE - s1_serialized - in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = - Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit - v_ROWS_IN_A - v_ETA - v_ERROR_RING_ELEMENT_SIZE - s2_serialized - in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = - Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit v_ROWS_IN_A t0_serialized - in - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_A - <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 32)) Core.Array.t_TryFromSliceError - ), - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_signing - <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 32)) Core.Array.t_TryFromSliceError - ), - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 64)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 64)) - #FStar.Tactics.Typeclasses.solve - verification_key_hash - <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 64)) Core.Array.t_TryFromSliceError - ), - s1_as_ntt, - s2_as_ntt, - t0_as_ntt - <: - (t_Array u8 (Rust_primitives.mk_usize 32) & t_Array u8 (Rust_primitives.mk_usize 32) & - t_Array u8 (Rust_primitives.mk_usize 64) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti index 42b146b91..b8a8f2d90 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fsti @@ -10,26 +10,25 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -val generate_serialized - (#v_SIMDUnit #v_Shake256: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} - (seed_for_A seed_for_signing verification_key: t_Slice u8) - (s1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) - (s2 t0: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) - : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - val deserialize_then_ntt (#v_SIMDUnit: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (serialized: t_Array u8 v_SIGNING_KEY_SIZE) : Prims.Pure - (t_Array u8 (Rust_primitives.mk_usize 32) & t_Array u8 (Rust_primitives.mk_usize 32) & - t_Array u8 (Rust_primitives.mk_usize 64) & + (t_Array u8 (sz 32) & t_Array u8 (sz 32) & t_Array u8 (sz 64) & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) + +val generate_serialized + (#v_SIMDUnit #v_Shake256: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE: usize) + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} + (seed_for_A seed_for_signing verification_key: t_Slice u8) + (s1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + (s2 t0: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) + : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst index 69d5736a2..b1193d6cd 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst @@ -9,65 +9,6 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize - (#v_SIMDUnit: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - = - let serialized:t_Array u8 (Rust_primitives.mk_usize 416) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 416) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 416) = - Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 416) = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 416) = serialized in - let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (serialized.[ { - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_dsa.Simd.Traits.f_t0_serialize #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - simd_unit - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 (Rust_primitives.mk_usize 416)) - in - serialized - let deserialize (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -76,14 +17,14 @@ let deserialize (serialized: t_Slice u8) = let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = - Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 13) + Core.Slice.impl__chunks #u8 serialized (sz 13) in let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () in let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -185,3 +126,55 @@ let deserialize_to_vector_then_ntt t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) in ring_elements + +let serialize + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + = + let serialized:t_Array u8 (sz 416) = Rust_primitives.Hax.repeat 0uy (sz 416) in + let serialized:t_Array u8 (sz 416) = + Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 416) = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 416) = serialized in + let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Libcrux_ml_dsa.Simd.Traits.f_t0_serialize #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + simd_unit + <: + t_Slice u8) + <: + t_Slice u8) + <: + t_Array u8 (sz 416)) + in + serialized diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti index aeed36259..3969d9d7c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti @@ -9,13 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = Rust_primitives.mk_usize 13 - -val serialize - (#v_SIMDUnit: Type0) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 416)) Prims.l_True (fun _ -> Prims.l_True) +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 13 val deserialize (#v_SIMDUnit: Type0) @@ -34,3 +28,9 @@ val deserialize_to_vector_then_ntt (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) Prims.l_True (fun _ -> Prims.l_True) + +val serialize + (#v_SIMDUnit: Type0) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (t_Array u8 (sz 416)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst index 801629612..6a59315c3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst @@ -9,65 +9,6 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize - (#v_SIMDUnit: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - = - let serialized:t_Array u8 (Rust_primitives.mk_usize 320) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 320) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 320) = - Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units - <: - t_Slice v_SIMDUnit) - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 320) = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 320) = serialized in - let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (serialized.[ { - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - serialize__OUTPUT_BYTES_PER_SIMD_UNIT - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_dsa.Simd.Traits.f_t1_serialize #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - simd_unit - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 (Rust_primitives.mk_usize 320)) - in - serialized - let deserialize (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -76,14 +17,14 @@ let deserialize (serialized: t_Slice u8) = let serialized_chunks:Core.Slice.Iter.t_Chunks u8 = - Core.Slice.impl__chunks #u8 serialized (Rust_primitives.mk_usize 10) + Core.Slice.impl__chunks #u8 serialized (sz 10) in let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () in let result, serialized_chunks:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Core.Slice.Iter.t_Chunks u8) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -134,3 +75,55 @@ let deserialize Core.Slice.Iter.t_Chunks u8)) in result + +let serialize + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + = + let serialized:t_Array u8 (sz 320) = Rust_primitives.Hax.repeat 0uy (sz 320) in + let serialized:t_Array u8 (sz 320) = + Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 320) = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 320) = serialized in + let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized + ({ + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { + Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Libcrux_ml_dsa.Simd.Traits.f_t1_serialize #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + simd_unit + <: + t_Slice u8) + <: + t_Slice u8) + <: + t_Array u8 (sz 320)) + in + serialized diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti index c46b9fe4f..f05c66a13 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti @@ -9,13 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = Rust_primitives.mk_usize 10 - -val serialize - (#v_SIMDUnit: Type0) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 320)) Prims.l_True (fun _ -> Prims.l_True) +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 10 val deserialize (#v_SIMDUnit: Type0) @@ -24,3 +18,9 @@ val deserialize : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) + +val serialize + (#v_SIMDUnit: Type0) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (t_Array u8 (sz 320)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst index a7171dbe8..94a614a45 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst @@ -9,6 +9,77 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () +let deserialize + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) + = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = + Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + v_ROWS_IN_A + in + let seed_for_A, serialized_remaining:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (serialized <: t_Slice u8) + Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_ROWS_IN_A + (fun t1 temp_1_ -> + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A + = + t1 + in + let _:usize = temp_1_ in + true) + t1 + (fun t1 i -> + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A + = + t1 + in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1 + i + (Libcrux_ml_dsa.Encoding.T1.deserialize #v_SIMDUnit + (serialized_remaining.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE + <: + usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + <: + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) + in + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_A + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError), + t1 + <: + (t_Array u8 (sz 32) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) + let generate_serialized (#v_SIMDUnit: Type0) (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) @@ -19,19 +90,19 @@ let generate_serialized (t1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = let verification_key_serialized:t_Array u8 v_VERIFICATION_KEY_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_VERIFICATION_KEY_SIZE + Rust_primitives.Hax.repeat 0uy v_VERIFICATION_KEY_SIZE in let verification_key_serialized:t_Array u8 v_VERIFICATION_KEY_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range verification_key_serialized ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; + Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (verification_key_serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; + Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: @@ -93,76 +164,3 @@ let generate_serialized verification_key_serialized) in verification_key_serialized - -let deserialize - (#v_SIMDUnit: Type0) - (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) - = - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = - Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - v_ROWS_IN_A - in - let seed_for_A, serialized_remaining:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (serialized <: t_Slice u8) - Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE - in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - v_ROWS_IN_A - (fun t1 temp_1_ -> - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A - = - t1 - in - let _:usize = temp_1_ in - true) - t1 - (fun t1 i -> - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A - = - t1 - in - let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1 - i - (Libcrux_ml_dsa.Encoding.T1.deserialize #v_SIMDUnit - (serialized_remaining.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize; - Core.Ops.Range.f_end - = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) - in - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_A - <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 32)) Core.Array.t_TryFromSliceError - ), - t1 - <: - (t_Array u8 (Rust_primitives.mk_usize 32) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fsti index 15eee61fe..59e60a0ee 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fsti @@ -9,21 +9,21 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -val generate_serialized - (#v_SIMDUnit: Type0) - (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) - {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (seed_for_A: t_Slice u8) - (t1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) - : Prims.Pure (t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - val deserialize (#v_SIMDUnit: Type0) (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (serialized: t_Array u8 v_VERIFICATION_KEY_SIZE) : Prims.Pure - (t_Array u8 (Rust_primitives.mk_usize 32) & + (t_Array u8 (sz 32) & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) Prims.l_True (fun _ -> Prims.l_True) + +val generate_serialized + (#v_SIMDUnit: Type0) + (v_ROWS_IN_A v_VERIFICATION_KEY_SIZE: usize) + {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (seed_for_A: t_Slice u8) + (t1: t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) + : Prims.Pure (t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst deleted file mode 100644 index f993463d8..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst +++ /dev/null @@ -1,555 +0,0 @@ -module Libcrux_ml_dsa.Hash_functions.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -type t_Shake128x4 = { - f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (Rust_primitives.mk_usize 2) -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = - { - f_init_absorb_pre - = - (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true - ); - f_init_absorb_post - = - (fun - (input0: t_Slice u8) - (input1: t_Slice u8) - (input2: t_Slice u8) - (input3: t_Slice u8) - (out: t_Shake128x4) - -> - true); - f_init_absorb - = - (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - let list = - [Libcrux_sha3.Neon.X2.Incremental.init (); Libcrux_sha3.Neon.X2.Incremental.init ()] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - Rust_primitives.Hax.array_of_list 2 list - in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 0) - (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - input0 - input1 - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 1) - (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - input2 - input3 - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - in - { f_state = state } <: t_Shake128x4); - f_squeeze_first_five_blocks_pre - = - (fun - (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) - -> - true); - f_squeeze_first_five_blocks_post - = - (fun - (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) - (out4: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))) - -> - true); - f_squeeze_first_five_blocks - = - (fun - (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) - -> - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out0 - out1 - in - let self:t_Shake128x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 - } - <: - t_Shake128x4 - in - let out0:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in - let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out2 - out3 - in - let self:t_Shake128x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 - } - <: - t_Shake128x4 - in - let out2:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in - let _:Prims.unit = () in - self, out0, out1, out2, out3 - <: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))); - f_squeeze_next_block_pre = (fun (self: t_Shake128x4) -> true); - f_squeeze_next_block_post - = - (fun - (self: t_Shake128x4) - (out4: - (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)))) - -> - true); - f_squeeze_next_block - = - fun (self: t_Shake128x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out0 - out1 - in - let self:t_Shake128x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 - } - <: - t_Shake128x4 - in - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = tmp2 in - let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out2 - out3 - in - let self:t_Shake128x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 - } - <: - t_Shake128x4 - in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = tmp2 in - let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = - out0, out1, out2, out3 - <: - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) - in - self, hax_temp_output - <: - (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) - } - -/// Neon SHAKE 256 x4 state -type t_Shake256x4 = { - f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (Rust_primitives.mk_usize 2) -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = - { - f_init_absorb_pre - = - (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> true - ); - f_init_absorb_post - = - (fun - (input0: t_Slice u8) - (input1: t_Slice u8) - (input2: t_Slice u8) - (input3: t_Slice u8) - (out: t_Shake256x4) - -> - true); - f_init_absorb - = - (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - let list = - [Libcrux_sha3.Neon.X2.Incremental.init (); Libcrux_sha3.Neon.X2.Incremental.init ()] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - Rust_primitives.Hax.array_of_list 2 list - in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 0) - (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - input0 - input1 - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 1) - (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - input2 - input3 - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - in - { f_state = state } <: t_Shake256x4); - f_squeeze_first_block_pre = (fun (self: t_Shake256x4) -> true); - f_squeeze_first_block_post - = - (fun - (self: t_Shake256x4) - (out4: - (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) - -> - true); - f_squeeze_first_block - = - (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out0 - out1 - in - let self:t_Shake256x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 - } - <: - t_Shake256x4 - in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out2 - out3 - in - let self:t_Shake256x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 - } - <: - t_Shake256x4 - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - out0, out1, out2, out3 - <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) - in - self, hax_temp_output - <: - (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); - f_squeeze_next_block_pre = (fun (self: t_Shake256x4) -> true); - f_squeeze_next_block_post - = - (fun - (self: t_Shake256x4) - (out4: - (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) - -> - true); - f_squeeze_next_block - = - (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out0 - out1 - in - let self:t_Shake256x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 - } - <: - t_Shake256x4 - in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] - <: - Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) - out2 - out3 - in - let self:t_Shake256x4 = - { - self with - f_state - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 - } - <: - t_Shake256x4 - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - out0, out1, out2, out3 - <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) - in - self, hax_temp_output - <: - (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); - f_shake256_pre - = - (fun - (v_OUT_LEN: usize) - (input0: t_Slice u8) - (input1: t_Slice u8) - (input2: t_Slice u8) - (input3: t_Slice u8) - (out0: t_Array u8 v_OUT_LEN) - (out1: t_Array u8 v_OUT_LEN) - (out2: t_Array u8 v_OUT_LEN) - (out3: t_Array u8 v_OUT_LEN) - -> - true); - f_shake256_post - = - (fun - (v_OUT_LEN: usize) - (input0: t_Slice u8) - (input1: t_Slice u8) - (input2: t_Slice u8) - (input3: t_Slice u8) - (out0: t_Array u8 v_OUT_LEN) - (out1: t_Array u8 v_OUT_LEN) - (out2: t_Array u8 v_OUT_LEN) - (out3: t_Array u8 v_OUT_LEN) - (out4: - (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN - )) - -> - true); - f_shake256 - = - fun - (v_OUT_LEN: usize) - (input0: t_Slice u8) - (input1: t_Slice u8) - (input2: t_Slice u8) - (input3: t_Slice u8) - (out0: t_Array u8 v_OUT_LEN) - (out1: t_Array u8 v_OUT_LEN) - (out2: t_Array u8 v_OUT_LEN) - (out3: t_Array u8 v_OUT_LEN) - -> - let tmp0, tmp1:(t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) = - Libcrux_sha3.Neon.X2.shake256 input0 input1 out0 out1 - in - let out0:t_Array u8 v_OUT_LEN = tmp0 in - let out1:t_Array u8 v_OUT_LEN = tmp1 in - let _:Prims.unit = () in - let tmp0, tmp1:(t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) = - Libcrux_sha3.Neon.X2.shake256 input2 input3 out2 out3 - in - let out2:t_Array u8 v_OUT_LEN = tmp0 in - let out3:t_Array u8 v_OUT_LEN = tmp1 in - let _:Prims.unit = () in - out0, out1, out2, out3 - <: - (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) - } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti index ddbd358c4..6f4f9d9f4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti @@ -3,9 +3,10 @@ module Libcrux_ml_dsa.Hash_functions.Neon open Core open FStar.Mul -type t_Shake128x4 = { - f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (Rust_primitives.mk_usize 2) -} +type t_Shake128x4 = { f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) } + +/// Neon SHAKE 256 x4 state +type t_Shake256x4 = { f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) } [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = @@ -27,20 +28,17 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = f_init_absorb = (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = let list = [Libcrux_sha3.Neon.X2.Incremental.init (); Libcrux_sha3.Neon.X2.Incremental.init ()] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 0) - (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ Rust_primitives.mk_usize - 0 ] + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) input0 @@ -48,12 +46,10 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 1) - (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ Rust_primitives.mk_usize - 1 ] + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) input2 @@ -66,41 +62,37 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> true); f_squeeze_first_five_blocks_post = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) (out4: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))) + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))) -> true); f_squeeze_first_five_blocks = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ Rust_primitives.mk_usize - 0 ] + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out0 @@ -111,21 +103,17 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 0) tmp0 } <: t_Shake128x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in + let out0:t_Array u8 (sz 840) = tmp1 in + let out1:t_Array u8 (sz 840) = tmp2 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ Rust_primitives.mk_usize - 1 ] + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_five_blocks (self.f_state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out2 @@ -136,22 +124,18 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 1) tmp0 } <: t_Shake128x4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in + let out2:t_Array u8 (sz 840) = tmp1 in + let out3:t_Array u8 (sz 840) = tmp2 in let _:Prims.unit = () in self, out0, out1, out2, out3 <: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))); + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))); f_squeeze_next_block_pre = (fun (self: t_Shake128x4) -> true); f_squeeze_next_block_post = @@ -159,31 +143,20 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = (self: t_Shake128x4) (out4: (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + ) -> true); f_squeeze_next_block = fun (self: t_Shake128x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out0 @@ -194,21 +167,17 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 0) tmp0 } <: t_Shake128x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = tmp2 in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out2 @@ -219,39 +188,26 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 1) tmp0 } <: t_Shake128x4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = tmp2 in + let out2:t_Array u8 (sz 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp2 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)) in self, hax_temp_output <: (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) } -/// Neon SHAKE 256 x4 state -type t_Shake256x4 = { - f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (Rust_primitives.mk_usize 2) -} - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = { @@ -272,20 +228,17 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = f_init_absorb = (fun (input0: t_Slice u8) (input1: t_Slice u8) (input2: t_Slice u8) (input3: t_Slice u8) -> - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = let list = [Libcrux_sha3.Neon.X2.Incremental.init (); Libcrux_sha3.Neon.X2.Incremental.init ()] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 0) - (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ Rust_primitives.mk_usize - 0 ] + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) input0 @@ -293,12 +246,10 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState - (Rust_primitives.mk_usize 2) = + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState (sz 2) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state - (Rust_primitives.mk_usize 1) - (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ Rust_primitives.mk_usize - 1 ] + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake256_absorb_final (state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) input2 @@ -314,31 +265,20 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = (self: t_Shake256x4) (out4: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_first_block = (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = + Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out0 @@ -349,21 +289,17 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 0) tmp0 } <: t_Shake256x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in + let out0:t_Array u8 (sz 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp2 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = + Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_first_block (self.f_state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out2 @@ -374,32 +310,24 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 1) tmp0 } <: t_Shake256x4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in + let out2:t_Array u8 (sz 136) = tmp1 in + let out3:t_Array u8 (sz 136) = tmp2 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_squeeze_next_block_pre = (fun (self: t_Shake256x4) -> true); f_squeeze_next_block_post = @@ -407,31 +335,20 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = (self: t_Shake256x4) (out4: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_next_block = (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 0 ] + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = + Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ sz 0 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out0 @@ -442,21 +359,17 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 0) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 0) tmp0 } <: t_Shake256x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in + let out0:t_Array u8 (sz 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp2 in let _:Prims.unit = () in - let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = - Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ Rust_primitives.mk_usize - 1 ] + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = + Libcrux_sha3.Neon.X2.Incremental.shake256_squeeze_next_block (self.f_state.[ sz 1 ] <: Libcrux_sha3.Neon.X2.Incremental.t_KeccakState) out2 @@ -467,32 +380,24 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = self with f_state = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state - (Rust_primitives.mk_usize 1) - tmp0 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_state (sz 1) tmp0 } <: t_Shake256x4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in + let out2:t_Array u8 (sz 136) = tmp1 in + let out3:t_Array u8 (sz 136) = tmp2 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_shake256_pre = (fun diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti index 1f960b146..55811609f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti @@ -3,34 +3,9 @@ module Libcrux_ml_dsa.Hash_functions.Portable open Core open FStar.Mul -val init_absorb__init_absorb (input: t_Slice u8) - : Prims.Pure Libcrux_sha3.Portable.t_KeccakState Prims.l_True (fun _ -> Prims.l_True) - /// Portable SHAKE 128 state type t_Shake128 = | Shake128 : t_Shake128 -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128 = - { - f_shake128_pre - = - (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> true); - f_shake128_post - = - (fun - (v_OUTPUT_LENGTH: usize) - (input: t_Slice u8) - (out: t_Array u8 v_OUTPUT_LENGTH) - (out1: t_Array u8 v_OUTPUT_LENGTH) - -> - true); - f_shake128 - = - fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> - let out:t_Array u8 v_OUTPUT_LENGTH = Libcrux_sha3.Portable.shake128 out input in - out - } - /// Portable SHAKE 128 x4 state. /// We're using a portable implementation so this is actually sequential. type t_Shake128X4 = { @@ -40,6 +15,21 @@ type t_Shake128X4 = { f_state3:Libcrux_sha3.Portable.t_KeccakState } +/// Portable SHAKE 256 state +type t_Shake256 = { f_state:Libcrux_sha3.Portable.t_KeccakState } + +/// Portable SHAKE 256 x4 state. +/// We're using a portable implementation so this is actually sequential. +type t_Shake256X4 = { + f_state0:Libcrux_sha3.Portable.t_KeccakState; + f_state1:Libcrux_sha3.Portable.t_KeccakState; + f_state2:Libcrux_sha3.Portable.t_KeccakState; + f_state3:Libcrux_sha3.Portable.t_KeccakState +} + +val init_absorb__init_absorb (input: t_Slice u8) + : Prims.Pure Libcrux_sha3.Portable.t_KeccakState Prims.l_True (fun _ -> Prims.l_True) + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 = { @@ -71,70 +61,62 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 = = (fun (self: t_Shake128X4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> true); f_squeeze_first_five_blocks_post = (fun (self: t_Shake128X4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) (out4: - (t_Shake128X4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))) + (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))) -> true); f_squeeze_first_five_blocks = (fun (self: t_Shake128X4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 840)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_five_blocks self.f_state0 out0 in let self:t_Shake128X4 = { self with f_state0 = tmp0 } <: t_Shake128X4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in + let out0:t_Array u8 (sz 840) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 840)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_five_blocks self.f_state1 out1 in let self:t_Shake128X4 = { self with f_state1 = tmp0 } <: t_Shake128X4 in - let out1:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in + let out1:t_Array u8 (sz 840) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 840)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_five_blocks self.f_state2 out2 in let self:t_Shake128X4 = { self with f_state2 = tmp0 } <: t_Shake128X4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in + let out2:t_Array u8 (sz 840) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 840)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_five_blocks self.f_state3 out3 in let self:t_Shake128X4 = { self with f_state3 = tmp0 } <: t_Shake128X4 in - let out3:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in + let out3:t_Array u8 (sz 840) = tmp1 in let _:Prims.unit = () in self, out0, out1, out2, out3 <: - (t_Shake128X4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))); + (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))); f_squeeze_next_block_pre = (fun (self: t_Shake128X4) -> true); f_squeeze_next_block_post = @@ -142,74 +124,74 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 = (self: t_Shake128X4) (out4: (t_Shake128X4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + ) -> true); f_squeeze_next_block = fun (self: t_Shake128X4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block self.f_state0 out0 in let self:t_Shake128X4 = { self with f_state0 = tmp0 } <: t_Shake128X4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in + let out0:t_Array u8 (sz 168) = tmp1 in let _:Prims.unit = () in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block self.f_state1 out1 in let self:t_Shake128X4 = { self with f_state1 = tmp0 } <: t_Shake128X4 in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp1 in let _:Prims.unit = () in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block self.f_state2 out2 in let self:t_Shake128X4 = { self with f_state2 = tmp0 } <: t_Shake128X4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in + let out2:t_Array u8 (sz 168) = tmp1 in let _:Prims.unit = () in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block self.f_state3 out3 in let self:t_Shake128X4 = { self with f_state3 = tmp0 } <: t_Shake128X4 in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)) in self, hax_temp_output <: (t_Shake128X4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) } -/// Portable SHAKE 256 state -type t_Shake256 = { f_state:Libcrux_sha3.Portable.t_KeccakState } +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof t_Shake128 = + { + f_shake128_pre + = + (fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> true); + f_shake128_post + = + (fun + (v_OUTPUT_LENGTH: usize) + (input: t_Slice u8) + (out: t_Array u8 v_OUTPUT_LENGTH) + (out1: t_Array u8 v_OUTPUT_LENGTH) + -> + true); + f_shake128 + = + fun (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUTPUT_LENGTH) -> + let out:t_Array u8 v_OUTPUT_LENGTH = Libcrux_sha3.Portable.shake128 out input in + out + } [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 = @@ -246,54 +228,37 @@ let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 = f_squeeze_first_block_pre = (fun (self: t_Shake256) -> true); f_squeeze_first_block_post = - (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))) -> true - ); + (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (sz 136))) -> true); f_squeeze_first_block = (fun (self: t_Shake256) -> - let out:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state out in let self:t_Shake256 = { self with f_state = tmp0 } <: t_Shake256 in - let out:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:t_Array u8 (Rust_primitives.mk_usize 136) = out in - self, hax_temp_output <: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))); + let hax_temp_output:t_Array u8 (sz 136) = out in + self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136))); f_squeeze_next_block_pre = (fun (self: t_Shake256) -> true); f_squeeze_next_block_post = - (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))) -> true - ); + (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (sz 136))) -> true); f_squeeze_next_block = fun (self: t_Shake256) -> - let out:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state out in let self:t_Shake256 = { self with f_state = tmp0 } <: t_Shake256 in - let out:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:t_Array u8 (Rust_primitives.mk_usize 136) = out in - self, hax_temp_output <: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136)) + let hax_temp_output:t_Array u8 (sz 136) = out in + self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136)) } -/// Portable SHAKE 256 x4 state. -/// We're using a portable implementation so this is actually sequential. -type t_Shake256X4 = { - f_state0:Libcrux_sha3.Portable.t_KeccakState; - f_state1:Libcrux_sha3.Portable.t_KeccakState; - f_state2:Libcrux_sha3.Portable.t_KeccakState; - f_state3:Libcrux_sha3.Portable.t_KeccakState -} - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 = { @@ -348,70 +313,51 @@ let impl_3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 = (self: t_Shake256X4) (out4: (t_Shake256X4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_first_block = (fun (self: t_Shake256X4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state0 out0 in let self:t_Shake256X4 = { self with f_state0 = tmp0 } <: t_Shake256X4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out0:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state1 out1 in let self:t_Shake256X4 = { self with f_state1 = tmp0 } <: t_Shake256X4 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state2 out2 in let self:t_Shake256X4 = { self with f_state2 = tmp0 } <: t_Shake256X4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out2:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state3 out3 in let self:t_Shake256X4 = { self with f_state3 = tmp0 } <: t_Shake256X4 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out3:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256X4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_squeeze_next_block_pre = (fun (self: t_Shake256X4) -> true); f_squeeze_next_block_post = @@ -419,70 +365,51 @@ let impl_3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 = (self: t_Shake256X4) (out4: (t_Shake256X4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_next_block = (fun (self: t_Shake256X4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state0 out0 in let self:t_Shake256X4 = { self with f_state0 = tmp0 } <: t_Shake256X4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out0:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state1 out1 in let self:t_Shake256X4 = { self with f_state1 = tmp0 } <: t_Shake256X4 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state2 out2 in let self:t_Shake256X4 = { self with f_state2 = tmp0 } <: t_Shake256X4 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out2:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state3 out3 in let self:t_Shake256X4 = { self with f_state3 = tmp0 } <: t_Shake256X4 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out3:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256X4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_shake256_pre = (fun diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fst deleted file mode 100644 index 9dd9ad636..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fst +++ /dev/null @@ -1,80 +0,0 @@ -module Libcrux_ml_dsa.Hash_functions.Shake128 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -class t_Xof (v_Self: Type0) = { - f_shake128_pre:v_OUTPUT_LENGTH: usize -> t_Slice u8 -> t_Array u8 v_OUTPUT_LENGTH -> Type0; - f_shake128_post: - v_OUTPUT_LENGTH: usize -> - t_Slice u8 -> - t_Array u8 v_OUTPUT_LENGTH -> - t_Array u8 v_OUTPUT_LENGTH - -> Type0; - f_shake128:v_OUTPUT_LENGTH: usize -> x0: t_Slice u8 -> x1: t_Array u8 v_OUTPUT_LENGTH - -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) - (f_shake128_pre v_OUTPUT_LENGTH x0 x1) - (fun result -> f_shake128_post v_OUTPUT_LENGTH x0 x1 result) -} - -/// When sampling matrix A we always want to do 4 absorb/squeeze calls in -/// parallel. -class t_XofX4 (v_Self: Type0) = { - f_init_absorb_pre:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> Type0; - f_init_absorb_post:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> v_Self -> Type0; - f_init_absorb:x0: t_Slice u8 -> x1: t_Slice u8 -> x2: t_Slice u8 -> x3: t_Slice u8 - -> Prims.Pure v_Self - (f_init_absorb_pre x0 x1 x2 x3) - (fun result -> f_init_absorb_post x0 x1 x2 x3 result); - f_squeeze_first_five_blocks_pre: - v_Self -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) - -> Type0; - f_squeeze_first_five_blocks_post: - v_Self -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - (v_Self & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) - -> Type0; - f_squeeze_first_five_blocks: - x0: v_Self -> - x1: t_Array u8 (Rust_primitives.mk_usize 840) -> - x2: t_Array u8 (Rust_primitives.mk_usize 840) -> - x3: t_Array u8 (Rust_primitives.mk_usize 840) -> - x4: t_Array u8 (Rust_primitives.mk_usize 840) - -> Prims.Pure - (v_Self & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) - (f_squeeze_first_five_blocks_pre x0 x1 x2 x3 x4) - (fun result -> f_squeeze_first_five_blocks_post x0 x1 x2 x3 x4 result); - f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post: - v_Self -> - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) - -> Type0; - f_squeeze_next_block:x0: v_Self - -> Prims.Pure - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) - (f_squeeze_next_block_pre x0) - (fun result -> f_squeeze_next_block_post x0 result) -} - -let v_BLOCK_SIZE: usize = Rust_primitives.mk_usize 168 - -let v_FIVE_BLOCKS_SIZE: usize = v_BLOCK_SIZE *! Rust_primitives.mk_usize 5 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti index 71bceb4a7..d5bc80a18 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti @@ -28,49 +28,41 @@ class t_XofX4 (v_Self: Type0) = { (fun result -> f_init_absorb_post x0 x1 x2 x3 result); f_squeeze_first_five_blocks_pre: v_Self -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> Type0; f_squeeze_first_five_blocks_post: v_Self -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - t_Array u8 (Rust_primitives.mk_usize 840) -> - (v_Self & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> + t_Array u8 (sz 840) -> + (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) -> Type0; f_squeeze_first_five_blocks: x0: v_Self -> - x1: t_Array u8 (Rust_primitives.mk_usize 840) -> - x2: t_Array u8 (Rust_primitives.mk_usize 840) -> - x3: t_Array u8 (Rust_primitives.mk_usize 840) -> - x4: t_Array u8 (Rust_primitives.mk_usize 840) + x1: t_Array u8 (sz 840) -> + x2: t_Array u8 (sz 840) -> + x3: t_Array u8 (sz 840) -> + x4: t_Array u8 (sz 840) -> Prims.Pure - (v_Self & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) + (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) (f_squeeze_first_five_blocks_pre x0 x1 x2 x3 x4) (fun result -> f_squeeze_first_five_blocks_post x0 x1 x2 x3 x4 result); f_squeeze_next_block_pre:v_Self -> Type0; f_squeeze_next_block_post: v_Self -> (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) -> Type0; f_squeeze_next_block:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fst deleted file mode 100644 index a37c4e5d7..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fst +++ /dev/null @@ -1,114 +0,0 @@ -module Libcrux_ml_dsa.Hash_functions.Shake256 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -class t_Xof (v_Self: Type0) = { - f_shake256_pre:v_OUTPUT_LENGTH: usize -> t_Slice u8 -> t_Array u8 v_OUTPUT_LENGTH -> Type0; - f_shake256_post: - v_OUTPUT_LENGTH: usize -> - t_Slice u8 -> - t_Array u8 v_OUTPUT_LENGTH -> - t_Array u8 v_OUTPUT_LENGTH - -> Type0; - f_shake256:v_OUTPUT_LENGTH: usize -> x0: t_Slice u8 -> x1: t_Array u8 v_OUTPUT_LENGTH - -> Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) - (f_shake256_pre v_OUTPUT_LENGTH x0 x1) - (fun result -> f_shake256_post v_OUTPUT_LENGTH x0 x1 result); - f_init_absorb_pre:t_Slice u8 -> Type0; - f_init_absorb_post:t_Slice u8 -> v_Self -> Type0; - f_init_absorb:x0: t_Slice u8 - -> Prims.Pure v_Self (f_init_absorb_pre x0) (fun result -> f_init_absorb_post x0 result); - f_squeeze_first_block_pre:v_Self -> Type0; - f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) -> Type0; - f_squeeze_first_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) - (f_squeeze_first_block_pre x0) - (fun result -> f_squeeze_first_block_post x0 result); - f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) -> Type0; - f_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) - (f_squeeze_next_block_pre x0) - (fun result -> f_squeeze_next_block_post x0 result) -} - -class t_XofX4 (v_Self: Type0) = { - f_shake256_pre: - v_OUT_LEN: usize -> - t_Slice u8 -> - t_Slice u8 -> - t_Slice u8 -> - t_Slice u8 -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN - -> Type0; - f_shake256_post: - v_OUT_LEN: usize -> - t_Slice u8 -> - t_Slice u8 -> - t_Slice u8 -> - t_Slice u8 -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN -> - t_Array u8 v_OUT_LEN -> - (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) - -> Type0; - f_shake256: - v_OUT_LEN: usize -> - x0: t_Slice u8 -> - x1: t_Slice u8 -> - x2: t_Slice u8 -> - x3: t_Slice u8 -> - x4: t_Array u8 v_OUT_LEN -> - x5: t_Array u8 v_OUT_LEN -> - x6: t_Array u8 v_OUT_LEN -> - x7: t_Array u8 v_OUT_LEN - -> Prims.Pure - (t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN & t_Array u8 v_OUT_LEN) - (f_shake256_pre v_OUT_LEN x0 x1 x2 x3 x4 x5 x6 x7) - (fun result -> f_shake256_post v_OUT_LEN x0 x1 x2 x3 x4 x5 x6 x7 result); - f_init_absorb_pre:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> Type0; - f_init_absorb_post:t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> t_Slice u8 -> v_Self -> Type0; - f_init_absorb:x0: t_Slice u8 -> x1: t_Slice u8 -> x2: t_Slice u8 -> x3: t_Slice u8 - -> Prims.Pure v_Self - (f_init_absorb_pre x0 x1 x2 x3) - (fun result -> f_init_absorb_post x0 x1 x2 x3 result); - f_squeeze_first_block_pre:v_Self -> Type0; - f_squeeze_first_block_post: - v_Self -> - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) - -> Type0; - f_squeeze_first_block:x0: v_Self - -> Prims.Pure - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) - (f_squeeze_first_block_pre x0) - (fun result -> f_squeeze_first_block_post x0 result); - f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post: - v_Self -> - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) - -> Type0; - f_squeeze_next_block:x0: v_Self - -> Prims.Pure - (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) - (f_squeeze_next_block_pre x0) - (fun result -> f_squeeze_next_block_post x0 result) -} - -let v_BLOCK_SIZE: usize = Rust_primitives.mk_usize 136 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti index a62590900..6ad902487 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti @@ -20,15 +20,15 @@ class t_Xof (v_Self: Type0) = { f_init_absorb:x0: t_Slice u8 -> Prims.Pure v_Self (f_init_absorb_pre x0) (fun result -> f_init_absorb_post x0 result); f_squeeze_first_block_pre:v_Self -> Type0; - f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) -> Type0; + f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; f_squeeze_first_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) + -> Prims.Pure (v_Self & t_Array u8 (sz 136)) (f_squeeze_first_block_pre x0) (fun result -> f_squeeze_first_block_post x0 result); f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) -> Type0; + f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; f_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (Rust_primitives.mk_usize 136)) + -> Prims.Pure (v_Self & t_Array u8 (sz 136)) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } @@ -81,32 +81,24 @@ class t_XofX4 (v_Self: Type0) = { f_squeeze_first_block_post: v_Self -> (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) -> Type0; f_squeeze_first_block:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) (f_squeeze_first_block_pre x0) (fun result -> f_squeeze_first_block_post x0 result); f_squeeze_next_block_pre:v_Self -> Type0; f_squeeze_next_block_post: v_Self -> (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) -> Type0; f_squeeze_next_block:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti index ce4488043..4d39cccaa 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti @@ -8,6 +8,12 @@ open FStar.Mul /// version is used. type t_Shake128x4 = { f_state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState } +/// AVX2 SHAKE 256 x4 state. +type t_Shake256x4 = { f_state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState } + +/// AVX2 SHAKE 256 state +type t_Shake256 = { f_state:Libcrux_sha3.Portable.t_KeccakState } + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = { @@ -39,41 +45,39 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> true); f_squeeze_first_five_blocks_post = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) (out4: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))) + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))) -> true); f_squeeze_first_five_blocks = (fun (self: t_Shake128x4) - (out0: t_Array u8 (Rust_primitives.mk_usize 840)) - (out1: t_Array u8 (Rust_primitives.mk_usize 840)) - (out2: t_Array u8 (Rust_primitives.mk_usize 840)) - (out3: t_Array u8 (Rust_primitives.mk_usize 840)) + (out0: t_Array u8 (sz 840)) + (out1: t_Array u8 (sz 840)) + (out2: t_Array u8 (sz 840)) + (out3: t_Array u8 (sz 840)) -> let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_first_five_blocks self.f_state out0 out1 @@ -81,17 +85,15 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = out3 in let self:t_Shake128x4 = { self with f_state = tmp0 } <: t_Shake128x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in - let out2:t_Array u8 (Rust_primitives.mk_usize 840) = tmp3 in - let out3:t_Array u8 (Rust_primitives.mk_usize 840) = tmp4 in + let out0:t_Array u8 (sz 840) = tmp1 in + let out1:t_Array u8 (sz 840) = tmp2 in + let out2:t_Array u8 (sz 840) = tmp3 in + let out3:t_Array u8 (sz 840) = tmp4 in let _:Prims.unit = () in self, out0, out1, out2, out3 <: - (t_Shake128x4 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840))); + (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840))); f_squeeze_next_block_pre = (fun (self: t_Shake128x4) -> true); f_squeeze_next_block_post = @@ -99,31 +101,22 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = (self: t_Shake128x4) (out4: (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + ) -> true); f_squeeze_next_block = fun (self: t_Shake128x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 168) - in + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_next_block self.f_state out0 out1 @@ -131,32 +124,23 @@ let impl: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 = out3 in let self:t_Shake128x4 = { self with f_state = tmp0 } <: t_Shake128x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 168) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 168) = tmp2 in - let out2:t_Array u8 (Rust_primitives.mk_usize 168) = tmp3 in - let out3:t_Array u8 (Rust_primitives.mk_usize 168) = tmp4 in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let out2:t_Array u8 (sz 168) = tmp3 in + let out3:t_Array u8 (sz 168) = tmp4 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let hax_temp_output:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168)) in self, hax_temp_output <: (t_Shake128x4 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) } -/// AVX2 SHAKE 256 state -type t_Shake256 = { f_state:Libcrux_sha3.Portable.t_KeccakState } - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 = { @@ -192,48 +176,37 @@ let impl_1: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof t_Shake256 = f_squeeze_first_block_pre = (fun (self: t_Shake256) -> true); f_squeeze_first_block_post = - (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))) -> true - ); + (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (sz 136))) -> true); f_squeeze_first_block = (fun (self: t_Shake256) -> - let out:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_first_block self.f_state out in let self:t_Shake256 = { self with f_state = tmp0 } <: t_Shake256 in - let out:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:t_Array u8 (Rust_primitives.mk_usize 136) = out in - self, hax_temp_output <: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))); + let hax_temp_output:t_Array u8 (sz 136) = out in + self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136))); f_squeeze_next_block_pre = (fun (self: t_Shake256) -> true); f_squeeze_next_block_post = - (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136))) -> true - ); + (fun (self: t_Shake256) (out1: (t_Shake256 & t_Array u8 (sz 136))) -> true); f_squeeze_next_block = fun (self: t_Shake256) -> - let out:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let out:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState & t_Array u8 (sz 136)) = Libcrux_sha3.Portable.Incremental.shake256_squeeze_next_block self.f_state out in let self:t_Shake256 = { self with f_state = tmp0 } <: t_Shake256 in - let out:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in + let out:t_Array u8 (sz 136) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:t_Array u8 (Rust_primitives.mk_usize 136) = out in - self, hax_temp_output <: (t_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136)) + let hax_temp_output:t_Array u8 (sz 136) = out in + self, hax_temp_output <: (t_Shake256 & t_Array u8 (sz 136)) } -/// AVX2 SHAKE 256 x4 state. -type t_Shake256x4 = { f_state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState } - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = { @@ -268,31 +241,22 @@ let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = (self: t_Shake256x4) (out4: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_first_block = (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + t_Array u8 (sz 136) & + t_Array u8 (sz 136) & + t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = Libcrux_sha3.Avx2.X4.Incremental.shake256_squeeze_first_block self.f_state out0 out1 @@ -300,27 +264,21 @@ let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = out3 in let self:t_Shake256x4 = { self with f_state = tmp0 } <: t_Shake256x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp3 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp4 in + let out0:t_Array u8 (sz 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp2 in + let out2:t_Array u8 (sz 136) = tmp3 in + let out3:t_Array u8 (sz 136) = tmp4 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_squeeze_next_block_pre = (fun (self: t_Shake256x4) -> true); f_squeeze_next_block_post = @@ -328,31 +286,22 @@ let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = (self: t_Shake256x4) (out4: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + ) -> true); f_squeeze_next_block = (fun (self: t_Shake256x4) -> - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 136) - in + let out0:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out1:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out2:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in + let out3:t_Array u8 (sz 136) = Rust_primitives.Hax.repeat 0uy (sz 136) in let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + t_Array u8 (sz 136) & + t_Array u8 (sz 136) & + t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = Libcrux_sha3.Avx2.X4.Incremental.shake256_squeeze_next_block self.f_state out0 out1 @@ -360,27 +309,21 @@ let impl_2: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256x4 = out3 in let self:t_Shake256x4 = { self with f_state = tmp0 } <: t_Shake256x4 in - let out0:t_Array u8 (Rust_primitives.mk_usize 136) = tmp1 in - let out1:t_Array u8 (Rust_primitives.mk_usize 136) = tmp2 in - let out2:t_Array u8 (Rust_primitives.mk_usize 136) = tmp3 in - let out3:t_Array u8 (Rust_primitives.mk_usize 136) = tmp4 in + let out0:t_Array u8 (sz 136) = tmp1 in + let out1:t_Array u8 (sz 136) = tmp2 in + let out2:t_Array u8 (sz 136) = tmp3 in + let out3:t_Array u8 (sz 136) = tmp4 in let _:Prims.unit = () in - let hax_temp_output:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let hax_temp_output:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out0, out1, out2, out3 <: - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)) in self, hax_temp_output <: (t_Shake256x4 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)))); + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136)))); f_shake256_pre = (fun diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst index 38057f92e..0f4339ffb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst @@ -75,7 +75,7 @@ let add_vectors v_DIMENSION in let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_DIMENSION (fun result temp_1_ -> let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -401,7 +401,7 @@ let compute_w_approx in let t1_shifted:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Arithmetic.shift_left_then_reduce #v_SIMDUnit - (Rust_primitives.mk_i32 13) + 13l (t1.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let challenge_times_t1_shifted:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement @@ -444,7 +444,7 @@ let subtract_vectors v_DIMENSION in let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_DIMENSION (fun result temp_1_ -> let result:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst index e371c24e0..e68b8fe9b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 2560) & - t_Array u8 (Rust_primitives.mk_usize 1312)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 1312) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (sz 4) + (sz 4) + (sz 2) + (sz 96) + (sz 2560) + (sz 1312) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l + (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) + (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_i32 95232) - (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) (Rust_primitives.mk_usize 80) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) + (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) - (Rust_primitives.mk_usize 1312) (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) - (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 4) (sz 4) + (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti index 9bd343dc3..2cc5f13c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-44 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst index 3c221beed..f27fbeff4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 2560) & - t_Array u8 (Rust_primitives.mk_usize 1312)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 1312) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (sz 4) + (sz 4) + (sz 2) + (sz 96) + (sz 2560) + (sz 1312) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l + (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) + (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_i32 95232) - (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) (Rust_primitives.mk_usize 80) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) + (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) - (Rust_primitives.mk_usize 1312) (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) - (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 4) (sz 4) + (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti index 198c8e600..58227663f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-44 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst index 34a714c2d..b28affb1d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst @@ -3,16 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 2560) & - t_Array u8 (Rust_primitives.mk_usize 1312)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (Rust_primitives.mk_usize - 4) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 1312) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (sz 4) + (sz 4) + (sz 2) + (sz 96) + (sz 2560) + (sz 1312) randomness in { @@ -20,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) + 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 4) (sz 4) + (sz 2) (sz 96) (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) + (sz 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_i32 95232) - (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) (Rust_primitives.mk_usize 80) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 4) (sz 4) (sz 2420) (sz 1312) + (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 4) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) - (Rust_primitives.mk_usize 1312) (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) - (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 4) (sz 4) + (sz 2420) (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti index 7d700adf5..1e6653b8a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-44 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst index 76aa01067..4eff956f5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_44_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 2560) & - t_Array u8 (Rust_primitives.mk_usize 1312)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 1312) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (sz 4) + (sz 4) + (sz 2) + (sz 96) + (sz 2560) + (sz 1312) randomness in { @@ -19,63 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 4) (sz 4) (sz 2) (sz 96) (sz 17) 95232l + (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_i32 95232) (Rust_primitives.mk_usize 192) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) - (Rust_primitives.mk_usize 80) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_usize 2560) - (Rust_primitives.mk_usize 2420) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 4) (sz 4) (sz 2) (sz 96) + (sz 17) 95232l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) (sz 576) (sz 2560) (sz 2420) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_i32 95232) - (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) (Rust_primitives.mk_usize 80) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 4) (sz 4) (sz 2420) (sz 1312) (sz 17) + (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 2420) (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 17) (Rust_primitives.mk_usize 576) (Rust_primitives.mk_i32 95232) - (Rust_primitives.mk_i32 78) (Rust_primitives.mk_usize 192) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 32) (Rust_primitives.mk_usize 39) (Rust_primitives.mk_usize 80) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 4) (sz 4) (sz 2420) + (sz 1312) (sz 17) (sz 576) 95232l 78l (sz 192) (sz 768) (sz 32) (sz 39) (sz 80) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti index 3960090e8..a677e8e9a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti @@ -3,46 +3,44 @@ module Libcrux_ml_dsa.Ml_dsa_44_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = Rust_primitives.mk_usize 6 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 6 -let v_BITS_PER_ERROR_COEFFICIENT: usize = Rust_primitives.mk_usize 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = Rust_primitives.mk_usize 18 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 18 -let v_COLUMNS_IN_A: usize = Rust_primitives.mk_usize 4 +let v_COLUMNS_IN_A: usize = sz 4 -let v_COMMITMENT_HASH_SIZE: usize = Rust_primitives.mk_usize 32 +let v_COMMITMENT_HASH_SIZE: usize = sz 32 let v_COMMITMENT_RING_ELEMENT_SIZE: usize = (v_BITS_PER_COMMITMENT_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 let v_ERROR_RING_ELEMENT_SIZE: usize = (v_BITS_PER_ERROR_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_ETA: usize = Rust_primitives.mk_usize 2 +let v_ETA: usize = sz 2 -let v_GAMMA1_EXPONENT: usize = Rust_primitives.mk_usize 17 +let v_GAMMA1_EXPONENT: usize = sz 17 let v_GAMMA1_RING_ELEMENT_SIZE: usize = (v_BITS_PER_GAMMA1_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize ) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_GAMMA2: i32 = - (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! Rust_primitives.mk_i32 1 <: i32) /! - Rust_primitives.mk_i32 88 +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 88l -let v_MAX_ONES_IN_HINT: usize = Rust_primitives.mk_usize 80 +let v_MAX_ONES_IN_HINT: usize = sz 80 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = Rust_primitives.mk_usize 39 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 39 let v_BETA: i32 = cast (v_ONES_IN_VERIFIER_CHALLENGE *! v_ETA <: usize) <: i32 -let v_ROWS_IN_A: usize = Rust_primitives.mk_usize 4 +let v_ROWS_IN_A: usize = sz 4 let v_COMMITMENT_VECTOR_SIZE: usize = v_COMMITMENT_RING_ELEMENT_SIZE *! v_ROWS_IN_A @@ -74,7 +72,7 @@ let v_VERIFICATION_KEY_SIZE: usize = usize) <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 <: usize) @@ -82,10 +80,10 @@ let v_VERIFICATION_KEY_SIZE: usize = /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA44KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1312) - (Rust_primitives.mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign with ML-DSA 44 /// Sign a `message` with the ML-DSA `signing_key`. @@ -94,11 +92,11 @@ val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 44, with a SHAKE128 pre-hashing @@ -109,11 +107,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -123,10 +121,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -138,10 +135,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1312) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst index 8ae4f70df..4dcf80489 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4032) & - t_Array u8 (Rust_primitives.mk_usize 1952)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 1952) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (sz 6) + (sz 5) + (sz 4) + (sz 128) + (sz 4032) + (sz 1952) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) + 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) + (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) (Rust_primitives.mk_usize 55) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) + (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) - (Rust_primitives.mk_usize 1952) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 6) (sz 5) + (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti index 1ebca715f..bfcb87df8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst index 807dcf30c..b54a04df2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4032) & - t_Array u8 (Rust_primitives.mk_usize 1952)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 1952) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (sz 6) + (sz 5) + (sz 4) + (sz 128) + (sz 4032) + (sz 1952) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) + 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) + (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) (Rust_primitives.mk_usize 55) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) + (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) - (Rust_primitives.mk_usize 1952) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 6) (sz 5) + (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti index 341c764be..ff39c5e48 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst index 91cf2cd7e..eaf1e627f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst @@ -3,16 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4032) & - t_Array u8 (Rust_primitives.mk_usize 1952)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (Rust_primitives.mk_usize - 6) - (Rust_primitives.mk_usize 5) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 1952) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (sz 6) + (sz 5) + (sz 4) + (sz 128) + (sz 4032) + (sz 1952) randomness in { @@ -20,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) + 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 6) (sz 5) + (sz 4) (sz 128) (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) + (sz 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) (Rust_primitives.mk_usize 55) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 6) (sz 5) (sz 3309) (sz 1952) + (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 6) (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) - (Rust_primitives.mk_usize 1952) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 6) (sz 5) + (sz 3309) (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti index 28c5fb133..7568a9a1c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst index bc58d87b4..d75500055 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_65_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4032) & - t_Array u8 (Rust_primitives.mk_usize 1952)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) - (Rust_primitives.mk_usize 4) - (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 1952) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (sz 6) + (sz 5) + (sz 4) + (sz 128) + (sz 4032) + (sz 1952) randomness in { @@ -19,63 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 6) (sz 5) (sz 4) (sz 128) (sz 19) 261888l + (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 4) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 768) (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) - (Rust_primitives.mk_usize 55) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4032) - (Rust_primitives.mk_usize 3309) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 6) (sz 5) (sz 4) (sz 128) + (sz 19) 261888l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) (sz 640) (sz 4032) (sz 3309) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) (Rust_primitives.mk_usize 55) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 6) (sz 5) (sz 3309) (sz 1952) (sz 19) + (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (Rust_primitives.mk_usize 6) - (Rust_primitives.mk_usize 5) (Rust_primitives.mk_usize 3309) (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 196) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 768) - (Rust_primitives.mk_usize 48) (Rust_primitives.mk_usize 49) (Rust_primitives.mk_usize 55) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 6) (sz 5) (sz 3309) + (sz 1952) (sz 19) (sz 640) 261888l 196l (sz 128) (sz 768) (sz 48) (sz 49) (sz 55) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti index 467b363d7..47735a500 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti @@ -3,46 +3,44 @@ module Libcrux_ml_dsa.Ml_dsa_65_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = Rust_primitives.mk_usize 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 -let v_BITS_PER_ERROR_COEFFICIENT: usize = Rust_primitives.mk_usize 4 +let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 4 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = Rust_primitives.mk_usize 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 -let v_COLUMNS_IN_A: usize = Rust_primitives.mk_usize 5 +let v_COLUMNS_IN_A: usize = sz 5 -let v_COMMITMENT_HASH_SIZE: usize = Rust_primitives.mk_usize 48 +let v_COMMITMENT_HASH_SIZE: usize = sz 48 let v_COMMITMENT_RING_ELEMENT_SIZE: usize = (v_BITS_PER_COMMITMENT_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 let v_ERROR_RING_ELEMENT_SIZE: usize = (v_BITS_PER_ERROR_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_ETA: usize = Rust_primitives.mk_usize 4 +let v_ETA: usize = sz 4 -let v_GAMMA1_EXPONENT: usize = Rust_primitives.mk_usize 19 +let v_GAMMA1_EXPONENT: usize = sz 19 let v_GAMMA1_RING_ELEMENT_SIZE: usize = (v_BITS_PER_GAMMA1_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize ) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_GAMMA2: i32 = - (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! Rust_primitives.mk_i32 1 <: i32) /! - Rust_primitives.mk_i32 32 +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l -let v_MAX_ONES_IN_HINT: usize = Rust_primitives.mk_usize 55 +let v_MAX_ONES_IN_HINT: usize = sz 55 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = Rust_primitives.mk_usize 49 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 49 let v_BETA: i32 = cast (v_ONES_IN_VERIFIER_CHALLENGE *! v_ETA <: usize) <: i32 -let v_ROWS_IN_A: usize = Rust_primitives.mk_usize 6 +let v_ROWS_IN_A: usize = sz 6 let v_COMMITMENT_VECTOR_SIZE: usize = v_COMMITMENT_RING_ELEMENT_SIZE *! v_ROWS_IN_A @@ -74,7 +72,7 @@ let v_VERIFICATION_KEY_SIZE: usize = usize) <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 <: usize) @@ -82,10 +80,10 @@ let v_VERIFICATION_KEY_SIZE: usize = /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA65KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 1952) - (Rust_primitives.mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign with ML-DSA 65 /// Sign a `message` with the ML-DSA `signing_key`. @@ -94,11 +92,11 @@ val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 65, with a SHAKE128 pre-hashing @@ -109,11 +107,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -123,10 +121,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -138,10 +135,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 1952) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst index 913efa791..27eb5b514 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4896) & - t_Array u8 (Rust_primitives.mk_usize 2592)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 2592) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.generate_key_pair (sz 8) + (sz 7) + (sz 2) + (sz 96) + (sz 4896) + (sz 2592) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) + 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) + (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 1024) - (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) (Rust_primitives.mk_usize 75) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) + (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) - (Rust_primitives.mk_usize 2592) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.verify_pre_hashed_shake128 (sz 8) (sz 7) + (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti index 2e6bcab3b..2b2ba04ee 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-87 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst index 11749a2ed..e89d61679 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4896) & - t_Array u8 (Rust_primitives.mk_usize 2592)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 2592) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.generate_key_pair (sz 8) + (sz 7) + (sz 2) + (sz 96) + (sz 4896) + (sz 2592) randomness in { @@ -19,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) + 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) + (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 1024) - (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) (Rust_primitives.mk_usize 75) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) + (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) - (Rust_primitives.mk_usize 2592) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.verify_pre_hashed_shake128 (sz 8) (sz 7) + (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti index 97b5b98ad..499342491 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-87 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst index 83db066c7..8ff301da4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst @@ -3,16 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4896) & - t_Array u8 (Rust_primitives.mk_usize 2592)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (Rust_primitives.mk_usize - 8) - (Rust_primitives.mk_usize 7) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 2592) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.generate_key_pair (sz 8) + (sz 7) + (sz 2) + (sz 96) + (sz 4896) + (sz 2592) randomness in { @@ -20,64 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) + 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.sign_pre_hashed_shake128 (sz 8) (sz 7) + (sz 2) (sz 96) (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) + (sz 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 1024) - (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) (Rust_primitives.mk_usize 75) + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify (sz 8) (sz 7) (sz 4627) (sz 2592) + (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (Rust_primitives.mk_usize - 8) (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) - (Rust_primitives.mk_usize 2592) (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) - (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) verification_key.Libcrux_ml_dsa.Types._0 message context - signature.Libcrux_ml_dsa.Types._0 + Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.verify_pre_hashed_shake128 (sz 8) (sz 7) + (sz 4627) (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) + verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti index dcfafcad1..5825b758b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti @@ -4,21 +4,21 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate a HashML-DSA-87 Signature, with a SHAKE128 pre-hashing @@ -26,11 +26,11 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -38,10 +38,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -51,10 +50,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst index 6b6638c60..7628dbe10 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst @@ -3,15 +3,14 @@ module Libcrux_ml_dsa.Ml_dsa_87_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = - let signing_key, verification_key:(t_Array u8 (Rust_primitives.mk_usize 4896) & - t_Array u8 (Rust_primitives.mk_usize 2592)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) - (Rust_primitives.mk_usize 2) - (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 2592) +let generate_key_pair (randomness: t_Array u8 (sz 32)) = + let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.generate_key_pair (sz 8) + (sz 7) + (sz 2) + (sz 96) + (sz 4896) + (sz 2592) randomness in { @@ -19,63 +18,48 @@ let generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) = = Libcrux_ml_dsa.Types.MLDSASigningKey signing_key <: - Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896); + Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896); Libcrux_ml_dsa.Types.f_verification_key = Libcrux_ml_dsa.Types.MLDSAVerificationKey verification_key <: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) + Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592) } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign (sz 8) (sz 7) (sz 2) (sz 96) (sz 19) 261888l + (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 2) (Rust_primitives.mk_usize 96) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_i32 261888) (Rust_primitives.mk_usize 128) - (Rust_primitives.mk_usize 1024) (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) - (Rust_primitives.mk_usize 75) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_usize 4896) - (Rust_primitives.mk_usize 4627) signing_key.Libcrux_ml_dsa.Types._0 message context randomness + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.sign_pre_hashed_shake128 (sz 8) (sz 7) (sz 2) (sz 96) + (sz 19) 261888l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) (sz 640) (sz 4896) (sz 4627) + signing_key.Libcrux_ml_dsa.Types._0 message context randomness let verify - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 1024) - (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) (Rust_primitives.mk_usize 75) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify (sz 8) (sz 7) (sz 4627) (sz 2592) (sz 19) + (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 let verify_pre_hashed_shake128 - (verification_key: - Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (Rust_primitives.mk_usize 8) - (Rust_primitives.mk_usize 7) (Rust_primitives.mk_usize 4627) (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 19) (Rust_primitives.mk_usize 640) (Rust_primitives.mk_i32 261888) - (Rust_primitives.mk_i32 120) (Rust_primitives.mk_usize 128) (Rust_primitives.mk_usize 1024) - (Rust_primitives.mk_usize 64) (Rust_primitives.mk_usize 60) (Rust_primitives.mk_usize 75) + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.verify_pre_hashed_shake128 (sz 8) (sz 7) (sz 4627) + (sz 2592) (sz 19) (sz 640) 261888l 120l (sz 128) (sz 1024) (sz 64) (sz 60) (sz 75) verification_key.Libcrux_ml_dsa.Types._0 message context signature.Libcrux_ml_dsa.Types._0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti index 96f044550..f5eb82a25 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti @@ -3,46 +3,44 @@ module Libcrux_ml_dsa.Ml_dsa_87_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = Rust_primitives.mk_usize 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 -let v_BITS_PER_ERROR_COEFFICIENT: usize = Rust_primitives.mk_usize 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = Rust_primitives.mk_usize 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 -let v_COLUMNS_IN_A: usize = Rust_primitives.mk_usize 7 +let v_COLUMNS_IN_A: usize = sz 7 -let v_COMMITMENT_HASH_SIZE: usize = Rust_primitives.mk_usize 64 +let v_COMMITMENT_HASH_SIZE: usize = sz 64 let v_COMMITMENT_RING_ELEMENT_SIZE: usize = (v_BITS_PER_COMMITMENT_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 let v_ERROR_RING_ELEMENT_SIZE: usize = (v_BITS_PER_ERROR_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_ETA: usize = Rust_primitives.mk_usize 2 +let v_ETA: usize = sz 2 -let v_GAMMA1_EXPONENT: usize = Rust_primitives.mk_usize 19 +let v_GAMMA1_EXPONENT: usize = sz 19 let v_GAMMA1_RING_ELEMENT_SIZE: usize = (v_BITS_PER_GAMMA1_COEFFICIENT *! Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize ) /! - Rust_primitives.mk_usize 8 + sz 8 -let v_GAMMA2: i32 = - (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! Rust_primitives.mk_i32 1 <: i32) /! - Rust_primitives.mk_i32 32 +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l -let v_MAX_ONES_IN_HINT: usize = Rust_primitives.mk_usize 75 +let v_MAX_ONES_IN_HINT: usize = sz 75 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = Rust_primitives.mk_usize 60 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 60 let v_BETA: i32 = cast (v_ONES_IN_VERIFIER_CHALLENGE *! v_ETA <: usize) <: i32 -let v_ROWS_IN_A: usize = Rust_primitives.mk_usize 8 +let v_ROWS_IN_A: usize = sz 8 let v_COMMITMENT_VECTOR_SIZE: usize = v_COMMITMENT_RING_ELEMENT_SIZE *! v_ROWS_IN_A @@ -74,7 +72,7 @@ let v_VERIFICATION_KEY_SIZE: usize = usize) <: usize) /! - Rust_primitives.mk_usize 8 + sz 8 <: usize) @@ -82,10 +80,10 @@ let v_VERIFICATION_KEY_SIZE: usize = /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA87KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (Rust_primitives.mk_usize 2592) - (Rust_primitives.mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) +val generate_key_pair (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign with ML-DSA 87 /// Sign a `message` with the ML-DSA `signing_key`. @@ -94,11 +92,11 @@ val generate_key_pair (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 87, with a SHAKE128 pre-hashing @@ -109,11 +107,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (Rust_primitives.mk_usize 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -123,10 +121,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -138,10 +135,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (Rust_primitives.mk_usize 2592) - ) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (Rust_primitives.mk_usize 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fst index b37a27bd0..6066f3058 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fst @@ -17,7 +17,7 @@ let _ = let generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -32,7 +32,7 @@ let sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -50,17 +50,16 @@ let sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE - v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE - v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT - v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key message context - randomness + (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 + v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE + v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE + v_SIGNATURE_SIZE signing_key message context randomness let verify (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: @@ -92,7 +91,7 @@ let verify_pre_hashed_shake128 Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE - v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA - v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature + (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE + v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT + verification_key message context signature diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fsti index 4f5b62941..09d4842de 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.fsti @@ -18,7 +18,7 @@ let _ = val generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) @@ -31,7 +31,7 @@ val sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -44,7 +44,7 @@ val sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst index 8ccc95911..9e12c192d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fst @@ -18,7 +18,7 @@ let _ = let generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,7 +33,7 @@ let sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,17 +51,16 @@ let sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 - #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE - v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE - v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT - v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key message context - randomness + #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH (sz 256) + v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 + v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE + v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE + v_SIGNATURE_SIZE signing_key message context randomness let verify (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: @@ -93,7 +92,7 @@ let verify_pre_hashed_shake128 Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE - v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA - v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature + (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE + v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT + verification_key message context signature diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti index 44a225bcb..93c40dc34 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.fsti @@ -19,7 +19,7 @@ let _ = val generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) @@ -32,7 +32,7 @@ val sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -45,7 +45,7 @@ val sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst index 200472cb5..3ed0bdc8f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fst @@ -17,7 +17,7 @@ let _ = let generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,7 +32,7 @@ let sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -50,17 +50,16 @@ let sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = Libcrux_ml_dsa.Ml_dsa_generic.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE - v_GAMMA1_EXPONENT v_GAMMA2 v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE - v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT - v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_SIGNATURE_SIZE signing_key message context - randomness + (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT v_GAMMA2 + v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE + v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT v_GAMMA1_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE + v_SIGNATURE_SIZE signing_key message context randomness let verify (v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE: @@ -92,7 +91,7 @@ let verify_pre_hashed_shake128 Libcrux_ml_dsa.Ml_dsa_generic.verify_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256 #Libcrux_ml_dsa.Pre_hash.t_SHAKE128_PH - (Rust_primitives.mk_usize 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE - v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA - v_COMMITMENT_RING_ELEMENT_SIZE v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE - v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT verification_key message context signature + (sz 256) v_ROWS_IN_A v_COLUMNS_IN_A v_SIGNATURE_SIZE v_VERIFICATION_KEY_SIZE v_GAMMA1_EXPONENT + v_GAMMA1_RING_ELEMENT_SIZE v_GAMMA2 v_BETA v_COMMITMENT_RING_ELEMENT_SIZE + v_COMMITMENT_VECTOR_SIZE v_COMMITMENT_HASH_SIZE v_ONES_IN_VERIFIER_CHALLENGE v_MAX_ONES_IN_HINT + verification_key message context signature diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti index 572a02079..1e4399d64 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.fsti @@ -18,7 +18,7 @@ let _ = val generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) @@ -31,7 +31,7 @@ val sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -44,7 +44,7 @@ val sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fst index faaea5bc9..69d507f61 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fst @@ -6,7 +6,7 @@ open FStar.Mul let generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -43,7 +43,7 @@ let sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -74,7 +74,7 @@ let sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = if Libcrux_platform.Platform.simd256_support () then diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fsti index 871419f5c..c617ed3c3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.fsti @@ -6,7 +6,7 @@ open FStar.Mul val generate_key_pair (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: usize) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) @@ -18,7 +18,7 @@ val sign usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -30,7 +30,7 @@ val sign_pre_hashed_shake128 usize) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst index a3a0638df..df5dc6fe8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst @@ -14,21 +14,21 @@ let _ = () let derive_message_representative - (verification_key_hash: t_Array u8 (Rust_primitives.mk_usize 64)) + (verification_key_hash: t_Array u8 (sz 64)) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (Rust_primitives.mk_usize 64)) + (message_representative: t_Array u8 (sz 64)) = let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_new #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve () in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (verification_key_hash <: t_Slice u8) @@ -38,15 +38,15 @@ let derive_message_representative | Core.Option.Option_Some domain_separation_context -> let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake ((let list = [ - cast (Core.Option.impl__is_some #(t_Array u8 (Rust_primitives.mk_usize 11)) + cast (Core.Option.impl__is_some #(t_Array u8 (sz 11)) (Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context <: - Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) + Core.Option.t_Option (t_Array u8 (sz 11))) <: bool) <: @@ -60,7 +60,7 @@ let derive_message_representative in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake ((let list = @@ -82,7 +82,7 @@ let derive_message_representative in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (Libcrux_ml_dsa.Pre_hash.impl_1__context domain_separation_context <: t_Slice u8) @@ -90,7 +90,7 @@ let derive_message_representative (match Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context with | Core.Option.Option_Some pre_hash_oid -> Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (pre_hash_oid <: t_Slice u8) @@ -99,135 +99,23 @@ let derive_message_representative in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = Libcrux_sha3.Portable.Incremental.f_absorb_final #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake message in - let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & - t_Array u8 (Rust_primitives.mk_usize 64)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & t_Array u8 (sz 64)) = Libcrux_sha3.Portable.Incremental.f_squeeze #Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake message_representative in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = tmp0 in - let message_representative:t_Array u8 (Rust_primitives.mk_usize 64) = tmp1 in + let message_representative:t_Array u8 (sz 64) = tmp1 in let _:Prims.unit = () in message_representative -let generate_key_pair - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: - usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i5: - Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i6: - Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i7: - Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - = - let seed_expanded:t_Array u8 (Rust_primitives.mk_usize 128) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 128) - in - let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = - Libcrux_sha3.Portable.Incremental.f_new #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) - #FStar.Tactics.Typeclasses.solve - () - in - let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = - Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) - #FStar.Tactics.Typeclasses.solve - shake - (randomness <: t_Slice u8) - in - let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = - Libcrux_sha3.Portable.Incremental.f_absorb_final #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) - #FStar.Tactics.Typeclasses.solve - shake - ((let list = [cast (v_ROWS_IN_A <: usize) <: u8; cast (v_COLUMNS_IN_A <: usize) <: u8] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - Rust_primitives.Hax.array_of_list 2 list) - <: - t_Slice u8) - in - let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & - t_Array u8 (Rust_primitives.mk_usize 128)) = - Libcrux_sha3.Portable.Incremental.f_squeeze #Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze - #(Rust_primitives.mk_usize 136) - #FStar.Tactics.Typeclasses.solve - shake - seed_expanded - in - let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = tmp0 in - let seed_expanded:t_Array u8 (Rust_primitives.mk_usize 128) = tmp1 in - let _:Prims.unit = () in - let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (seed_expanded <: t_Slice u8) - Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE - in - let seed_for_error_vectors, seed_for_signing:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - seed_expanded - Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE - in - let a_as_ntt:t_Array - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) - v_ROWS_IN_A = - Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit - #v_Shake128X4 - v_ROWS_IN_A - v_COLUMNS_IN_A - (Libcrux_ml_dsa.Utils.into_padded_array (Rust_primitives.mk_usize 34) seed_for_a - <: - t_Array u8 (Rust_primitives.mk_usize 34)) - in - let s1, s2:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = - Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit - #v_Shake256X4 - v_ETA - v_COLUMNS_IN_A - v_ROWS_IN_A - (Libcrux_ml_dsa.Utils.into_padded_array (Rust_primitives.mk_usize 66) seed_for_error_vectors - <: - t_Array u8 (Rust_primitives.mk_usize 66)) - in - let t:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = - Libcrux_ml_dsa.Matrix.compute_As1_plus_s2 #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A a_as_ntt s1 s2 - in - let t0, t1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = - Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit v_ROWS_IN_A t - in - let verification_key_serialized:t_Array u8 v_VERIFICATION_KEY_SIZE = - Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit - v_ROWS_IN_A - v_VERIFICATION_KEY_SIZE - seed_for_a - t1 - in - let signing_key_serialized:t_Array u8 v_SIGNING_KEY_SIZE = - Libcrux_ml_dsa.Encoding.Signing_key.generate_serialized #v_SIMDUnit #v_Shake256 v_ROWS_IN_A - v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE seed_for_a seed_for_signing - (verification_key_serialized <: t_Slice u8) s1 s2 t0 - in - signing_key_serialized, verification_key_serialized - <: - (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) - let sign_internal (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0) (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_GAMMA1_EXPONENT: usize) @@ -250,12 +138,12 @@ let sign_internal (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = let seed_for_A, seed_for_signing, verification_key_hash, s1_as_ntt, s2_as_ntt, t0_as_ntt:(t_Array - u8 (Rust_primitives.mk_usize 32) & - t_Array u8 (Rust_primitives.mk_usize 32) & - t_Array u8 (Rust_primitives.mk_usize 64) & + u8 (sz 32) & + t_Array u8 (sz 32) & + t_Array u8 (sz 64) & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = @@ -274,65 +162,59 @@ let sign_internal #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A - (Libcrux_ml_dsa.Utils.into_padded_array (Rust_primitives.mk_usize 34) - (seed_for_A <: t_Slice u8) + (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) (seed_for_A <: t_Slice u8) <: - t_Array u8 (Rust_primitives.mk_usize 34)) - in - let message_representative:t_Array u8 (Rust_primitives.mk_usize 64) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 64) + t_Array u8 (sz 34)) in - let message_representative:t_Array u8 (Rust_primitives.mk_usize 64) = + let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let message_representative:t_Array u8 (sz 64) = derive_message_representative verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (Rust_primitives.mk_usize 64) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 64) - in + let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_new #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve () in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (seed_for_signing <: t_Slice u8) in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (randomness <: t_Slice u8) in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = Libcrux_sha3.Portable.Incremental.f_absorb_final #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & - t_Array u8 (Rust_primitives.mk_usize 64)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & t_Array u8 (sz 64)) = Libcrux_sha3.Portable.Incremental.f_squeeze #Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = tmp0 in - let mask_seed:t_Array u8 (Rust_primitives.mk_usize 64) = tmp1 in + let mask_seed:t_Array u8 (sz 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = Rust_primitives.mk_u16 0 in + let (domain_separator_for_mask: u16):u16 = 0us in let v_BETA:i32 = cast (v_ONES_IN_VERIFIER_CHALLENGE *! v_ETA <: usize) <: i32 in - let attempt:usize = Rust_primitives.mk_usize 0 in + let attempt:usize = sz 0 in let commitment_hash:Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) = Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) in @@ -343,22 +225,20 @@ let sign_internal Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) = - Core.Option.Option_None - <: - Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) & + Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) & + Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)) = @@ -368,20 +248,20 @@ let sign_internal (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: (usize & Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) & + Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 v_COMMITMENT_HASH_SIZE) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) & + Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A)) = temp_0_ in - let attempt:usize = attempt +! Rust_primitives.mk_usize 1 in + let attempt:usize = attempt +! sz 1 in let tmp0, out:(u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit @@ -389,10 +269,9 @@ let sign_internal #v_Shake256X4 v_COLUMNS_IN_A v_GAMMA1_EXPONENT - (Libcrux_ml_dsa.Utils.into_padded_array (Rust_primitives.mk_usize 66) - (mask_seed <: t_Slice u8) + (Libcrux_ml_dsa.Utils.into_padded_array (sz 66) (mask_seed <: t_Slice u8) <: - t_Array u8 (Rust_primitives.mk_usize 66)) + t_Array u8 (sz 66)) domain_separator_for_mask in let domain_separator_for_mask:u16 = tmp0 in @@ -417,7 +296,7 @@ let sign_internal v_A_times_mask in let commitment_hash_candidate:t_Array u8 v_COMMITMENT_HASH_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_COMMITMENT_HASH_SIZE + Rust_primitives.Hax.repeat 0uy v_COMMITMENT_HASH_SIZE in let commitment_serialized:t_Array u8 v_COMMITMENT_VECTOR_SIZE = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit @@ -428,20 +307,20 @@ let sign_internal in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_new #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve () in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (message_representative <: t_Slice u8) in let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = Libcrux_sha3.Portable.Incremental.f_absorb_final #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake (commitment_serialized <: t_Slice u8) @@ -449,7 +328,7 @@ let sign_internal let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & t_Array u8 v_COMMITMENT_HASH_SIZE) = Libcrux_sha3.Portable.Incremental.f_squeeze #Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze - #(Rust_primitives.mk_usize 136) + #(sz 136) #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate @@ -495,13 +374,12 @@ let sign_internal Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit v_COLUMNS_IN_A signer_response_candidate - ((Rust_primitives.mk_i32 1 < Core.Result.Result_Ok hint <: - Core.Result.t_Result - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) + Core.Result.t_Result (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) Libcrux_ml_dsa.Types.t_SigningError | Core.Option.Option_None -> Core.Result.Result_Err @@ -649,8 +519,7 @@ let sign_internal <: Libcrux_ml_dsa.Types.t_SigningError) <: - Core.Result.t_Result - (t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A) + Core.Result.t_Result (t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A) Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok hint -> @@ -717,11 +586,11 @@ let sign Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) with | Core.Result.Result_Ok hoist36 -> sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A @@ -762,7 +631,7 @@ let sign_pre_hashed Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN) (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -780,9 +649,9 @@ let sign_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (Rust_primitives.mk_usize 11)) + t_Array u8 (sz 11)) <: - Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) + Core.Option.t_Option (t_Array u8 (sz 11))) with | Core.Result.Result_Ok hoist39 -> sign_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4 v_ROWS_IN_A v_COLUMNS_IN_A @@ -821,7 +690,7 @@ let verify_internal Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (signature_serialized: t_Array u8 v_SIGNATURE_SIZE) = - let seed_for_A, t1:(t_Array u8 (Rust_primitives.mk_usize 32) & + let seed_for_A, t1:(t_Array u8 (sz 32) & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit v_ROWS_IN_A @@ -844,7 +713,7 @@ let verify_internal ~.(Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit v_COLUMNS_IN_A signature.Libcrux_ml_dsa.Types.f_signer_response - ((Rust_primitives.mk_i32 2 < verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A @@ -1041,9 +905,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #v_PH_DIGEST_LEN #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (Rust_primitives.mk_usize 11)) + t_Array u8 (sz 11)) <: - Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) + Core.Option.t_Option (t_Array u8 (sz 11))) with | Core.Result.Result_Ok hoist43 -> verify_internal #v_SIMDUnit #v_Shake128X4 #v_Shake256 v_ROWS_IN_A v_COLUMNS_IN_A @@ -1058,3 +922,107 @@ let verify_pre_hashed Core.Result.Result_Err (Core.Convert.f_from #FStar.Tactics.Typeclasses.solve err) <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError + +let generate_key_pair + (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i5: + Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i6: + Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i7: + Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) + (randomness: t_Array u8 (sz 32)) + = + let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = + Libcrux_sha3.Portable.Incremental.f_new #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb + #(sz 136) + #FStar.Tactics.Typeclasses.solve + () + in + let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Absorb = + Libcrux_sha3.Portable.Incremental.f_absorb #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb + #(sz 136) + #FStar.Tactics.Typeclasses.solve + shake + (randomness <: t_Slice u8) + in + let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = + Libcrux_sha3.Portable.Incremental.f_absorb_final #Libcrux_sha3.Portable.Incremental.t_Shake256Absorb + #(sz 136) + #FStar.Tactics.Typeclasses.solve + shake + ((let list = [cast (v_ROWS_IN_A <: usize) <: u8; cast (v_COLUMNS_IN_A <: usize) <: u8] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list) + <: + t_Slice u8) + in + let tmp0, tmp1:(Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze & t_Array u8 (sz 128)) = + Libcrux_sha3.Portable.Incremental.f_squeeze #Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze + #(sz 136) + #FStar.Tactics.Typeclasses.solve + shake + seed_expanded + in + let shake:Libcrux_sha3.Portable.Incremental.t_Shake256Squeeze = tmp0 in + let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let _:Prims.unit = () in + let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (seed_expanded <: t_Slice u8) + Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE + in + let seed_for_error_vectors, seed_for_signing:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + seed_expanded + Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE + in + let a_as_ntt:t_Array + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) + v_ROWS_IN_A = + Libcrux_ml_dsa.Samplex4.matrix_A #v_SIMDUnit + #v_Shake128X4 + v_ROWS_IN_A + v_COLUMNS_IN_A + (Libcrux_ml_dsa.Utils.into_padded_array (sz 34) seed_for_a <: t_Array u8 (sz 34)) + in + let s1, s2:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = + Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit + #v_Shake256X4 + v_ETA + v_COLUMNS_IN_A + v_ROWS_IN_A + (Libcrux_ml_dsa.Utils.into_padded_array (sz 66) seed_for_error_vectors <: t_Array u8 (sz 66)) + in + let t:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A = + Libcrux_ml_dsa.Matrix.compute_As1_plus_s2 #v_SIMDUnit v_ROWS_IN_A v_COLUMNS_IN_A a_as_ntt s1 s2 + in + let t0, t1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_ROWS_IN_A) = + Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit v_ROWS_IN_A t + in + let verification_key_serialized:t_Array u8 v_VERIFICATION_KEY_SIZE = + Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit + v_ROWS_IN_A + v_VERIFICATION_KEY_SIZE + seed_for_a + t1 + in + let signing_key_serialized:t_Array u8 v_SIGNING_KEY_SIZE = + Libcrux_ml_dsa.Encoding.Signing_key.generate_serialized #v_SIMDUnit #v_Shake256 v_ROWS_IN_A + v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE seed_for_a seed_for_signing + (verification_key_serialized <: t_Slice u8) s1 s2 t0 + in + signing_key_serialized, verification_key_serialized + <: + (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti index a42a1a5c3..6ed00153a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti @@ -31,26 +31,12 @@ let _ = /// 23 of Algorithm 4 (and line 18 of Algorithm 5,resp.) describe domain separation for the HashMl-DSA /// variant. val derive_message_representative - (verification_key_hash: t_Array u8 (Rust_primitives.mk_usize 64)) + (verification_key_hash: t_Array u8 (sz 64)) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (Rust_primitives.mk_usize 64)) - : Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 64)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate a key pair. -val generate_key_pair - (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0) - (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: - usize) - {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} - {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) - : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) + (message_representative: t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) /// The internal signing API. /// If no `domain_separation_context` is supplied, it is assumed that @@ -69,7 +55,7 @@ val sign_internal (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -86,7 +72,7 @@ val sign {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -105,7 +91,7 @@ val sign_pre_hashed {| i9: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH v_PH_DIGEST_LEN |} (signing_key: t_Array u8 v_SIGNING_KEY_SIZE) (message context: t_Slice u8) - (randomness: t_Array u8 (Rust_primitives.mk_usize 32)) + (randomness: t_Array u8 (sz 32)) : Prims.Pure (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature v_SIGNATURE_SIZE) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -166,3 +152,17 @@ val verify_pre_hashed : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair. +val generate_key_pair + (#v_SIMDUnit #v_Shake128X4 #v_Shake256 #v_Shake256X4: Type0) + (v_ROWS_IN_A v_COLUMNS_IN_A v_ETA v_ERROR_RING_ELEMENT_SIZE v_SIGNING_KEY_SIZE v_VERIFICATION_KEY_SIZE: + usize) + {| i4: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + {| i5: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} + {| i6: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} + {| i7: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 v_SIGNING_KEY_SIZE & t_Array u8 v_VERIFICATION_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst index d4a5e3b30..cd110c1ec 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst @@ -9,65 +9,22 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let invert_ntt_at_layer_0_ +let ntt (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (zeta_i: usize) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in - let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #v_SIMDUnit - (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) - <: - usize) - (fun temp_0_ temp_1_ -> - let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (re, zeta_i <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) - (fun temp_0_ round -> - let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - temp_0_ - in - let round:usize = round in - let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - { - re with - Libcrux_ml_dsa.Polynomial.f_simd_units - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_dsa.Polynomial.f_simd_units - round - (Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_at_layer_0_ #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ round ] <: v_SIMDUnit) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! Rust_primitives.mk_usize 1 <: usize ] - <: - i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! Rust_primitives.mk_usize 2 <: usize ] - <: - i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! Rust_primitives.mk_usize 3 <: usize ] - <: - i32) - <: - v_SIMDUnit) - } - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit - in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 4 in - re, zeta_i <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) - in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - zeta_i, re <: (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + { + Libcrux_ml_dsa.Polynomial.f_simd_units + = + Libcrux_ml_dsa.Simd.Traits.f_ntt #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + re.Libcrux_ml_dsa.Polynomial.f_simd_units + } + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit let invert_ntt_at_layer_1_ (#v_SIMDUnit: Type0) @@ -77,12 +34,10 @@ let invert_ntt_at_layer_1_ (zeta_i: usize) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i -! sz 1 in let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Rust_primitives.mk_usize 256 /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT - <: - usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 256 /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -107,19 +62,17 @@ let invert_ntt_at_layer_1_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ round ] <: v_SIMDUnit) (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! Rust_primitives.mk_usize 1 <: usize ] - <: - i32) + (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] <: i32) <: v_SIMDUnit) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 2 in + let zeta_i:usize = zeta_i -! sz 2 in re, zeta_i <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i +! sz 1 in zeta_i, re <: (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) let invert_ntt_at_layer_2_ @@ -132,10 +85,8 @@ let invert_ntt_at_layer_2_ = let (re, zeta_i), hax_temp_output:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Rust_primitives.mk_usize 256 /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT - <: - usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 256 /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -148,7 +99,7 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i -! sz 1 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = { re with @@ -180,11 +131,11 @@ let invert_ntt_at_layer_3_plus (zeta_i: usize) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - let step:usize = Rust_primitives.mk_usize 1 <>! v_LAYER <: usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! v_LAYER <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -197,9 +148,9 @@ let invert_ntt_at_layer_3_plus temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = - ((round *! step <: usize) *! Rust_primitives.mk_usize 2 <: usize) /! + ((round *! step <: usize) *! sz 2 <: usize) /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in let step_by:usize = step /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in @@ -265,6 +216,60 @@ let invert_ntt_at_layer_3_plus in zeta_i, re <: (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) +let invert_ntt_at_layer_0_ + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (zeta_i: usize) + (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + = + let zeta_i:usize = zeta_i -! sz 1 in + let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_SIMDUnit + (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) + <: + usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (re, zeta_i <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) + (fun temp_0_ round -> + let re, zeta_i:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = + temp_0_ + in + let round:usize = round in + let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = + { + re with + Libcrux_ml_dsa.Polynomial.f_simd_units + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_dsa.Polynomial.f_simd_units + round + (Libcrux_ml_dsa.Simd.Traits.f_invert_ntt_at_layer_0_ #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ round ] <: v_SIMDUnit) + (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) + (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] <: i32) + (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 2 <: usize ] <: i32) + (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 3 <: usize ] <: i32) + <: + v_SIMDUnit) + } + <: + Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit + in + let zeta_i:usize = zeta_i -! sz 4 in + re, zeta_i <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) + in + let zeta_i:usize = zeta_i +! sz 1 in + zeta_i, re <: (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + let invert_ntt_montgomery (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -292,37 +297,37 @@ let invert_ntt_montgomery let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - invert_ntt_at_layer_3_plus #v_SIMDUnit (Rust_primitives.mk_usize 3) zeta_i re + invert_ntt_at_layer_3_plus #v_SIMDUnit (sz 3) zeta_i re in let zeta_i:usize = tmp0 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - invert_ntt_at_layer_3_plus #v_SIMDUnit (Rust_primitives.mk_usize 4) zeta_i re + invert_ntt_at_layer_3_plus #v_SIMDUnit (sz 4) zeta_i re in let zeta_i:usize = tmp0 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - invert_ntt_at_layer_3_plus #v_SIMDUnit (Rust_primitives.mk_usize 5) zeta_i re + invert_ntt_at_layer_3_plus #v_SIMDUnit (sz 5) zeta_i re in let zeta_i:usize = tmp0 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - invert_ntt_at_layer_3_plus #v_SIMDUnit (Rust_primitives.mk_usize 6) zeta_i re + invert_ntt_at_layer_3_plus #v_SIMDUnit (sz 6) zeta_i re in let zeta_i:usize = tmp0 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - invert_ntt_at_layer_3_plus #v_SIMDUnit (Rust_primitives.mk_usize 7) zeta_i re + invert_ntt_at_layer_3_plus #v_SIMDUnit (sz 7) zeta_i re in let zeta_i:usize = tmp0 in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = tmp1 in let _:Prims.unit = () in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -345,34 +350,17 @@ let invert_ntt_montgomery (Libcrux_ml_dsa.Simd.Traits.f_montgomery_multiply_by_constant #v_SIMDUnit #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_dsa.Polynomial.f_simd_units.[ i ] <: v_SIMDUnit) - (Rust_primitives.mk_i32 41978) + 41978l <: v_SIMDUnit) <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in re -let ntt - (#v_SIMDUnit: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - = - { - Libcrux_ml_dsa.Polynomial.f_simd_units - = - Libcrux_ml_dsa.Simd.Traits.f_ntt #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - re.Libcrux_ml_dsa.Polynomial.f_simd_units - } - <: - Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit - let ntt_multiply_montgomery (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -384,7 +372,7 @@ let ntt_multiply_montgomery Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () in let out:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (out.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -411,7 +399,7 @@ let ntt_multiply_montgomery <: v_SIMDUnit) <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti index bd0aa1fb8..d15c500f9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fsti @@ -9,140 +9,51 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (Rust_primitives.mk_usize 256) = +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 256) = let list = [ - Rust_primitives.mk_i32 0; Rust_primitives.mk_i32 25847; Rust_primitives.mk_i32 (-2608894); - Rust_primitives.mk_i32 (-518909); Rust_primitives.mk_i32 237124; - Rust_primitives.mk_i32 (-777960); Rust_primitives.mk_i32 (-876248); - Rust_primitives.mk_i32 466468; Rust_primitives.mk_i32 1826347; Rust_primitives.mk_i32 2353451; - Rust_primitives.mk_i32 (-359251); Rust_primitives.mk_i32 (-2091905); - Rust_primitives.mk_i32 3119733; Rust_primitives.mk_i32 (-2884855); - Rust_primitives.mk_i32 3111497; Rust_primitives.mk_i32 2680103; Rust_primitives.mk_i32 2725464; - Rust_primitives.mk_i32 1024112; Rust_primitives.mk_i32 (-1079900); - Rust_primitives.mk_i32 3585928; Rust_primitives.mk_i32 (-549488); - Rust_primitives.mk_i32 (-1119584); Rust_primitives.mk_i32 2619752; - Rust_primitives.mk_i32 (-2108549); Rust_primitives.mk_i32 (-2118186); - Rust_primitives.mk_i32 (-3859737); Rust_primitives.mk_i32 (-1399561); - Rust_primitives.mk_i32 (-3277672); Rust_primitives.mk_i32 1757237; - Rust_primitives.mk_i32 (-19422); Rust_primitives.mk_i32 4010497; Rust_primitives.mk_i32 280005; - Rust_primitives.mk_i32 2706023; Rust_primitives.mk_i32 95776; Rust_primitives.mk_i32 3077325; - Rust_primitives.mk_i32 3530437; Rust_primitives.mk_i32 (-1661693); - Rust_primitives.mk_i32 (-3592148); Rust_primitives.mk_i32 (-2537516); - Rust_primitives.mk_i32 3915439; Rust_primitives.mk_i32 (-3861115); - Rust_primitives.mk_i32 (-3043716); Rust_primitives.mk_i32 3574422; - Rust_primitives.mk_i32 (-2867647); Rust_primitives.mk_i32 3539968; - Rust_primitives.mk_i32 (-300467); Rust_primitives.mk_i32 2348700; - Rust_primitives.mk_i32 (-539299); Rust_primitives.mk_i32 (-1699267); - Rust_primitives.mk_i32 (-1643818); Rust_primitives.mk_i32 3505694; - Rust_primitives.mk_i32 (-3821735); Rust_primitives.mk_i32 3507263; - Rust_primitives.mk_i32 (-2140649); Rust_primitives.mk_i32 (-1600420); - Rust_primitives.mk_i32 3699596; Rust_primitives.mk_i32 811944; Rust_primitives.mk_i32 531354; - Rust_primitives.mk_i32 954230; Rust_primitives.mk_i32 3881043; Rust_primitives.mk_i32 3900724; - Rust_primitives.mk_i32 (-2556880); Rust_primitives.mk_i32 2071892; - Rust_primitives.mk_i32 (-2797779); Rust_primitives.mk_i32 (-3930395); - Rust_primitives.mk_i32 (-1528703); Rust_primitives.mk_i32 (-3677745); - Rust_primitives.mk_i32 (-3041255); Rust_primitives.mk_i32 (-1452451); - Rust_primitives.mk_i32 3475950; Rust_primitives.mk_i32 2176455; - Rust_primitives.mk_i32 (-1585221); Rust_primitives.mk_i32 (-1257611); - Rust_primitives.mk_i32 1939314; Rust_primitives.mk_i32 (-4083598); - Rust_primitives.mk_i32 (-1000202); Rust_primitives.mk_i32 (-3190144); - Rust_primitives.mk_i32 (-3157330); Rust_primitives.mk_i32 (-3632928); - Rust_primitives.mk_i32 126922; Rust_primitives.mk_i32 3412210; - Rust_primitives.mk_i32 (-983419); Rust_primitives.mk_i32 2147896; - Rust_primitives.mk_i32 2715295; Rust_primitives.mk_i32 (-2967645); - Rust_primitives.mk_i32 (-3693493); Rust_primitives.mk_i32 (-411027); - Rust_primitives.mk_i32 (-2477047); Rust_primitives.mk_i32 (-671102); - Rust_primitives.mk_i32 (-1228525); Rust_primitives.mk_i32 (-22981); - Rust_primitives.mk_i32 (-1308169); Rust_primitives.mk_i32 (-381987); - Rust_primitives.mk_i32 1349076; Rust_primitives.mk_i32 1852771; - Rust_primitives.mk_i32 (-1430430); Rust_primitives.mk_i32 (-3343383); - Rust_primitives.mk_i32 264944; Rust_primitives.mk_i32 508951; Rust_primitives.mk_i32 3097992; - Rust_primitives.mk_i32 44288; Rust_primitives.mk_i32 (-1100098); Rust_primitives.mk_i32 904516; - Rust_primitives.mk_i32 3958618; Rust_primitives.mk_i32 (-3724342); - Rust_primitives.mk_i32 (-8578); Rust_primitives.mk_i32 1653064; - Rust_primitives.mk_i32 (-3249728); Rust_primitives.mk_i32 2389356; - Rust_primitives.mk_i32 (-210977); Rust_primitives.mk_i32 759969; - Rust_primitives.mk_i32 (-1316856); Rust_primitives.mk_i32 189548; - Rust_primitives.mk_i32 (-3553272); Rust_primitives.mk_i32 3159746; - Rust_primitives.mk_i32 (-1851402); Rust_primitives.mk_i32 (-2409325); - Rust_primitives.mk_i32 (-177440); Rust_primitives.mk_i32 1315589; - Rust_primitives.mk_i32 1341330; Rust_primitives.mk_i32 1285669; - Rust_primitives.mk_i32 (-1584928); Rust_primitives.mk_i32 (-812732); - Rust_primitives.mk_i32 (-1439742); Rust_primitives.mk_i32 (-3019102); - Rust_primitives.mk_i32 (-3881060); Rust_primitives.mk_i32 (-3628969); - Rust_primitives.mk_i32 3839961; Rust_primitives.mk_i32 2091667; Rust_primitives.mk_i32 3407706; - Rust_primitives.mk_i32 2316500; Rust_primitives.mk_i32 3817976; - Rust_primitives.mk_i32 (-3342478); Rust_primitives.mk_i32 2244091; - Rust_primitives.mk_i32 (-2446433); Rust_primitives.mk_i32 (-3562462); - Rust_primitives.mk_i32 266997; Rust_primitives.mk_i32 2434439; - Rust_primitives.mk_i32 (-1235728); Rust_primitives.mk_i32 3513181; - Rust_primitives.mk_i32 (-3520352); Rust_primitives.mk_i32 (-3759364); - Rust_primitives.mk_i32 (-1197226); Rust_primitives.mk_i32 (-3193378); - Rust_primitives.mk_i32 900702; Rust_primitives.mk_i32 1859098; Rust_primitives.mk_i32 909542; - Rust_primitives.mk_i32 819034; Rust_primitives.mk_i32 495491; - Rust_primitives.mk_i32 (-1613174); Rust_primitives.mk_i32 (-43260); - Rust_primitives.mk_i32 (-522500); Rust_primitives.mk_i32 (-655327); - Rust_primitives.mk_i32 (-3122442); Rust_primitives.mk_i32 2031748; - Rust_primitives.mk_i32 3207046; Rust_primitives.mk_i32 (-3556995); - Rust_primitives.mk_i32 (-525098); Rust_primitives.mk_i32 (-768622); - Rust_primitives.mk_i32 (-3595838); Rust_primitives.mk_i32 342297; - Rust_primitives.mk_i32 286988; Rust_primitives.mk_i32 (-2437823); - Rust_primitives.mk_i32 4108315; Rust_primitives.mk_i32 3437287; - Rust_primitives.mk_i32 (-3342277); Rust_primitives.mk_i32 1735879; - Rust_primitives.mk_i32 203044; Rust_primitives.mk_i32 2842341; Rust_primitives.mk_i32 2691481; - Rust_primitives.mk_i32 (-2590150); Rust_primitives.mk_i32 1265009; - Rust_primitives.mk_i32 4055324; Rust_primitives.mk_i32 1247620; Rust_primitives.mk_i32 2486353; - Rust_primitives.mk_i32 1595974; Rust_primitives.mk_i32 (-3767016); - Rust_primitives.mk_i32 1250494; Rust_primitives.mk_i32 2635921; - Rust_primitives.mk_i32 (-3548272); Rust_primitives.mk_i32 (-2994039); - Rust_primitives.mk_i32 1869119; Rust_primitives.mk_i32 1903435; - Rust_primitives.mk_i32 (-1050970); Rust_primitives.mk_i32 (-1333058); - Rust_primitives.mk_i32 1237275; Rust_primitives.mk_i32 (-3318210); - Rust_primitives.mk_i32 (-1430225); Rust_primitives.mk_i32 (-451100); - Rust_primitives.mk_i32 1312455; Rust_primitives.mk_i32 3306115; - Rust_primitives.mk_i32 (-1962642); Rust_primitives.mk_i32 (-1279661); - Rust_primitives.mk_i32 1917081; Rust_primitives.mk_i32 (-2546312); - Rust_primitives.mk_i32 (-1374803); Rust_primitives.mk_i32 1500165; - Rust_primitives.mk_i32 777191; Rust_primitives.mk_i32 2235880; Rust_primitives.mk_i32 3406031; - Rust_primitives.mk_i32 (-542412); Rust_primitives.mk_i32 (-2831860); - Rust_primitives.mk_i32 (-1671176); Rust_primitives.mk_i32 (-1846953); - Rust_primitives.mk_i32 (-2584293); Rust_primitives.mk_i32 (-3724270); - Rust_primitives.mk_i32 594136; Rust_primitives.mk_i32 (-3776993); - Rust_primitives.mk_i32 (-2013608); Rust_primitives.mk_i32 2432395; - Rust_primitives.mk_i32 2454455; Rust_primitives.mk_i32 (-164721); - Rust_primitives.mk_i32 1957272; Rust_primitives.mk_i32 3369112; Rust_primitives.mk_i32 185531; - Rust_primitives.mk_i32 (-1207385); Rust_primitives.mk_i32 (-3183426); - Rust_primitives.mk_i32 162844; Rust_primitives.mk_i32 1616392; Rust_primitives.mk_i32 3014001; - Rust_primitives.mk_i32 810149; Rust_primitives.mk_i32 1652634; - Rust_primitives.mk_i32 (-3694233); Rust_primitives.mk_i32 (-1799107); - Rust_primitives.mk_i32 (-3038916); Rust_primitives.mk_i32 3523897; - Rust_primitives.mk_i32 3866901; Rust_primitives.mk_i32 269760; Rust_primitives.mk_i32 2213111; - Rust_primitives.mk_i32 (-975884); Rust_primitives.mk_i32 1717735; - Rust_primitives.mk_i32 472078; Rust_primitives.mk_i32 (-426683); - Rust_primitives.mk_i32 1723600; Rust_primitives.mk_i32 (-1803090); - Rust_primitives.mk_i32 1910376; Rust_primitives.mk_i32 (-1667432); - Rust_primitives.mk_i32 (-1104333); Rust_primitives.mk_i32 (-260646); - Rust_primitives.mk_i32 (-3833893); Rust_primitives.mk_i32 (-2939036); - Rust_primitives.mk_i32 (-2235985); Rust_primitives.mk_i32 (-420899); - Rust_primitives.mk_i32 (-2286327); Rust_primitives.mk_i32 183443; - Rust_primitives.mk_i32 (-976891); Rust_primitives.mk_i32 1612842; - Rust_primitives.mk_i32 (-3545687); Rust_primitives.mk_i32 (-554416); - Rust_primitives.mk_i32 3919660; Rust_primitives.mk_i32 (-48306); - Rust_primitives.mk_i32 (-1362209); Rust_primitives.mk_i32 3937738; - Rust_primitives.mk_i32 1400424; Rust_primitives.mk_i32 (-846154); - Rust_primitives.mk_i32 1976782 + 0l; 25847l; (-2608894l); (-518909l); 237124l; (-777960l); (-876248l); 466468l; 1826347l; + 2353451l; (-359251l); (-2091905l); 3119733l; (-2884855l); 3111497l; 2680103l; 2725464l; + 1024112l; (-1079900l); 3585928l; (-549488l); (-1119584l); 2619752l; (-2108549l); (-2118186l); + (-3859737l); (-1399561l); (-3277672l); 1757237l; (-19422l); 4010497l; 280005l; 2706023l; + 95776l; 3077325l; 3530437l; (-1661693l); (-3592148l); (-2537516l); 3915439l; (-3861115l); + (-3043716l); 3574422l; (-2867647l); 3539968l; (-300467l); 2348700l; (-539299l); (-1699267l); + (-1643818l); 3505694l; (-3821735l); 3507263l; (-2140649l); (-1600420l); 3699596l; 811944l; + 531354l; 954230l; 3881043l; 3900724l; (-2556880l); 2071892l; (-2797779l); (-3930395l); + (-1528703l); (-3677745l); (-3041255l); (-1452451l); 3475950l; 2176455l; (-1585221l); + (-1257611l); 1939314l; (-4083598l); (-1000202l); (-3190144l); (-3157330l); (-3632928l); + 126922l; 3412210l; (-983419l); 2147896l; 2715295l; (-2967645l); (-3693493l); (-411027l); + (-2477047l); (-671102l); (-1228525l); (-22981l); (-1308169l); (-381987l); 1349076l; 1852771l; + (-1430430l); (-3343383l); 264944l; 508951l; 3097992l; 44288l; (-1100098l); 904516l; 3958618l; + (-3724342l); (-8578l); 1653064l; (-3249728l); 2389356l; (-210977l); 759969l; (-1316856l); + 189548l; (-3553272l); 3159746l; (-1851402l); (-2409325l); (-177440l); 1315589l; 1341330l; + 1285669l; (-1584928l); (-812732l); (-1439742l); (-3019102l); (-3881060l); (-3628969l); + 3839961l; 2091667l; 3407706l; 2316500l; 3817976l; (-3342478l); 2244091l; (-2446433l); + (-3562462l); 266997l; 2434439l; (-1235728l); 3513181l; (-3520352l); (-3759364l); (-1197226l); + (-3193378l); 900702l; 1859098l; 909542l; 819034l; 495491l; (-1613174l); (-43260l); (-522500l); + (-655327l); (-3122442l); 2031748l; 3207046l; (-3556995l); (-525098l); (-768622l); (-3595838l); + 342297l; 286988l; (-2437823l); 4108315l; 3437287l; (-3342277l); 1735879l; 203044l; 2842341l; + 2691481l; (-2590150l); 1265009l; 4055324l; 1247620l; 2486353l; 1595974l; (-3767016l); 1250494l; + 2635921l; (-3548272l); (-2994039l); 1869119l; 1903435l; (-1050970l); (-1333058l); 1237275l; + (-3318210l); (-1430225l); (-451100l); 1312455l; 3306115l; (-1962642l); (-1279661l); 1917081l; + (-2546312l); (-1374803l); 1500165l; 777191l; 2235880l; 3406031l; (-542412l); (-2831860l); + (-1671176l); (-1846953l); (-2584293l); (-3724270l); 594136l; (-3776993l); (-2013608l); + 2432395l; 2454455l; (-164721l); 1957272l; 3369112l; 185531l; (-1207385l); (-3183426l); 162844l; + 1616392l; 3014001l; 810149l; 1652634l; (-3694233l); (-1799107l); (-3038916l); 3523897l; + 3866901l; 269760l; 2213111l; (-975884l); 1717735l; 472078l; (-426683l); 1723600l; (-1803090l); + 1910376l; (-1667432l); (-1104333l); (-260646l); (-3833893l); (-2939036l); (-2235985l); + (-420899l); (-2286327l); 183443l; (-976891l); 1612842l; (-3545687l); (-554416l); 3919660l; + (-48306l); (-1362209l); 3937738l; 1400424l; (-846154l); 1976782l ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); Rust_primitives.Hax.array_of_list 256 list -val invert_ntt_at_layer_0_ +val ntt (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (zeta_i: usize) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) @@ -174,15 +85,16 @@ val invert_ntt_at_layer_3_plus Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_montgomery +val invert_ntt_at_layer_0_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (zeta_i: usize) (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (usize & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) -val ntt +val invert_ntt_montgomery (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst index 48a4df562..029ce893b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst @@ -9,6 +9,38 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () +let impl__infinity_norm_exceeds + (#v_SIMDUnit: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) + (self: t_PolynomialRingElement v_SIMDUnit) + (bound: i32) + = + let exceeds:bool = false in + let exceeds:bool = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Array v_SIMDUnit + (sz 32)) + #FStar.Tactics.Typeclasses.solve + self.f_simd_units + <: + Core.Array.Iter.t_IntoIter v_SIMDUnit (sz 32)) + exceeds + (fun exceeds simd_unit -> + let exceeds:bool = exceeds in + let simd_unit:v_SIMDUnit = simd_unit in + exceeds |. + (Libcrux_ml_dsa.Simd.Traits.f_infinity_norm_exceeds #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + simd_unit + bound + <: + bool) + <: + bool) + in + exceeds + let impl__ZERO (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -24,50 +56,11 @@ let impl__ZERO () <: v_SIMDUnit) - (Rust_primitives.mk_usize 32) + (sz 32) } <: t_PolynomialRingElement v_SIMDUnit -let impl__add - (#v_SIMDUnit: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (self rhs: t_PolynomialRingElement v_SIMDUnit) - = - let sum:t_PolynomialRingElement v_SIMDUnit = impl__ZERO #v_SIMDUnit () in - let sum:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #v_SIMDUnit (sum.f_simd_units <: t_Slice v_SIMDUnit) <: usize) - (fun sum temp_1_ -> - let sum:t_PolynomialRingElement v_SIMDUnit = sum in - let _:usize = temp_1_ in - true) - sum - (fun sum i -> - let sum:t_PolynomialRingElement v_SIMDUnit = sum in - let i:usize = i in - { - sum with - f_simd_units - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sum.f_simd_units - i - (Libcrux_ml_dsa.Simd.Traits.f_add #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - (self.f_simd_units.[ i ] <: v_SIMDUnit) - (rhs.f_simd_units.[ i ] <: v_SIMDUnit) - <: - v_SIMDUnit) - <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) - } - <: - t_PolynomialRingElement v_SIMDUnit) - in - sum - let impl__from_i32_array (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -79,10 +72,7 @@ let impl__from_i32_array if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. - Rust_primitives.mk_usize 256 - <: - bool) + Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. sz 256 <: bool) in () in @@ -91,7 +81,7 @@ let impl__from_i32_array in let result:t_PolynomialRingElement v_SIMDUnit = impl__ZERO #v_SIMDUnit () in let array_chunks, result:(Core.Slice.Iter.t_Chunks i32 & t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_dsa.Simd.Traits.v_SIMD_UNITS_IN_RING_ELEMENT (fun temp_0_ temp_1_ -> let array_chunks, result:(Core.Slice.Iter.t_Chunks i32 & @@ -133,37 +123,44 @@ let impl__from_i32_array in result -let impl__infinity_norm_exceeds +let impl__add (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) - (self: t_PolynomialRingElement v_SIMDUnit) - (bound: i32) + (self rhs: t_PolynomialRingElement v_SIMDUnit) = - let exceeds:bool = false in - let exceeds:bool = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Array v_SIMDUnit - (Rust_primitives.mk_usize 32)) - #FStar.Tactics.Typeclasses.solve - self.f_simd_units - <: - Core.Array.Iter.t_IntoIter v_SIMDUnit (Rust_primitives.mk_usize 32)) - exceeds - (fun exceeds simd_unit -> - let exceeds:bool = exceeds in - let simd_unit:v_SIMDUnit = simd_unit in - exceeds |. - (Libcrux_ml_dsa.Simd.Traits.f_infinity_norm_exceeds #v_SIMDUnit - #FStar.Tactics.Typeclasses.solve - simd_unit - bound + let sum:t_PolynomialRingElement v_SIMDUnit = impl__ZERO #v_SIMDUnit () in + let sum:t_PolynomialRingElement v_SIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_SIMDUnit (sum.f_simd_units <: t_Slice v_SIMDUnit) <: usize) + (fun sum temp_1_ -> + let sum:t_PolynomialRingElement v_SIMDUnit = sum in + let _:usize = temp_1_ in + true) + sum + (fun sum i -> + let sum:t_PolynomialRingElement v_SIMDUnit = sum in + let i:usize = i in + { + sum with + f_simd_units + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sum.f_simd_units + i + (Libcrux_ml_dsa.Simd.Traits.f_add #v_SIMDUnit + #FStar.Tactics.Typeclasses.solve + (self.f_simd_units.[ i ] <: v_SIMDUnit) + (rhs.f_simd_units.[ i ] <: v_SIMDUnit) + <: + v_SIMDUnit) <: - bool) + t_Array v_SIMDUnit (sz 32) + } <: - bool) + t_PolynomialRingElement v_SIMDUnit) in - exceeds + sum let impl__subtract (#v_SIMDUnit: Type0) @@ -174,7 +171,7 @@ let impl__subtract = let difference:t_PolynomialRingElement v_SIMDUnit = impl__ZERO #v_SIMDUnit () in let difference:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_SIMDUnit (difference.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun difference temp_1_ -> let difference:t_PolynomialRingElement v_SIMDUnit = difference in @@ -197,7 +194,7 @@ let impl__subtract <: v_SIMDUnit) <: - t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) + t_Array v_SIMDUnit (sz 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -211,18 +208,16 @@ let impl__to_i32_array Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self: t_PolynomialRingElement v_SIMDUnit) = - let result:t_Array i32 (Rust_primitives.mk_usize 256) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 256) - in - let result:t_Array i32 (Rust_primitives.mk_usize 256) = + let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in + let result:t_Array i32 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_slice (self.f_simd_units <: t_Slice v_SIMDUnit) (fun result temp_1_ -> - let result:t_Array i32 (Rust_primitives.mk_usize 256) = result in + let result:t_Array i32 (sz 256) = result in let _:usize = temp_1_ in true) result (fun result temp_1_ -> - let result:t_Array i32 (Rust_primitives.mk_usize 256) = result in + let result:t_Array i32 (sz 256) = result in let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range result ({ @@ -231,8 +226,7 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -245,8 +239,7 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! Rust_primitives.mk_usize 1 <: usize) *! - Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -262,6 +255,6 @@ let impl__to_i32_array <: t_Slice i32) <: - t_Array i32 (Rust_primitives.mk_usize 256)) + t_Array i32 (sz 256)) in result diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti index dbc9a476d..918eb2620 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti @@ -11,7 +11,14 @@ let _ = type t_PolynomialRingElement (v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - = { f_simd_units:t_Array v_SIMDUnit (Rust_primitives.mk_usize 32) } + = { f_simd_units:t_Array v_SIMDUnit (sz 32) } + +val impl__infinity_norm_exceeds + (#v_SIMDUnit: Type0) + {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} + (self: t_PolynomialRingElement v_SIMDUnit) + (bound: i32) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val impl__ZERO: #v_SIMDUnit: Type0 -> @@ -19,24 +26,17 @@ val impl__ZERO: Prims.unit -> Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) -val impl__add - (#v_SIMDUnit: Type0) - {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (self rhs: t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) - val impl__from_i32_array (#v_SIMDUnit: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (array: t_Slice i32) : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) -val impl__infinity_norm_exceeds +val impl__add (#v_SIMDUnit: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - (self: t_PolynomialRingElement v_SIMDUnit) - (bound: i32) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + (self rhs: t_PolynomialRingElement v_SIMDUnit) + : Prims.Pure (t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) val impl__subtract (#v_SIMDUnit: Type0) @@ -48,4 +48,4 @@ val impl__to_i32_array (#v_SIMDUnit: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self: t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array i32 (Rust_primitives.mk_usize 256)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i32 (sz 256)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst index 2f05fdbf1..c8f3084d4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst @@ -10,15 +10,11 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in () -let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) = - match x with | DomainSeparationError_ContextTooLongError -> Rust_primitives.mk_isize 0 - let impl_1__context (self: t_DomainSeparationContext) = self.f_context -let impl_1__new - (context: t_Slice u8) - (pre_hash_oid: Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) - = +let impl_1__pre_hash_oid (self: t_DomainSeparationContext) = self.f_pre_hash_oid + +let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then Core.Result.Result_Err (DomainSeparationError_ContextTooLongError <: t_DomainSeparationError) @@ -30,4 +26,5 @@ let impl_1__new <: Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError -let impl_1__pre_hash_oid (self: t_DomainSeparationContext) = self.f_pre_hash_oid +let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) = + match x with | DomainSeparationError_ContextTooLongError -> isz 0 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti index 07397201f..2e097f642 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti @@ -10,25 +10,48 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in () +/// Binds the context string to an optional pre-hash OID identifying +/// the hash function or XOF used for pre-hashing. +type t_DomainSeparationContext = { + f_context:t_Slice u8; + f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (sz 11)) +} + +/// Returns the context, guaranteed to be at most 255 bytes long. +val impl_1__context (self: t_DomainSeparationContext) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// Returns the pre-hash OID, if any. +val impl_1__pre_hash_oid (self: t_DomainSeparationContext) + : Prims.Pure (Core.Option.t_Option (t_Array u8 (sz 11))) Prims.l_True (fun _ -> Prims.l_True) + type t_DomainSeparationError = | DomainSeparationError_ContextTooLongError : t_DomainSeparationError +/// `context` must be at most 255 bytes long. +val impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) + : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError) + Prims.l_True + (fun _ -> Prims.l_True) + val t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) class t_PreHash (v_Self: Type0) (v_DIGEST_LEN: usize) = { f_oid_pre:Prims.unit -> Type0; - f_oid_post:Prims.unit -> t_Array u8 (Rust_primitives.mk_usize 11) -> Type0; + f_oid_post:Prims.unit -> t_Array u8 (sz 11) -> Type0; f_oid:x0: Prims.unit - -> Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 11)) - (f_oid_pre x0) - (fun result -> f_oid_post x0 result); + -> Prims.Pure (t_Array u8 (sz 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result); f_hash_pre:t_Slice u8 -> Type0; f_hash_post:t_Slice u8 -> t_Array u8 v_DIGEST_LEN -> Type0; f_hash:x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_DIGEST_LEN) (f_hash_pre x0) (fun result -> f_hash_post x0 result) } -let v_PRE_HASH_OID_LEN: usize = Rust_primitives.mk_usize 11 +/// An implementation of the pre-hash trait for the SHAKE-128 XOF with +/// digest length 256 bytes. +type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH + +let v_PRE_HASH_OID_LEN: usize = sz 11 [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_2: Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError = @@ -62,67 +85,27 @@ let impl_3: Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_Domai Libcrux_ml_dsa.Types.t_VerificationError } -/// Binds the context string to an optional pre-hash OID identifying -/// the hash function or XOF used for pre-hashing. -type t_DomainSeparationContext = { - f_context:t_Slice u8; - f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11)) -} - -/// Returns the context, guaranteed to be at most 255 bytes long. -val impl_1__context (self: t_DomainSeparationContext) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - -/// `context` must be at most 255 bytes long. -val impl_1__new - (context: t_Slice u8) - (pre_hash_oid: Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) - : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Returns the pre-hash OID, if any. -val impl_1__pre_hash_oid (self: t_DomainSeparationContext) - : Prims.Pure (Core.Option.t_Option (t_Array u8 (Rust_primitives.mk_usize 11))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// An implementation of the pre-hash trait for the SHAKE-128 XOF with -/// digest length 256 bytes. -type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH - [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: t_PreHash t_SHAKE128_PH (Rust_primitives.mk_usize 256) = +let impl: t_PreHash t_SHAKE128_PH (sz 256) = { f_oid_pre = (fun (_: Prims.unit) -> true); - f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (Rust_primitives.mk_usize 11)) -> true); + f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true); f_oid = (fun (_: Prims.unit) -> - let list = - [ - Rust_primitives.mk_u8 6; Rust_primitives.mk_u8 9; Rust_primitives.mk_u8 96; - Rust_primitives.mk_u8 134; Rust_primitives.mk_u8 72; Rust_primitives.mk_u8 1; - Rust_primitives.mk_u8 101; Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 4; - Rust_primitives.mk_u8 2; Rust_primitives.mk_u8 11 - ] - in + let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11); Rust_primitives.Hax.array_of_list 11 list); f_hash_pre = (fun (message: t_Slice u8) -> true); - f_hash_post - = - (fun (message: t_Slice u8) (out: t_Array u8 (Rust_primitives.mk_usize 256)) -> true); + f_hash_post = (fun (message: t_Slice u8) (out: t_Array u8 (sz 256)) -> true); f_hash = fun (message: t_Slice u8) -> - let output:t_Array u8 (Rust_primitives.mk_usize 256) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 256) - in - let output:t_Array u8 (Rust_primitives.mk_usize 256) = + let output:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in + let output:t_Array u8 (sz 256) = Libcrux_ml_dsa.Hash_functions.Shake128.f_shake128 #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 256) + (sz 256) message output in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index ef691b0e2..bd75bc9c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -11,20 +11,20 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let update_seed (seed: t_Array u8 (Rust_primitives.mk_usize 66)) (domain_separator: u16) = - let seed:t_Array u8 (Rust_primitives.mk_usize 66) = +let update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) = + let seed:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_separator <: u16) <: u8) in - let seed:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed - (Rust_primitives.mk_usize 65) - (cast (domain_separator >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_separator >>! 8l <: u16) <: u8) in - let domain_separator:u16 = domain_separator +! Rust_primitives.mk_u16 1 in - let hax_temp_output:t_Array u8 (Rust_primitives.mk_usize 66) = seed in - domain_separator, hax_temp_output <: (u16 & t_Array u8 (Rust_primitives.mk_usize 66)) + let domain_separator:u16 = domain_separator +! 1us in + let hax_temp_output:t_Array u8 (sz 66) = seed in + domain_separator, hax_temp_output <: (u16 & t_Array u8 (sz 66)) let rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) @@ -33,26 +33,19 @@ let rejection_sample_less_than_eta_equals_2_ Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) + (out: t_Array i32 (sz 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 randomness (Rust_primitives.mk_usize 4) - <: - Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 randomness (sz 4) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) - (done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & - usize) = - temp_0_ - in + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -66,7 +59,7 @@ let rejection_sample_less_than_eta_equals_2_ <: t_Slice i32) in - let out:t_Array i32 (Rust_primitives.mk_usize 263) = + let out:t_Array i32 (sz 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -78,22 +71,12 @@ let rejection_sample_less_than_eta_equals_2_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output - <: - (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) let rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) @@ -102,26 +85,19 @@ let rejection_sample_less_than_eta_equals_4_ Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) + (out: t_Array i32 (sz 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 randomness (Rust_primitives.mk_usize 4) - <: - Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 randomness (sz 4) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) - (done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & - usize) = - temp_0_ - in + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -135,7 +111,7 @@ let rejection_sample_less_than_eta_equals_4_ <: t_Slice i32) in - let out:t_Array i32 (Rust_primitives.mk_usize 263) = + let out:t_Array i32 (sz 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -147,22 +123,12 @@ let rejection_sample_less_than_eta_equals_4_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output - <: - (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) let rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -172,39 +138,38 @@ let rejection_sample_less_than_eta Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) + (out: t_Array i32 (sz 263)) = - let (out, sampled), hax_temp_output:((t_Array i32 (Rust_primitives.mk_usize 263) & usize) & bool) - = + let (out, sampled), hax_temp_output:((t_Array i32 (sz 263) & usize) & bool) = match cast (v_ETA <: usize) <: u8 with - | 2 -> - let tmp0, tmp1, out1:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + | 2uy -> + let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta_equals_2_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in - (out, sampled <: (t_Array i32 (Rust_primitives.mk_usize 263) & usize)), out1 + let out:t_Array i32 (sz 263) = tmp1 in + (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 <: - ((t_Array i32 (Rust_primitives.mk_usize 263) & usize) & bool) - | 4 -> - let tmp0, tmp1, out1:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + ((t_Array i32 (sz 263) & usize) & bool) + | 4uy -> + let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta_equals_4_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in - (out, sampled <: (t_Array i32 (Rust_primitives.mk_usize 263) & usize)), out1 + let out:t_Array i32 (sz 263) = tmp1 in + (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 <: - ((t_Array i32 (Rust_primitives.mk_usize 263) & usize) & bool) + ((t_Array i32 (sz 263) & usize) & bool) | _ -> - (out, sampled <: (t_Array i32 (Rust_primitives.mk_usize 263) & usize)), + (out, sampled <: (t_Array i32 (sz 263) & usize)), Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" <: Rust_primitives.Hax.t_Never) <: - ((t_Array i32 (Rust_primitives.mk_usize 263) & usize) & bool) + ((t_Array i32 (sz 263) & usize) & bool) in - sampled, out, hax_temp_output <: (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) + sampled, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) let rejection_sample_less_than_field_modulus (#v_SIMDUnit: Type0) @@ -213,26 +178,19 @@ let rejection_sample_less_than_field_modulus Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) + (out: t_Array i32 (sz 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 randomness (Rust_primitives.mk_usize 24) - <: - Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 randomness (sz 24) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) - (done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & - usize) = - temp_0_ - in + let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -246,7 +204,7 @@ let rejection_sample_less_than_field_modulus <: t_Slice i32) in - let out:t_Array i32 (Rust_primitives.mk_usize 263) = + let out:t_Array i32 (sz 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -258,95 +216,61 @@ let rejection_sample_less_than_field_modulus if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done, out, sampled_coefficients - <: - (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output - <: - (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) let inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (Rust_primitives.mk_usize 256)) + (result: t_Array i32 (sz 256)) = let done:bool = false in - let done, out_index, result, signs:(bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & - u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8) #FStar.Tactics.Typeclasses.solve randomness <: Core.Slice.Iter.t_Iter u8) - (done, out_index, result, signs - <: - (bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64)) + (done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) (fun temp_0_ byte -> - let done, out_index, result, signs:(bool & usize & - t_Array i32 (Rust_primitives.mk_usize 256) & - u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = temp_0_ in let byte:u8 = byte in if ~.done <: bool then let sample_at:usize = cast (byte <: u8) <: usize in - let out_index, result, signs:(usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64) - = + let out_index, result, signs:(usize & t_Array i32 (sz 256) & u64) = if sample_at <=. out_index then - let result:t_Array i32 (Rust_primitives.mk_usize 256) = + let result:t_Array i32 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result out_index (result.[ sample_at ] <: i32) in - let out_index:usize = out_index +! Rust_primitives.mk_usize 1 in - let result:t_Array i32 (Rust_primitives.mk_usize 256) = + let out_index:usize = out_index +! sz 1 in + let result:t_Array i32 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sample_at - (Rust_primitives.mk_i32 1 -! - (Rust_primitives.mk_i32 2 *! - (cast (signs &. Rust_primitives.mk_u64 1 <: u64) <: i32) - <: - i32) - <: - i32) + (1l -! (2l *! (cast (signs &. 1uL <: u64) <: i32) <: i32) <: i32) in - let signs:u64 = signs >>! Rust_primitives.mk_i32 1 in - out_index, result, signs - <: - (usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64) - else - out_index, result, signs - <: - (usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64) + let signs:u64 = signs >>! 1l in + out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) + else out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) in let done:bool = out_index =. (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) in - done, out_index, result, signs - <: - (bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64) - else - done, out_index, result, signs - <: - (bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64)) + done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64) + else done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) in let hax_temp_output:bool = done in - out_index, signs, result, hax_temp_output - <: - (usize & u64 & t_Array i32 (Rust_primitives.mk_usize 256) & bool) + out_index, signs, result, hax_temp_output <: (usize & u64 & t_Array i32 (sz 256) & bool) let sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) @@ -364,42 +288,35 @@ let sample_challenge_ring_element #FStar.Tactics.Typeclasses.solve (seed <: t_Slice u8) in - let tmp0, out:(v_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (Rust_primitives.mk_usize 136) = out in + let randomness:t_Array u8 (sz 136) = out in let signs:u64 = - Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 - (Rust_primitives.mk_usize 8)) + Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (sz 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 8)) + #(t_Array u8 (sz 8)) #FStar.Tactics.Typeclasses.solve - (randomness.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 8 - } + (randomness.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 8)) - Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) <: - t_Array u8 (Rust_primitives.mk_usize 8)) - in - let result:t_Array i32 (Rust_primitives.mk_usize 256) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 256) + t_Array u8 (sz 8)) in + let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in let out_index:usize = (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) -! v_NUMBER_OF_ONES in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (Rust_primitives.mk_usize 256) & bool) = - inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = Rust_primitives.mk_usize 8 } + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = + inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = sz 8 } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -410,48 +327,41 @@ let sample_challenge_ring_element in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (Rust_primitives.mk_usize 256) = tmp2 in + let result:t_Array i32 (sz 256) = tmp2 in let done:bool = out in - let done, out_index, result, signs, state:(bool & usize & - t_Array i32 (Rust_primitives.mk_usize 256) & - u64 & - v_Shake256) = + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256) + = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & - t_Array i32 (Rust_primitives.mk_usize 256) & - u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256) = temp_0_ in ~.done <: bool) (done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & - t_Array i32 (Rust_primitives.mk_usize 256) & - u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256) = temp_0_ in - let tmp0, out:(v_Shake256 & t_Array u8 (Rust_primitives.mk_usize 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (Rust_primitives.mk_usize 136) = out in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (Rust_primitives.mk_usize 256) & bool - ) = + let randomness:t_Array u8 (sz 136) = out in + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = inside_out_shuffle (randomness <: t_Slice u8) out_index signs result in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (Rust_primitives.mk_usize 256) = tmp2 in + let result:t_Array i32 (sz 256) = tmp2 in let done:bool = out in done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (Rust_primitives.mk_usize 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) in Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (result <: t_Slice i32) @@ -464,52 +374,52 @@ let sample_four_error_ring_elements (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256) - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16) = - let seed0:t_Array u8 (Rust_primitives.mk_usize 66) = seed_base in - let seed0:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed0:t_Array u8 (sz 66) = seed_base in + let seed0:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_separator0 <: u16) <: u8) in - let seed0:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed0:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 - (Rust_primitives.mk_usize 65) - (cast (domain_separator0 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_separator0 >>! 8l <: u16) <: u8) in - let seed1:t_Array u8 (Rust_primitives.mk_usize 66) = seed0 in - let seed1:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed1:t_Array u8 (sz 66) = seed0 in + let seed1:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_separator1 <: u16) <: u8) in - let seed1:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed1:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (Rust_primitives.mk_usize 65) - (cast (domain_separator1 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_separator1 >>! 8l <: u16) <: u8) in - let seed2:t_Array u8 (Rust_primitives.mk_usize 66) = seed0 in - let seed2:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed2:t_Array u8 (sz 66) = seed0 in + let seed2:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_seperator2 <: u16) <: u8) in - let seed2:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed2:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (Rust_primitives.mk_usize 65) - (cast (domain_seperator2 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_seperator2 >>! 8l <: u16) <: u8) in - let seed3:t_Array u8 (Rust_primitives.mk_usize 66) = seed0 in - let seed3:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed3:t_Array u8 (sz 66) = seed0 in + let seed3:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_separator3 <: u16) <: u8) in - let seed3:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed3:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (Rust_primitives.mk_usize 65) - (cast (domain_separator3 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_separator3 >>! 8l <: u16) <: u8) in let state:v_Shake256 = Libcrux_ml_dsa.Hash_functions.Shake256.f_init_absorb #v_Shake256 @@ -520,66 +430,52 @@ let sample_four_error_ring_elements (seed3 <: t_Slice u8) in let tmp0, out4:(v_Shake256 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) = + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out4 in - let out0:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let out1:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let out2:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let out3:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let sampled0:usize = Rust_primitives.mk_usize 0 in - let sampled1:usize = Rust_primitives.mk_usize 0 in - let sampled2:usize = Rust_primitives.mk_usize 0 in - let sampled3:usize = Rust_primitives.mk_usize 0 in - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let out0:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let out1:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let out2:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let out3:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let sampled0:usize = sz 0 in + let sampled1:usize = sz 0 in + let sampled2:usize = sz 0 in + let sampled3:usize = sz 0 in + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._1 <: t_Slice u8) sampled0 out0 in let sampled0:usize = tmp0 in - let out0:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out0:t_Array i32 (sz 263) = tmp1 in let done0:bool = out4 in - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._2 <: t_Slice u8) sampled1 out1 in let sampled1:usize = tmp0 in - let out1:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out1:t_Array i32 (sz 263) = tmp1 in let done1:bool = out4 in - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._3 <: t_Slice u8) sampled2 out2 in let sampled2:usize = tmp0 in - let out2:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out2:t_Array i32 (sz 263) = tmp1 in let done2:bool = out4 in - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._4 <: t_Slice u8) sampled3 out3 in let sampled3:usize = tmp0 in - let out3:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out3:t_Array i32 (sz 263) = tmp1 in let done3:bool = out4 in let done0, done1, done2, done3, out0, out1, out2, out3, sampled0, sampled1, sampled2, sampled3, state:( - bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -599,10 +495,9 @@ let sample_four_error_ring_elements sampled1, sampled2, sampled3, - state:(bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + state:(bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -625,10 +520,9 @@ let sample_four_error_ring_elements sampled3, state <: - (bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -648,10 +542,9 @@ let sample_four_error_ring_elements sampled1, sampled2, sampled3, - state:(bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + state:(bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -660,24 +553,21 @@ let sample_four_error_ring_elements temp_0_ in let tmp0, out4:(v_Shake256 & - (t_Array u8 (Rust_primitives.mk_usize 136) & t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136))) = + (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136) & - t_Array u8 (Rust_primitives.mk_usize 136)) = + let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & + t_Array u8 (sz 136)) = out4 in - let done0, out0, sampled0:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done0, out0, sampled0:(bool & t_Array i32 (sz 263) & usize) = if ~.done0 then - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._1 <: t_Slice u8) @@ -685,16 +575,15 @@ let sample_four_error_ring_elements out0 in let sampled0:usize = tmp0 in - let out0:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out0:t_Array i32 (sz 263) = tmp1 in let done0:bool = out4 in - done0, out0, sampled0 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done0, out0, sampled0 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) + done0, out0, sampled0 <: (bool & t_Array i32 (sz 263) & usize) + else done0, out0, sampled0 <: (bool & t_Array i32 (sz 263) & usize) in - let done1, out1, sampled1:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done1, out1, sampled1:(bool & t_Array i32 (sz 263) & usize) = if ~.done1 then - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._2 <: t_Slice u8) @@ -702,16 +591,15 @@ let sample_four_error_ring_elements out1 in let sampled1:usize = tmp0 in - let out1:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out1:t_Array i32 (sz 263) = tmp1 in let done1:bool = out4 in - done1, out1, sampled1 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done1, out1, sampled1 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) + done1, out1, sampled1 <: (bool & t_Array i32 (sz 263) & usize) + else done1, out1, sampled1 <: (bool & t_Array i32 (sz 263) & usize) in - let done2, out2, sampled2:(bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) = + let done2, out2, sampled2:(bool & t_Array i32 (sz 263) & usize) = if ~.done2 then - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._3 <: t_Slice u8) @@ -719,15 +607,14 @@ let sample_four_error_ring_elements out2 in let sampled2:usize = tmp0 in - let out2:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out2:t_Array i32 (sz 263) = tmp1 in let done2:bool = out4 in - done2, out2, sampled2 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) - else - done2, out2, sampled2 <: (bool & t_Array i32 (Rust_primitives.mk_usize 263) & usize) + done2, out2, sampled2 <: (bool & t_Array i32 (sz 263) & usize) + else done2, out2, sampled2 <: (bool & t_Array i32 (sz 263) & usize) in if ~.done3 then - let tmp0, tmp1, out4:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out4:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit v_ETA (randomnesses._4 <: t_Slice u8) @@ -735,7 +622,7 @@ let sample_four_error_ring_elements out3 in let sampled3:usize = tmp0 in - let out3:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let out3:t_Array i32 (sz 263) = tmp1 in let done3:bool = out4 in done0, done1, @@ -751,10 +638,9 @@ let sample_four_error_ring_elements sampled3, state <: - (bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -775,10 +661,9 @@ let sample_four_error_ring_elements sampled3, state <: - (bool & bool & bool & bool & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (bool & bool & bool & bool & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & + t_Array i32 (sz 263) & usize & usize & usize & @@ -803,51 +688,51 @@ let sample_four_ring_elements (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128) - (seed0: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed0: t_Array u8 (sz 34)) (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16) = - let seed0:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed0:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 - (Rust_primitives.mk_usize 32) + (sz 32) (cast (domain_separator0 <: u16) <: u8) in - let seed0:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed0:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed0 - (Rust_primitives.mk_usize 33) - (cast (domain_separator0 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 33) + (cast (domain_separator0 >>! 8l <: u16) <: u8) in - let seed1:t_Array u8 (Rust_primitives.mk_usize 34) = seed0 in - let seed1:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed1:t_Array u8 (sz 34) = seed0 in + let seed1:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (Rust_primitives.mk_usize 32) + (sz 32) (cast (domain_separator1 <: u16) <: u8) in - let seed1:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed1:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed1 - (Rust_primitives.mk_usize 33) - (cast (domain_separator1 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 33) + (cast (domain_separator1 >>! 8l <: u16) <: u8) in - let seed2:t_Array u8 (Rust_primitives.mk_usize 34) = seed0 in - let seed2:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed2:t_Array u8 (sz 34) = seed0 in + let seed2:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (Rust_primitives.mk_usize 32) + (sz 32) (cast (domain_seperator2 <: u16) <: u8) in - let seed2:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed2:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed2 - (Rust_primitives.mk_usize 33) - (cast (domain_seperator2 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 33) + (cast (domain_seperator2 >>! 8l <: u16) <: u8) in - let seed3:t_Array u8 (Rust_primitives.mk_usize 34) = seed0 in - let seed3:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed3:t_Array u8 (sz 34) = seed0 in + let seed3:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (Rust_primitives.mk_usize 32) + (sz 32) (cast (domain_separator3 <: u16) <: u8) in - let seed3:t_Array u8 (Rust_primitives.mk_usize 34) = + let seed3:t_Array u8 (sz 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed3 - (Rust_primitives.mk_usize 33) - (cast (domain_separator3 >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 33) + (cast (domain_separator3 >>! 8l <: u16) <: u8) in let state:v_Shake128 = Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #v_Shake128 @@ -857,22 +742,13 @@ let sample_four_ring_elements (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) in - let randomness0:t_Array u8 (Rust_primitives.mk_usize 840) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 840) - in - let randomness1:t_Array u8 (Rust_primitives.mk_usize 840) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 840) - in - let randomness2:t_Array u8 (Rust_primitives.mk_usize 840) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 840) - in - let randomness3:t_Array u8 (Rust_primitives.mk_usize 840) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 840) - in - let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840) & - t_Array u8 (Rust_primitives.mk_usize 840)) = + let randomness0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let randomness1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let randomness2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let randomness3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in + let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128 #FStar.Tactics.Typeclasses.solve state @@ -882,62 +758,54 @@ let sample_four_ring_elements randomness3 in let state:v_Shake128 = tmp0 in - let randomness0:t_Array u8 (Rust_primitives.mk_usize 840) = tmp1 in - let randomness1:t_Array u8 (Rust_primitives.mk_usize 840) = tmp2 in - let randomness2:t_Array u8 (Rust_primitives.mk_usize 840) = tmp3 in - let randomness3:t_Array u8 (Rust_primitives.mk_usize 840) = tmp4 in + let randomness0:t_Array u8 (sz 840) = tmp1 in + let randomness1:t_Array u8 (sz 840) = tmp2 in + let randomness2:t_Array u8 (sz 840) = tmp3 in + let randomness3:t_Array u8 (sz 840) = tmp4 in let _:Prims.unit = () in - let coefficients0:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let coefficients1:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let coefficients2:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let coefficients3:t_Array i32 (Rust_primitives.mk_usize 263) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 263) - in - let sampled0:usize = Rust_primitives.mk_usize 0 in - let sampled1:usize = Rust_primitives.mk_usize 0 in - let sampled2:usize = Rust_primitives.mk_usize 0 in - let sampled3:usize = Rust_primitives.mk_usize 0 in - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let coefficients0:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let coefficients1:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let coefficients2:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let coefficients3:t_Array i32 (sz 263) = Rust_primitives.Hax.repeat 0l (sz 263) in + let sampled0:usize = sz 0 in + let sampled1:usize = sz 0 in + let sampled2:usize = sz 0 in + let sampled3:usize = sz 0 in + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomness0 <: t_Slice u8) sampled0 coefficients0 in let sampled0:usize = tmp0 in - let coefficients0:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients0:t_Array i32 (sz 263) = tmp1 in let done0:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomness1 <: t_Slice u8) sampled1 coefficients1 in let sampled1:usize = tmp0 in - let coefficients1:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients1:t_Array i32 (sz 263) = tmp1 in let done1:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomness2 <: t_Slice u8) sampled2 coefficients2 in let sampled2:usize = tmp0 in - let coefficients2:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients2:t_Array i32 (sz 263) = tmp1 in let done2:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomness3 <: t_Slice u8) sampled3 coefficients3 in let sampled3:usize = tmp0 in - let coefficients3:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients3:t_Array i32 (sz 263) = tmp1 in let done3:bool = out in let coefficients0, @@ -952,9 +820,7 @@ let sample_four_ring_elements sampled1, sampled2, sampled3, - state:(t_Array i32 (Rust_primitives.mk_usize 263) & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & bool & bool & bool & @@ -978,10 +844,8 @@ let sample_four_ring_elements sampled1, sampled2, sampled3, - state:(t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & bool & bool & bool & @@ -1008,9 +872,7 @@ let sample_four_ring_elements sampled3, state <: - (t_Array i32 (Rust_primitives.mk_usize 263) & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & bool & bool & bool & @@ -1034,10 +896,8 @@ let sample_four_ring_elements sampled1, sampled2, sampled3, - state:(t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + state:(t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & bool & bool & bool & @@ -1050,93 +910,72 @@ let sample_four_ring_elements temp_0_ in let tmp0, out:(v_Shake128 & - (t_Array u8 (Rust_primitives.mk_usize 168) & t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168))) = + (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #v_Shake128 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake128 = tmp0 in - let randomnesses:(t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168) & - t_Array u8 (Rust_primitives.mk_usize 168)) = + let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = out in - let coefficients0, done0, sampled0:(t_Array i32 (Rust_primitives.mk_usize 263) & bool & - usize) = + let coefficients0, done0, sampled0:(t_Array i32 (sz 263) & bool & usize) = if ~.done0 then - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._1 <: t_Slice u8) sampled0 coefficients0 in let sampled0:usize = tmp0 in - let coefficients0:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients0:t_Array i32 (sz 263) = tmp1 in let done0:bool = out in - coefficients0, done0, sampled0 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) - else - coefficients0, done0, sampled0 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) + coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize) + else coefficients0, done0, sampled0 <: (t_Array i32 (sz 263) & bool & usize) in - let coefficients1, done1, sampled1:(t_Array i32 (Rust_primitives.mk_usize 263) & bool & - usize) = + let coefficients1, done1, sampled1:(t_Array i32 (sz 263) & bool & usize) = if ~.done1 then - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._2 <: t_Slice u8) sampled1 coefficients1 in let sampled1:usize = tmp0 in - let coefficients1:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients1:t_Array i32 (sz 263) = tmp1 in let done1:bool = out in - coefficients1, done1, sampled1 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) - else - coefficients1, done1, sampled1 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) + coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize) + else coefficients1, done1, sampled1 <: (t_Array i32 (sz 263) & bool & usize) in - let coefficients2, done2, sampled2:(t_Array i32 (Rust_primitives.mk_usize 263) & bool & - usize) = + let coefficients2, done2, sampled2:(t_Array i32 (sz 263) & bool & usize) = if ~.done2 then - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._3 <: t_Slice u8) sampled2 coefficients2 in let sampled2:usize = tmp0 in - let coefficients2:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients2:t_Array i32 (sz 263) = tmp1 in let done2:bool = out in - coefficients2, done2, sampled2 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) - else - coefficients2, done2, sampled2 - <: - (t_Array i32 (Rust_primitives.mk_usize 263) & bool & usize) + coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize) + else coefficients2, done2, sampled2 <: (t_Array i32 (sz 263) & bool & usize) in if ~.done3 then - let tmp0, tmp1, out:(usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._4 <: t_Slice u8) sampled3 coefficients3 in let sampled3:usize = tmp0 in - let coefficients3:t_Array i32 (Rust_primitives.mk_usize 263) = tmp1 in + let coefficients3:t_Array i32 (sz 263) = tmp1 in let done3:bool = out in coefficients0, coefficients1, @@ -1152,9 +991,8 @@ let sample_four_ring_elements sampled3, state <: - (t_Array i32 (Rust_primitives.mk_usize 263) & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & bool & bool & bool & @@ -1179,9 +1017,8 @@ let sample_four_ring_elements sampled3, state <: - (t_Array i32 (Rust_primitives.mk_usize 263) & t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & - t_Array i32 (Rust_primitives.mk_usize 263) & + (t_Array i32 (sz 263) & t_Array i32 (sz 263) & t_Array i32 (sz 263) & + t_Array i32 (sz 263) & bool & bool & bool & @@ -1211,29 +1048,25 @@ let sample_mask_ring_element (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256) - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) = match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with - | 17 -> - let out:t_Array u8 (Rust_primitives.mk_usize 576) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 576) - in - let out:t_Array u8 (Rust_primitives.mk_usize 576) = + | 17uy -> + let out:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in + let out:t_Array u8 (sz 576) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 576) + (sz 576) (seed <: t_Slice u8) out in Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out <: t_Slice u8) - | 19 -> - let out:t_Array u8 (Rust_primitives.mk_usize 640) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 640) - in - let out:t_Array u8 (Rust_primitives.mk_usize 640) = + | 19uy -> + let out:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in + let out:t_Array u8 (sz 640) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (Rust_primitives.mk_usize 640) + (sz 640) (seed <: t_Slice u8) out in @@ -1256,7 +1089,7 @@ let sample_mask_vector (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) (domain_separator: u16) = let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = @@ -1269,63 +1102,44 @@ let sample_mask_vector if true then let _:Prims.unit = - Hax_lib.v_assert ((v_DIMENSION =. Rust_primitives.mk_usize 4 <: bool) || - (v_DIMENSION =. Rust_primitives.mk_usize 5 <: bool) || - (v_DIMENSION =. Rust_primitives.mk_usize 7 <: bool)) + Hax_lib.v_assert ((v_DIMENSION =. sz 4 <: bool) || (v_DIMENSION =. sz 5 <: bool) || + (v_DIMENSION =. sz 7 <: bool)) in () in - let tmp0, out4:(u16 & t_Array u8 (Rust_primitives.mk_usize 66)) = - update_seed seed domain_separator - in + let tmp0, out4:(u16 & t_Array u8 (sz 66)) = update_seed seed domain_separator in let domain_separator:u16 = tmp0 in - let seed0:t_Array u8 (Rust_primitives.mk_usize 66) = out4 in - let tmp0, out4:(u16 & t_Array u8 (Rust_primitives.mk_usize 66)) = - update_seed seed domain_separator - in + let seed0:t_Array u8 (sz 66) = out4 in + let tmp0, out4:(u16 & t_Array u8 (sz 66)) = update_seed seed domain_separator in let domain_separator:u16 = tmp0 in - let seed1:t_Array u8 (Rust_primitives.mk_usize 66) = out4 in - let tmp0, out4:(u16 & t_Array u8 (Rust_primitives.mk_usize 66)) = - update_seed seed domain_separator - in + let seed1:t_Array u8 (sz 66) = out4 in + let tmp0, out4:(u16 & t_Array u8 (sz 66)) = update_seed seed domain_separator in let domain_separator:u16 = tmp0 in - let seed2:t_Array u8 (Rust_primitives.mk_usize 66) = out4 in - let tmp0, out4:(u16 & t_Array u8 (Rust_primitives.mk_usize 66)) = - update_seed seed domain_separator - in + let seed2:t_Array u8 (sz 66) = out4 in + let tmp0, out4:(u16 & t_Array u8 (sz 66)) = update_seed seed domain_separator in let domain_separator:u16 = tmp0 in - let seed3:t_Array u8 (Rust_primitives.mk_usize 66) = out4 in + let seed3:t_Array u8 (sz 66) = out4 in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with - | 17 -> - let out0:t_Array u8 (Rust_primitives.mk_usize 576) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 576) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 576) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 576) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 576) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 576) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 576) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 576) - in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (Rust_primitives.mk_usize 576) & - t_Array u8 (Rust_primitives.mk_usize 576) & - t_Array u8 (Rust_primitives.mk_usize 576) & - t_Array u8 (Rust_primitives.mk_usize 576)) = + | 17uy -> + let out0:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in + let out1:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in + let out2:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in + let out3:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 576) & t_Array u8 (sz 576) & t_Array u8 (sz 576) & + t_Array u8 (sz 576)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (Rust_primitives.mk_usize 576) (seed0 <: t_Slice u8) - (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (sz 576) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) + (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (Rust_primitives.mk_usize 576) = tmp0 in - let out1:t_Array u8 (Rust_primitives.mk_usize 576) = tmp1 in - let out2:t_Array u8 (Rust_primitives.mk_usize 576) = tmp2 in - let out3:t_Array u8 (Rust_primitives.mk_usize 576) = tmp3 in + let out0:t_Array u8 (sz 576) = tmp0 in + let out1:t_Array u8 (sz 576) = tmp1 in + let out2:t_Array u8 (sz 576) = tmp2 in + let out3:t_Array u8 (sz 576) = tmp3 in let _:Prims.unit = () in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 0) + (sz 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out0 <: t_Slice u8) @@ -1334,7 +1148,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 1) + (sz 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out1 <: t_Slice u8) @@ -1343,7 +1157,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 2) + (sz 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out2 <: t_Slice u8) @@ -1352,7 +1166,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 3) + (sz 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out3 <: t_Slice u8) @@ -1360,35 +1174,25 @@ let sample_mask_vector Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in mask - | 19 -> - let out0:t_Array u8 (Rust_primitives.mk_usize 640) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 640) - in - let out1:t_Array u8 (Rust_primitives.mk_usize 640) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 640) - in - let out2:t_Array u8 (Rust_primitives.mk_usize 640) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 640) - in - let out3:t_Array u8 (Rust_primitives.mk_usize 640) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 640) - in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (Rust_primitives.mk_usize 640) & - t_Array u8 (Rust_primitives.mk_usize 640) & - t_Array u8 (Rust_primitives.mk_usize 640) & - t_Array u8 (Rust_primitives.mk_usize 640)) = + | 19uy -> + let out0:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in + let out1:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in + let out2:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in + let out3:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 640) & t_Array u8 (sz 640) & t_Array u8 (sz 640) & + t_Array u8 (sz 640)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (Rust_primitives.mk_usize 640) (seed0 <: t_Slice u8) - (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (sz 640) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) + (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (Rust_primitives.mk_usize 640) = tmp0 in - let out1:t_Array u8 (Rust_primitives.mk_usize 640) = tmp1 in - let out2:t_Array u8 (Rust_primitives.mk_usize 640) = tmp2 in - let out3:t_Array u8 (Rust_primitives.mk_usize 640) = tmp3 in + let out0:t_Array u8 (sz 640) = tmp0 in + let out1:t_Array u8 (sz 640) = tmp1 in + let out2:t_Array u8 (sz 640) = tmp2 in + let out3:t_Array u8 (sz 640) = tmp3 in let _:Prims.unit = () in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 0) + (sz 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out0 <: t_Slice u8) @@ -1397,7 +1201,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 1) + (sz 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out1 <: t_Slice u8) @@ -1406,7 +1210,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 2) + (sz 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out2 <: t_Slice u8) @@ -1415,7 +1219,7 @@ let sample_mask_vector in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (Rust_primitives.mk_usize 3) + (sz 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit v_GAMMA1_EXPONENT (out3 <: t_Slice u8) @@ -1427,13 +1231,13 @@ let sample_mask_vector in let domain_separator, mask, seed:(u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & - t_Array u8 (Rust_primitives.mk_usize 66)) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 4) + t_Array u8 (sz 66)) = + Rust_primitives.Hax.Folds.fold_range (sz 4) v_DIMENSION (fun temp_0_ temp_1_ -> let domain_separator, mask, seed:(u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & - t_Array u8 (Rust_primitives.mk_usize 66)) = + t_Array u8 (sz 66)) = temp_0_ in let _:usize = temp_1_ in @@ -1441,25 +1245,25 @@ let sample_mask_vector (domain_separator, mask, seed <: (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & - t_Array u8 (Rust_primitives.mk_usize 66))) + t_Array u8 (sz 66))) (fun temp_0_ i -> let domain_separator, mask, seed:(u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & - t_Array u8 (Rust_primitives.mk_usize 66)) = + t_Array u8 (sz 66)) = temp_0_ in let i:usize = i in - let seed:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed - (Rust_primitives.mk_usize 64) + (sz 64) (cast (domain_separator <: u16) <: u8) in - let seed:t_Array u8 (Rust_primitives.mk_usize 66) = + let seed:t_Array u8 (sz 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed - (Rust_primitives.mk_usize 65) - (cast (domain_separator >>! Rust_primitives.mk_i32 8 <: u16) <: u8) + (sz 65) + (cast (domain_separator >>! 8l <: u16) <: u8) in - let domain_separator:u16 = domain_separator +! Rust_primitives.mk_u16 1 in + let domain_separator:u16 = domain_separator +! 1us in let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask @@ -1471,7 +1275,7 @@ let sample_mask_vector domain_separator, mask, seed <: (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION & - t_Array u8 (Rust_primitives.mk_usize 66))) + t_Array u8 (sz 66))) in let hax_temp_output:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 2b9b97952..a742ab51f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -11,30 +11,24 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -val update_seed (seed: t_Array u8 (Rust_primitives.mk_usize 66)) (domain_separator: u16) - : Prims.Pure (u16 & t_Array u8 (Rust_primitives.mk_usize 66)) - Prims.l_True - (fun _ -> Prims.l_True) +val update_seed (seed: t_Array u8 (sz 66)) (domain_separator: u16) + : Prims.Pure (u16 & t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) - : Prims.Pure (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) - Prims.l_True - (fun _ -> Prims.l_True) + (out: t_Array i32 (sz 263)) + : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) - : Prims.Pure (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) - Prims.l_True - (fun _ -> Prims.l_True) + (out: t_Array i32 (sz 263)) + : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -42,29 +36,23 @@ val rejection_sample_less_than_eta {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) - : Prims.Pure (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) - Prims.l_True - (fun _ -> Prims.l_True) + (out: t_Array i32 (sz 263)) + : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_field_modulus (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (Rust_primitives.mk_usize 263)) - : Prims.Pure (usize & t_Array i32 (Rust_primitives.mk_usize 263) & bool) - Prims.l_True - (fun _ -> Prims.l_True) + (out: t_Array i32 (sz 263)) + : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (Rust_primitives.mk_usize 256)) - : Prims.Pure (usize & u64 & t_Array i32 (Rust_primitives.mk_usize 256) & bool) - Prims.l_True - (fun _ -> Prims.l_True) + (result: t_Array i32 (sz 256)) + : Prims.Pure (usize & u64 & t_Array i32 (sz 256) & bool) Prims.l_True (fun _ -> Prims.l_True) val sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) @@ -81,7 +69,7 @@ val sample_four_error_ring_elements (v_ETA: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256 |} - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16) : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -95,7 +83,7 @@ val sample_four_ring_elements (#v_SIMDUnit #v_Shake128: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128 |} - (seed0: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed0: t_Array u8 (sz 34)) (domain_separator0 domain_separator1 domain_seperator2 domain_separator3: u16) : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -110,7 +98,7 @@ val sample_mask_ring_element (v_GAMMA1_EXPONENT: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) Prims.l_True (fun _ -> Prims.l_True) @@ -121,7 +109,7 @@ val sample_mask_vector {| i3: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i4: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256 |} {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) (domain_separator: u16) : Prims.Pure (u16 & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_DIMENSION) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index f70701b34..c6103d0bf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -12,7 +12,7 @@ let _ = () let generate_domain_separator (row column: u8) = - (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) < matrix_A_4_by_4_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed - | 6, 5 -> matrix_A_6_by_5_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed - | 8, 7 -> matrix_A_8_by_7_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed + | 4uy, 4uy -> matrix_A_4_by_4_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed + | 6uy, 5uy -> matrix_A_6_by_5_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed + | 8uy, 7uy -> matrix_A_8_by_7_ #v_SIMDUnit #v_Shake128X4 v_ROWS_IN_A v_COLUMNS_IN_A seed | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -1861,7 +1759,7 @@ let sample_s1_and_s2_4_by_4_ (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) = let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () @@ -1883,30 +1781,22 @@ let sample_s1_and_s2_4_by_4_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 0) - (Rust_primitives.mk_u16 1) - (Rust_primitives.mk_u16 2) - (Rust_primitives.mk_u16 3) + 0us + 1us + 2us + 3us in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 0) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 0) four._1 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 1) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 1) four._2 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 2) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 2) four._3 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 3) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 3) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -1916,30 +1806,22 @@ let sample_s1_and_s2_4_by_4_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 4) - (Rust_primitives.mk_u16 5) - (Rust_primitives.mk_u16 6) - (Rust_primitives.mk_u16 7) + 4us + 5us + 6us + 7us in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 0) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 0) four._1 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 1) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 1) four._2 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 2) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 2) four._3 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 3) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 3) four._4 in s1, s2 <: @@ -1955,7 +1837,7 @@ let sample_s1_and_s2_5_by_6_ (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) = let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () @@ -1977,30 +1859,22 @@ let sample_s1_and_s2_5_by_6_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 0) - (Rust_primitives.mk_u16 1) - (Rust_primitives.mk_u16 2) - (Rust_primitives.mk_u16 3) + 0us + 1us + 2us + 3us in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 0) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 0) four._1 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 1) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 1) four._2 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 2) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 2) four._3 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 3) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 3) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -2010,30 +1884,22 @@ let sample_s1_and_s2_5_by_6_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 4) - (Rust_primitives.mk_u16 5) - (Rust_primitives.mk_u16 6) - (Rust_primitives.mk_u16 7) + 4us + 5us + 6us + 7us in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 4) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 4) four._1 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 0) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 0) four._2 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 1) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 1) four._3 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 2) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 2) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -2043,25 +1909,19 @@ let sample_s1_and_s2_5_by_6_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 8) - (Rust_primitives.mk_u16 9) - (Rust_primitives.mk_u16 10) - (Rust_primitives.mk_u16 11) + 8us + 9us + 10us + 11us in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 3) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 3) four._1 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 4) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 4) four._2 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 5) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 5) four._3 in s1, s2 <: @@ -2077,7 +1937,7 @@ let sample_s1_and_s2_7_by_8_ (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) = let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__ZERO #v_SIMDUnit () @@ -2099,30 +1959,22 @@ let sample_s1_and_s2_7_by_8_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 0) - (Rust_primitives.mk_u16 1) - (Rust_primitives.mk_u16 2) - (Rust_primitives.mk_u16 3) + 0us + 1us + 2us + 3us in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 0) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 0) four._1 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 1) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 1) four._2 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 2) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 2) four._3 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 3) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 3) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -2132,30 +1984,22 @@ let sample_s1_and_s2_7_by_8_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 4) - (Rust_primitives.mk_u16 5) - (Rust_primitives.mk_u16 6) - (Rust_primitives.mk_u16 7) + 4us + 5us + 6us + 7us in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 4) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 4) four._1 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 5) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 5) four._2 in let s1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 - (Rust_primitives.mk_usize 6) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s1 (sz 6) four._3 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 0) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 0) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -2165,30 +2009,22 @@ let sample_s1_and_s2_7_by_8_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 8) - (Rust_primitives.mk_u16 9) - (Rust_primitives.mk_u16 10) - (Rust_primitives.mk_u16 11) + 8us + 9us + 10us + 11us in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 1) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 1) four._1 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 2) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 2) four._2 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 3) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 3) four._3 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 4) - four._4 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 4) four._4 in let four:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & @@ -2198,25 +2034,19 @@ let sample_s1_and_s2_7_by_8_ #v_Shake256X4 v_ETA seed_base - (Rust_primitives.mk_u16 12) - (Rust_primitives.mk_u16 13) - (Rust_primitives.mk_u16 14) - (Rust_primitives.mk_u16 15) + 12us + 13us + 14us + 15us in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 5) - four._1 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 5) four._1 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 6) - four._2 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 6) four._2 in let s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 - (Rust_primitives.mk_usize 7) - four._3 + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize s2 (sz 7) four._3 in s1, s2 <: @@ -2232,16 +2062,16 @@ let sample_s1_and_s2 (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) = match (cast (v_S1_DIMENSION <: usize) <: u8), (cast (v_S2_DIMENSION <: usize) <: u8) <: (u8 & u8) with - | 4, 4 -> + | 4uy, 4uy -> sample_s1_and_s2_4_by_4_ #v_SIMDUnit #v_Shake256X4 v_ETA v_S1_DIMENSION v_S2_DIMENSION seed - | 5, 6 -> + | 5uy, 6uy -> sample_s1_and_s2_5_by_6_ #v_SIMDUnit #v_Shake256X4 v_ETA v_S1_DIMENSION v_S2_DIMENSION seed - | 7, 8 -> + | 7uy, 8uy -> sample_s1_and_s2_7_by_8_ #v_SIMDUnit #v_Shake256X4 v_ETA v_S1_DIMENSION v_S2_DIMENSION seed | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti index 37678aa88..d6a4fdf92 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fsti @@ -18,7 +18,7 @@ val matrix_A_4_by_4_ (v_ROWS_IN_A v_COLUMNS_IN_A: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) @@ -29,7 +29,7 @@ val matrix_A_6_by_5_ (v_ROWS_IN_A v_COLUMNS_IN_A: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) @@ -40,7 +40,7 @@ val matrix_A_8_by_7_ (v_ROWS_IN_A v_COLUMNS_IN_A: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) @@ -51,7 +51,7 @@ val matrix_A (v_ROWS_IN_A v_COLUMNS_IN_A: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 34)) + (seed: t_Array u8 (sz 34)) : Prims.Pure (t_Array (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A) @@ -62,7 +62,7 @@ val sample_s1_and_s2_4_by_4_ (v_ETA v_S1_DIMENSION v_S2_DIMENSION: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) : Prims.Pure (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION) @@ -74,7 +74,7 @@ val sample_s1_and_s2_5_by_6_ (v_ETA v_S1_DIMENSION v_S2_DIMENSION: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) : Prims.Pure (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION) @@ -86,7 +86,7 @@ val sample_s1_and_s2_7_by_8_ (v_ETA v_S1_DIMENSION v_S2_DIMENSION: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (seed_base: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed_base: t_Array u8 (sz 66)) : Prims.Pure (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION) @@ -98,7 +98,7 @@ val sample_s1_and_s2 (v_ETA v_S1_DIMENSION v_S2_DIMENSION: usize) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (seed: t_Array u8 (Rust_primitives.mk_usize 66)) + (seed: t_Array u8 (sz 66)) : Prims.Pure (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S1_DIMENSION & t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_S2_DIMENSION) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst index 17ce1b1c3..3dd67c65e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst @@ -38,9 +38,8 @@ let compute_hint (v_GAMMA2: i32) (low high: Libcrux_intrinsics.Avx2_extract.t_Ve in (cast (Core.Num.impl__i32__count_ones hints_mask <: u32) <: usize), Libcrux_intrinsics.Avx2_extract.mm256_and_si256 hints - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1) - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1l <: Libcrux_intrinsics.Avx2_extract.t_Vec256 + ) <: (usize & Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -49,7 +48,7 @@ let infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_abs_epi32 simd_unit in let bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! Rust_primitives.mk_i32 1 <: i32) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! 1l <: i32) in let compare_with_bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 absolute_values bound @@ -57,7 +56,7 @@ let infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) let result:i32 = Libcrux_intrinsics.Avx2_extract.mm256_testz_si256 compare_with_bound compare_with_bound in - if result =. Rust_primitives.mk_i32 1 then false else true + if result =. 1l then false else true let subtract (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 lhs rhs @@ -68,15 +67,12 @@ let shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: Libcrux_intrinsics.Avx2 in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1 < + | 190464l -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 11275) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 11275l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1 < + | 523776l -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1025) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1025l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1 < @@ -320,7 +308,7 @@ let decompose (v_GAMMA2: i32) (r: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 field_modulus_halved r0 in let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (Rust_primitives.mk_i32 31) mask + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask in let field_modulus_and_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 mask @@ -344,7 +332,7 @@ let use_hint (v_GAMMA2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 all_zeros hint r0 in let negate_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (Rust_primitives.mk_i32 1) negate_hints + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 1l negate_hints in let hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 hint negate_hints @@ -353,9 +341,9 @@ let use_hint (v_GAMMA2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r1 hints in match v_GAMMA2 with - | 95232 -> + | 95232l -> let max:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 43) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 43l in let r1_plus_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints max r1_plus_hints @@ -366,9 +354,9 @@ let use_hint (v_GAMMA2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints all_zeros greater_than_or_equal_to_max - | 261888 -> + | 261888l -> Libcrux_intrinsics.Avx2_extract.mm256_and_si256 r1_plus_hints - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 15) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) | _ -> diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst index c448e391f..5f1406970 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst @@ -4,38 +4,21 @@ open Core open FStar.Mul let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 19) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 19) - in + let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.repeat 0uy (sz 19) in match cast (v_OUTPUT_SIZE <: usize) <: u8 with - | 4 -> + | 4uy -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 28) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 28) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 28) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 28) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 28) - adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -44,26 +27,19 @@ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (Rust_primitives.mk_u8 240) - (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) - (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) - (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) - (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 240) (Rust_primitives.mk_u8 12) - (Rust_primitives.mk_u8 4) (Rust_primitives.mk_u8 8) (Rust_primitives.mk_u8 0) + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy 240uy + 240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in - let serialized:t_Array u8 (Rust_primitives.mk_usize 19) = + let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -78,91 +54,55 @@ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract (Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_OUTPUT_SIZE) #FStar.Tactics.Typeclasses.solve - (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 4 - } + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: Core.Result.t_Result (t_Array u8 v_OUTPUT_SIZE) Core.Array.t_TryFromSliceError) - | 6 -> + | 6uy -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 26) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 26) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 26) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 26) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 26) - adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 9) - (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 1) (Rust_primitives.mk_i8 0) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) + (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) + (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Rust_primitives.mk_i16 1) - (Rust_primitives.mk_i16 1) (Rust_primitives.mk_i16 1) (Rust_primitives.mk_i16 1) - (Rust_primitives.mk_i16 1) (Rust_primitives.mk_i16 1) (Rust_primitives.mk_i16 1) - (Rust_primitives.mk_i16 1 < deserialize_to_unsigned_when_eta_is_2_ serialized - | 4 -> deserialize_to_unsigned_when_eta_is_4_ serialized + | 2uy -> deserialize_to_unsigned_when_eta_is_2_ serialized + | 4uy -> deserialize_to_unsigned_when_eta_is_4_ serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -125,9 +93,7 @@ let serialize_when_eta_is_2_ (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 16) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 16) - in + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_eta_is_2___ETA @@ -137,59 +103,31 @@ let serialize_when_eta_is_2_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 29) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 29) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 29) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 29) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 29l 0l 29l 0l 29l 0l 29l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 29) adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 29l adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 0) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) + (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) + (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Rust_primitives.mk_i16 0) - (Rust_primitives.mk_i16 0) (Rust_primitives.mk_i16 0) (Rust_primitives.mk_i16 0) - (Rust_primitives.mk_i16 0) (Rust_primitives.mk_i16 0) - (Rust_primitives.mk_i16 1 < serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit - | 4 -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit + | 3uy -> serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit + | 4uy -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti index 97ea7604e..11a0e04cf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti @@ -3,15 +3,13 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Error open Core open FStar.Mul -let deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK: i32 = - (Rust_primitives.mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst index 2cee1d1f5..c7012e6cb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst @@ -8,17 +8,14 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 18 - <: - bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 18 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -27,8 +24,8 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 2; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 18 + Core.Ops.Range.f_start = sz 2; + Core.Ops.Range.f_end = sz 18 } <: Core.Ops.Range.t_Range usize ] @@ -40,31 +37,14 @@ let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 15) (Rust_primitives.mk_i8 14) (Rust_primitives.mk_i8 13) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 13) (Rust_primitives.mk_i8 12) - (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 11) - (Rust_primitives.mk_i8 10) (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 7) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 7) - (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 6) - (Rust_primitives.mk_i8 5) (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 2) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 11y + 10y 9y (-1y) 9y 8y 7y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) 4y 3y 2y (-1y) 2y 1y 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -86,17 +66,14 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 20 - <: - bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 20 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -105,8 +82,8 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 4; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 20 + Core.Ops.Range.f_start = sz 4; + Core.Ops.Range.f_end = sz 20 } <: Core.Ops.Range.t_Range usize ] @@ -118,31 +95,14 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 15) (Rust_primitives.mk_i8 14) (Rust_primitives.mk_i8 13) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 13) (Rust_primitives.mk_i8 12) - (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 10) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 6) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) - (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 7) - (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 5) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 2) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 10y + 9y 8y (-1y) 8y 7y 6y (-1y) 9y 8y 7y (-1y) 7y 6y 5y (-1y) 4y 3y 2y (-1y) 2y 1y 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -161,8 +121,8 @@ let deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = let deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) = match cast (v_GAMMA1_EXPONENT <: usize) <: u8 with - | 17 -> deserialize_when_gamma1_is_2_pow_17_ serialized - | 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized + | 17uy -> deserialize_when_gamma1_is_2_pow_17_ serialized + | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -173,9 +133,7 @@ let serialize_when_gamma1_is_2_pow_17_ (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 32) - in + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_17___GAMMA1 @@ -185,54 +143,39 @@ let serialize_when_gamma1_is_2_pow_17_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 14) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 14) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 14) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 14) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 14l 0l 14l 0l 14l 0l 14l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 14) adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 14l adjacent_2_combined in let every_second_element:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 (Rust_primitives.mk_i32 8) - adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_2_combined in let every_second_element_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 (Rust_primitives.mk_i32 36) - every_second_element + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 36l every_second_element in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_2_combined every_second_element_shifted in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x (Rust_primitives.mk_i64 28) - (Rust_primitives.mk_i64 0) - (Rust_primitives.mk_i64 28) - (Rust_primitives.mk_i64 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 28L 0L 28L 0L <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -243,20 +186,16 @@ let serialize_when_gamma1_is_2_pow_17_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (Rust_primitives.mk_i32 1) - adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 9; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 25 - } + ({ Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 25 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 9; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 25 + Core.Ops.Range.f_start = sz 9; + Core.Ops.Range.f_end = sz 25 } <: Core.Ops.Range.t_Range usize ] @@ -271,10 +210,7 @@ let serialize_when_gamma1_is_2_pow_17_ (Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_OUTPUT_SIZE) #FStar.Tactics.Typeclasses.solve - (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 18 - } + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 18 } <: Core.Ops.Range.t_Range usize ] <: @@ -286,9 +222,7 @@ let serialize_when_gamma1_is_2_pow_19_ (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 32) - in + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_19___GAMMA1 @@ -298,51 +232,32 @@ let serialize_when_gamma1_is_2_pow_19_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 12) adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 12) - (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 10) (Rust_primitives.mk_i8 9) - (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) - (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) (Rust_primitives.mk_i8 0) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 12) (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 10) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 4) - (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y + 10y 9y 8y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y 10y 9y 8y 4y 3y 2y 1y + 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -353,20 +268,16 @@ let serialize_when_gamma1_is_2_pow_19_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (Rust_primitives.mk_i32 1) - adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 32) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 10; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 26 - } + ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 10; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 26 + Core.Ops.Range.f_start = sz 10; + Core.Ops.Range.f_end = sz 26 } <: Core.Ops.Range.t_Range usize ] @@ -381,10 +292,7 @@ let serialize_when_gamma1_is_2_pow_19_ (Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_OUTPUT_SIZE) #FStar.Tactics.Typeclasses.solve - (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 20 - } + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 } <: Core.Ops.Range.t_Range usize ] <: @@ -394,8 +302,8 @@ let serialize_when_gamma1_is_2_pow_19_ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = match cast (v_OUTPUT_SIZE <: usize) <: u8 with - | 18 -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit - | 20 -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit + | 18uy -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit + | 20uy -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti index 6fcf920f7..09917efd7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti @@ -3,25 +3,19 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1 open Core open FStar.Mul -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = - Rust_primitives.mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst index 43777cb0b..cf9feff51 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst @@ -5,8 +5,8 @@ open FStar.Mul let change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let interval_end:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 1 < Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (Rust_primitives.mk_usize 16) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 16) - in - let serialized_extended:t_Array u8 (Rust_primitives.mk_usize 16) = + let serialized_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let serialized_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized_extended - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 13 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 13 - } + (serialized_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } <: Core.Ops.Range.t_Range usize ] <: @@ -56,31 +46,15 @@ let deserialize (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 12) (Rust_primitives.mk_i8 11) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 10) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 6) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 5) - (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 12y 11y (-1y) 11y 10y 9y (-1y) + (-1y) 9y 8y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) (-1y) 4y 3y (-1y) 3y 2y 1y (-1y) (-1y) 1y + 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 3) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 7) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 5) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 3l 6l 1l 4l 7l 2l 5l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -93,93 +67,62 @@ let deserialize (serialized: t_Slice u8) = change_interval coefficients let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 16) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 16) - in + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 = change_interval simd_unit in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 19) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 19) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 19) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 19) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 19l 0l 19l 0l 19l 0l 19l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 19) adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 19l adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 4l 2l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 6l 0l 6l 0l 6l 0l 6l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 6) adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 6l adjacent_4_combined in let second_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 (Rust_primitives.mk_i32 8) - adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_4_combined in let least_12_bits_shifted_up:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 (Rust_primitives.mk_i32 52) second_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 52l second_4_combined in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_4_combined least_12_bits_shifted_up in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 bits_sequential - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x (Rust_primitives.mk_i64 0) - (Rust_primitives.mk_i64 0) - (Rust_primitives.mk_i64 12) - (Rust_primitives.mk_i64 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 0L 0L 12L 0L <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 bits_sequential in - let serialized:t_Array u8 (Rust_primitives.mk_usize 16) = + let serialized:t_Array u8 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized bits_sequential in - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 13)) + Core.Result.impl__unwrap #(t_Array u8 (sz 13)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 13)) + #(t_Array u8 (sz 13)) #FStar.Tactics.Typeclasses.solve - (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 13 - } + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 13)) Core.Array.t_TryFromSliceError - ) + Core.Result.t_Result (t_Array u8 (sz 13)) Core.Array.t_TryFromSliceError) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti index 87d7bc400..6ecaf9832 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti @@ -6,11 +6,10 @@ open FStar.Mul val change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = - (Rust_primitives.mk_i32 1 < Prims.l_True) val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 13)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 13)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst index 0ca1dcbb1..5c03793af 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst @@ -4,68 +4,42 @@ open Core open FStar.Mul let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 24) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 24) - in + let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 22) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 22) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 22) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 22) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 22l 0l 22l 0l 22l 0l 22l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 22) adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 22l adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 6l 4l 0l 0l 2l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 12) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (Rust_primitives.mk_i32 12) adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_4_combined in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 24) = + let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 16 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize ] @@ -76,20 +50,16 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (Rust_primitives.mk_i32 1) - adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined in - let serialized:t_Array u8 (Rust_primitives.mk_usize 24) = + let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 5; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 21 - } + ({ Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 21 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 5; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 21 + Core.Ops.Range.f_start = sz 5; + Core.Ops.Range.f_end = sz 21 } <: Core.Ops.Range.t_Range usize ] @@ -99,49 +69,37 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - Core.Result.impl__unwrap #(t_Array u8 (Rust_primitives.mk_usize 10)) + Core.Result.impl__unwrap #(t_Array u8 (sz 10)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (Rust_primitives.mk_usize 10)) + #(t_Array u8 (sz 10)) #FStar.Tactics.Typeclasses.solve - (serialized.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 10 - } + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (Rust_primitives.mk_usize 10)) Core.Array.t_TryFromSliceError - ) + Core.Result.t_Result (t_Array u8 (sz 10)) Core.Array.t_TryFromSliceError) let deserialize (bytes: t_Slice u8) = let _:Prims.unit = if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 bytes, Rust_primitives.mk_usize 10 <: (usize & usize) with + match Core.Slice.impl__len #u8 bytes, sz 10 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let bytes_extended:t_Array u8 (Rust_primitives.mk_usize 16) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 16) - in - let bytes_extended:t_Array u8 (Rust_primitives.mk_usize 16) = + let bytes_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let bytes_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range bytes_extended - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 10 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (bytes_extended.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 10 - } + (bytes_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } <: Core.Ops.Range.t_Range usize ] <: @@ -158,31 +116,15 @@ let deserialize (bytes: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 bytes_loaded - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 8) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 8) - (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 5) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 4) - (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 9y 8y (-1y) (-1y) 8y 7y (-1y) + (-1y) 7y 6y (-1y) (-1y) 6y 5y (-1y) (-1y) 4y 3y (-1y) (-1y) 3y 2y (-1y) (-1y) 2y 1y (-1y) + (-1y) 1y 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 6) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti index c8bfd08d2..53c46df38 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti @@ -3,11 +3,10 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.T1 open Core open FStar.Mul -let deserialize__COEFFICIENT_MASK: i32 = - (Rust_primitives.mk_i32 1 < Prims.l_True) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) val deserialize (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst index b5d19c6d7..ecb029df7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst @@ -8,10 +8,10 @@ let butterfly_2_ (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32) = let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 216) a + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a in let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 216) b + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b in let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled @@ -45,12 +45,10 @@ let butterfly_2_ Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms in let a_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 216) - a_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_terms_shuffled in let b_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 216) - b_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_terms_shuffled in a_out, b_out <: @@ -106,7 +104,7 @@ let butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i Libcrux_intrinsics.Avx2_extract.t_Vec128) in let zeta_multiplicands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (Rust_primitives.mk_i32 19) b a + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l b a in let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 zeta1 zeta1 zeta0 zeta0 zeta0 zeta0 @@ -130,9 +128,7 @@ let butterfly_8_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i Libcrux_intrinsics.Avx2_extract.t_Vec128) in let b_out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (Rust_primitives.mk_i32 19) - sub_terms - add_terms + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l sub_terms add_terms in a_out, b_out <: @@ -143,27 +139,13 @@ let invert_ntt_at_layer_0_ (zeta0 zeta1 zeta2 zeta3: i32) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta3 - (Rust_primitives.mk_i32 0) - zeta2 - (Rust_primitives.mk_i32 0) - zeta1 - (Rust_primitives.mk_i32 0) - zeta0 - (Rust_primitives.mk_i32 0) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta3 0l zeta2 0l zeta1 0l zeta0 0l in let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) 1l (-1l) 1l (-1l) 1l (-1l) 1l in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 177) simd_unit + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 177l simd_unit in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs @@ -174,31 +156,17 @@ let invert_ntt_at_layer_0_ let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (Rust_primitives.mk_i32 170) sums products + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l sums products let invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i32) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 - zeta1 - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - zeta0 - zeta0 - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta1 zeta1 0l 0l zeta0 zeta0 0l 0l in let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 1) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) 1l 1l (-1l) (-1l) 1l 1l in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (Rust_primitives.mk_i32 78) simd_unit + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 78l simd_unit in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs @@ -209,31 +177,17 @@ let invert_ntt_at_layer_1_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (Rust_primitives.mk_i32 204) sums products + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 204l sums products let invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i32) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta - zeta - zeta - zeta - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 0) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 zeta zeta zeta zeta 0l 0l 0l 0l in let add_by_signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 (-1)) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 1) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (-1l) (-1l) (-1l) (-1l) 1l 1l 1l 1l in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 (Rust_primitives.mk_i32 78) simd_unit + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 78l simd_unit in let add_by:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 add_by add_by_signs @@ -244,58 +198,45 @@ let invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) let products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply sums zetas in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (Rust_primitives.mk_i32 240) sums products + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 240l sums products let ntt_at_layer_3_plus (v_LAYER zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = - let step:usize = Rust_primitives.mk_usize 1 <>! v_LAYER <: usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! v_LAYER <: usize) (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + (re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = - ((round *! step <: usize) *! Rust_primitives.mk_usize 2 <: usize) /! + ((round *! step <: usize) *! sz 2 <: usize) /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in let step_by:usize = step /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Folds.fold_range offset (offset +! step_by <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) = - re - in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) = - re - in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = re in let j:usize = j in let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_dsa.Simd.Avx2.Arithmetic.montgomery_multiply_by_constant (re.[ j +! @@ -306,8 +247,7 @@ let ntt_at_layer_3_plus Libcrux_intrinsics.Avx2_extract.t_Vec256) (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! step_by <: usize) (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.subtract (re.[ j ] @@ -317,8 +257,7 @@ let ntt_at_layer_3_plus <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j (Libcrux_ml_dsa.Simd.Avx2.Arithmetic.add (re.[ j ] @@ -330,307 +269,214 @@ let ntt_at_layer_3_plus in re) in - re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) in - zeta_i, re - <: - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + zeta_i, re <: (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) -let ntt_at_layer_0_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - = - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & - usize) = - Rust_primitives.Hax.Folds.fold_range_step_by (Rust_primitives.mk_usize 0) +let ntt_at_layer_0_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + let zeta_i:usize = zeta_i +! sz 1 in + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = + Rust_primitives.Hax.Folds.fold_range_step_by (sz 0) (Core.Slice.impl__len #Libcrux_intrinsics.Avx2_extract.t_Vec256 (re <: t_Slice Libcrux_intrinsics.Avx2_extract.t_Vec256) <: usize) - (Rust_primitives.mk_usize 2) + (sz 2) (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + (re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let round:usize = round in let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = butterfly_2_ (re.[ round ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (re.[ round +! Rust_primitives.mk_usize 1 <: usize ] - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + (re.[ round +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 1 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 2 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 3 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 4 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 4 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 5 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 5 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 6 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 6 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 7 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 7 <: usize ] <: i32) in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re round a in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (round +! Rust_primitives.mk_usize 1 <: usize) + (round +! sz 1 <: usize) b in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 8 in - re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + let zeta_i:usize = zeta_i +! sz 8 in + re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in - zeta_i, re - <: - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + let zeta_i:usize = zeta_i -! sz 1 in + zeta_i, re <: (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) -let ntt_at_layer_1_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - = - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & - usize) = - Rust_primitives.Hax.Folds.fold_range_step_by (Rust_primitives.mk_usize 0) +let ntt_at_layer_1_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + let zeta_i:usize = zeta_i +! sz 1 in + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = + Rust_primitives.Hax.Folds.fold_range_step_by (sz 0) (Core.Slice.impl__len #Libcrux_intrinsics.Avx2_extract.t_Vec256 (re <: t_Slice Libcrux_intrinsics.Avx2_extract.t_Vec256) <: usize) - (Rust_primitives.mk_usize 2) + (sz 2) (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + (re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let round:usize = round in let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = butterfly_4_ (re.[ round ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (re.[ round +! Rust_primitives.mk_usize 1 <: usize ] - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + (re.[ round +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 1 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 2 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 3 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize ] <: i32) in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re round a in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (round +! Rust_primitives.mk_usize 1 <: usize) + (round +! sz 1 <: usize) b in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 4 in - re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + let zeta_i:usize = zeta_i +! sz 4 in + re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in - zeta_i, re - <: - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + let zeta_i:usize = zeta_i -! sz 1 in + zeta_i, re <: (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) -let ntt_at_layer_2_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - = - let (re, zeta_i), hax_temp_output:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & +let ntt_at_layer_2_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + let (re, zeta_i), hax_temp_output:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = - Rust_primitives.Hax.Folds.fold_range_step_by (Rust_primitives.mk_usize 0) + Rust_primitives.Hax.Folds.fold_range_step_by (sz 0) (Core.Slice.impl__len #Libcrux_intrinsics.Avx2_extract.t_Vec256 (re <: t_Slice Libcrux_intrinsics.Avx2_extract.t_Vec256) <: usize) - (Rust_primitives.mk_usize 2) + (sz 2) (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + (re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) & - usize) = + let re, zeta_i:(t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize) = temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in + let zeta_i:usize = zeta_i +! sz 1 in let a, b:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = butterfly_8_ (re.[ round ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (re.[ round +! Rust_primitives.mk_usize 1 <: usize ] - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + (re.[ round +! sz 1 <: usize ] <: Libcrux_intrinsics.Avx2_extract.t_Vec256) (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 1 - <: - usize ] + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] <: i32) in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re round a in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (round +! Rust_primitives.mk_usize 1 <: usize) + (round +! sz 1 <: usize) b in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - re, zeta_i - <: - (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) & usize)) + let zeta_i:usize = zeta_i +! sz 1 in + re, zeta_i <: (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) & usize)) in - zeta_i, re - <: - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + zeta_i, re <: (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) -let ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - let zeta_i:usize = Rust_primitives.mk_usize 0 in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 7) zeta_i re +let ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + let zeta_i:usize = sz 0 in + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + ntt_at_layer_3_plus (sz 7) zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 6) zeta_i re + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + ntt_at_layer_3_plus (sz 6) zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 5) zeta_i re + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + ntt_at_layer_3_plus (sz 5) zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 4) zeta_i re + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + ntt_at_layer_3_plus (sz 4) zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 3) zeta_i re + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = + ntt_at_layer_3_plus (sz 3) zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = ntt_at_layer_2_ zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = ntt_at_layer_1_ zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) = + let tmp0, tmp1:(usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) = ntt_at_layer_0_ zeta_i re in let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = tmp1 in + let re:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = tmp1 in let _:Prims.unit = () in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti index df72e60c3..b258ca10c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Ntt open Core open FStar.Mul -let butterfly_2___SHUFFLE: i32 = Rust_primitives.mk_i32 216 +let butterfly_2___SHUFFLE: i32 = 216l val butterfly_2_ (a b: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -40,37 +40,27 @@ val invert_ntt_at_layer_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) val ntt_at_layer_3_plus (v_LAYER zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) + : Prims.Pure (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_0_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) +val ntt_at_layer_0_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) + : Prims.Pure (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_1_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) +val ntt_at_layer_1_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) + : Prims.Pure (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_2_ - (zeta_i: usize) - (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) +val ntt_at_layer_2_ (zeta_i: usize) (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) + : Prims.Pure (usize & t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) - : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) +val ntt (re: t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst index 76c74ce60..67e806244 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst @@ -5,19 +5,19 @@ open FStar.Mul let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) = match cast (v_ETA <: usize) <: u8 with - | 2 -> + | 2uy -> let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 26) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 26l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (Rust_primitives.mk_i32 7) quotient + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l quotient in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 quotient - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Rust_primitives.mk_i32 5) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 5l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -29,7 +29,7 @@ let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract <: Libcrux_intrinsics.Avx2_extract.t_Vec256) coefficients_mod_5_ - | 4 -> + | 4uy -> Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (v_ETA <: usize) <: i32) <: @@ -43,13 +43,12 @@ let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = let potential_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize_to_unsigned (Rust_primitives.mk_usize 4) - input + Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.deserialize_to_unsigned (sz 4) input in let (interval_boundary: i32):i32 = match cast (v_ETA <: usize) <: u8 with - | 2 -> Rust_primitives.mk_i32 15 - | 4 -> Rust_primitives.mk_i32 9 + | 2uy -> 15l + | 4uy -> 9l | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -69,12 +68,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. Rust_primitives.mk_i32 15 in - let good_upper_half:i32 = good >>! Rust_primitives.mk_i32 4 in + let good_lower_half:i32 = good &. 15l in + let good_upper_half:i32 = good >>! 4l in let shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = shift_interval v_ETA potential_coefficients in - let lower_shuffles:t_Array u8 (Rust_primitives.mk_usize 16) = + let lower_shuffles:t_Array u8 (sz 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -92,15 +91,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 4 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 4 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 4 } <: Core.Ops.Range.t_Range usize ] @@ -111,7 +107,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (Rust_primitives.mk_usize 16) = + let upper_shuffles:t_Array u8 (sz 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -122,7 +118,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (Rust_primitives.mk_i32 1) shifted + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l shifted in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -131,13 +127,13 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! Rust_primitives.mk_usize 4 <: usize + Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! Rust_primitives.mk_usize 4 <: usize + Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst index a29265eb0..f3d66cf87 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst @@ -8,23 +8,18 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = if true then let _:Prims.unit = - match - Core.Slice.impl__len #u8 serialized, Rust_primitives.mk_usize 24 <: (usize & usize) - with + match Core.Slice.impl__len #u8 serialized, sz 24 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 32) - in - let serialized_extended:t_Array u8 (Rust_primitives.mk_usize 32) = + let serialized_extended:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized_extended:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_to serialized_extended - ({ Core.Ops.Range.f_end = Rust_primitives.mk_usize 24 } <: Core.Ops.Range.t_RangeTo usize) + ({ Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { Core.Ops.Range.f_end = Rust_primitives.mk_usize 24 } - <: - Core.Ops.Range.t_RangeTo usize ] + (serialized_extended.[ { Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize + ] <: t_Slice u8) serialized @@ -36,31 +31,14 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 5) - (Rust_primitives.mk_i32 4) - (Rust_primitives.mk_i32 3) - (Rust_primitives.mk_i32 0) - (Rust_primitives.mk_i32 2) - (Rust_primitives.mk_i32 1) - (Rust_primitives.mk_i32 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 5l 4l 3l 0l 2l 1l 0l <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 10) (Rust_primitives.mk_i8 9) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 8) (Rust_primitives.mk_i8 7) - (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 5) - (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) (Rust_primitives.mk_i8 0) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 11) (Rust_primitives.mk_i8 10) - (Rust_primitives.mk_i8 9) (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 8) - (Rust_primitives.mk_i8 7) (Rust_primitives.mk_i8 6) (Rust_primitives.mk_i8 (-1)) - (Rust_primitives.mk_i8 5) (Rust_primitives.mk_i8 4) (Rust_primitives.mk_i8 3) - (Rust_primitives.mk_i8 (-1)) (Rust_primitives.mk_i8 2) (Rust_primitives.mk_i8 1) - (Rust_primitives.mk_i8 0) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y + (-1y) 2y 1y 0y (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y (-1y) 2y 1y 0y <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -86,9 +64,9 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. Rust_primitives.mk_i32 15 in - let good_upper_half:i32 = good >>! Rust_primitives.mk_i32 4 in - let lower_shuffles:t_Array u8 (Rust_primitives.mk_usize 16) = + let good_lower_half:i32 = good &. 15l in + let good_upper_half:i32 = good >>! 4l in + let lower_shuffles:t_Array u8 (sz 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -106,15 +84,12 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 4 - } + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 4 + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 4 } <: Core.Ops.Range.t_Range usize ] @@ -125,7 +100,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (Rust_primitives.mk_usize 16) = + let upper_shuffles:t_Array u8 (sz 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -136,8 +111,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (Rust_primitives.mk_i32 1) - potential_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -146,13 +120,13 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! Rust_primitives.mk_usize 4 <: usize + Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! Rust_primitives.mk_usize 4 <: usize + Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti index d91a75fe7..8d297cab8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti @@ -3,8 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus open Core open FStar.Mul -let bytestream_to_potential_coefficients__COEFFICIENT_MASK: i32 = - (Rust_primitives.mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst index 619cf820b..97a40a5a5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst @@ -4,149 +4,103 @@ open Core open FStar.Mul let is_bit_set (number: usize) (bit_position: u8) = - ((number &. (Rust_primitives.mk_usize 1 <>! bit_position - <: - usize) =. - Rust_primitives.mk_usize 1 + ((number &. (sz 1 <>! bit_position <: usize) =. sz 1 let generate_shuffle_table (_: Prims.unit) = - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16) - = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 255) - (Rust_primitives.mk_usize 16) - <: - t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 255uy (sz 16) <: t_Array u8 (sz 16)) + (sz 16) in - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16) - = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Rust_primitives.mk_usize 1 < - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = - byte_shuffles - in + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in let _:usize = temp_1_ in true) byte_shuffles (fun byte_shuffles bit_pattern -> - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = - byte_shuffles - in + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in let bit_pattern:usize = bit_pattern in - let byte_shuffles_index:usize = Rust_primitives.mk_usize 0 in - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) & - usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_u8 0) - (Rust_primitives.mk_u8 4) + let byte_shuffles_index:usize = sz 0 in + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & usize) = + Rust_primitives.Hax.Folds.fold_range 0uy + 4uy (fun temp_0_ temp_1_ -> - let byte_shuffles, byte_shuffles_index:(t_Array - (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & usize) = temp_0_ in let _:u8 = temp_1_ in true) - (byte_shuffles, byte_shuffles_index - <: - (t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16) & - usize)) + (byte_shuffles, byte_shuffles_index <: (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) (fun temp_0_ bit_position -> - let byte_shuffles, byte_shuffles_index:(t_Array - (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & usize) = temp_0_ in let bit_position:u8 = bit_position in if is_bit_set bit_pattern bit_position <: bool then - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (Rust_primitives.mk_usize 16)) + t_Array u8 (sz 16)) byte_shuffles_index - (bit_position *! Rust_primitives.mk_u8 4 <: u8) + (bit_position *! 4uy <: u8) <: - t_Array u8 (Rust_primitives.mk_usize 16)) - in - let byte_shuffles_index:usize = - byte_shuffles_index +! Rust_primitives.mk_usize 1 + t_Array u8 (sz 16)) in - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (Rust_primitives.mk_usize 16)) + t_Array u8 (sz 16)) byte_shuffles_index - ((bit_position *! Rust_primitives.mk_u8 4 <: u8) +! - Rust_primitives.mk_u8 1 - <: - u8) + ((bit_position *! 4uy <: u8) +! 1uy <: u8) <: - t_Array u8 (Rust_primitives.mk_usize 16)) - in - let byte_shuffles_index:usize = - byte_shuffles_index +! Rust_primitives.mk_usize 1 + t_Array u8 (sz 16)) in - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (Rust_primitives.mk_usize 16)) + t_Array u8 (sz 16)) byte_shuffles_index - ((bit_position *! Rust_primitives.mk_u8 4 <: u8) +! - Rust_primitives.mk_u8 2 - <: - u8) + ((bit_position *! 4uy <: u8) +! 2uy <: u8) <: - t_Array u8 (Rust_primitives.mk_usize 16)) - in - let byte_shuffles_index:usize = - byte_shuffles_index +! Rust_primitives.mk_usize 1 + t_Array u8 (sz 16)) in - let byte_shuffles:t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in + let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (Rust_primitives.mk_usize 16)) + t_Array u8 (sz 16)) byte_shuffles_index - ((bit_position *! Rust_primitives.mk_u8 4 <: u8) +! - Rust_primitives.mk_u8 3 - <: - u8) + ((bit_position *! 4uy <: u8) +! 3uy <: u8) <: - t_Array u8 (Rust_primitives.mk_usize 16)) - in - let byte_shuffles_index:usize = - byte_shuffles_index +! Rust_primitives.mk_usize 1 + t_Array u8 (sz 16)) in + let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) & - usize) + (t_Array (t_Array u8 (sz 16)) (sz 16) & usize) else byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) & - usize)) + (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) in byte_shuffles) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti index ec81e4140..9586d3a7b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti @@ -3,199 +3,128 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table open Core open FStar.Mul -let v_SHUFFLE_TABLE: t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) - (Rust_primitives.mk_usize 16) = +let v_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 16) = let list = [ (let list = [ - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; Rust_primitives.mk_u8 6; - Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; - Rust_primitives.mk_u8 6; Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; Rust_primitives.mk_u8 10; - Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; - Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; Rust_primitives.mk_u8 6; - Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; - Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; - Rust_primitives.mk_u8 6; Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 8; - Rust_primitives.mk_u8 9; Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 - ] + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 12; Rust_primitives.mk_u8 13; Rust_primitives.mk_u8 14; - Rust_primitives.mk_u8 15; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 12; Rust_primitives.mk_u8 13; - Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; Rust_primitives.mk_u8 6; - Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 12; Rust_primitives.mk_u8 13; - Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; - Rust_primitives.mk_u8 6; Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 12; - Rust_primitives.mk_u8 13; Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; Rust_primitives.mk_u8 10; - Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 12; Rust_primitives.mk_u8 13; - Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; + 255uy; 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; - Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 12; - Rust_primitives.mk_u8 13; Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; Rust_primitives.mk_u8 6; - Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 8; Rust_primitives.mk_u8 9; - Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; Rust_primitives.mk_u8 12; - Rust_primitives.mk_u8 13; Rust_primitives.mk_u8 14; Rust_primitives.mk_u8 15; - Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; Rust_primitives.mk_u8 255; - Rust_primitives.mk_u8 255 + 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; + 255uy ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); let list = - [ - Rust_primitives.mk_u8 0; Rust_primitives.mk_u8 1; Rust_primitives.mk_u8 2; - Rust_primitives.mk_u8 3; Rust_primitives.mk_u8 4; Rust_primitives.mk_u8 5; - Rust_primitives.mk_u8 6; Rust_primitives.mk_u8 7; Rust_primitives.mk_u8 8; - Rust_primitives.mk_u8 9; Rust_primitives.mk_u8 10; Rust_primitives.mk_u8 11; - Rust_primitives.mk_u8 12; Rust_primitives.mk_u8 13; Rust_primitives.mk_u8 14; - Rust_primitives.mk_u8 15 - ] + [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list @@ -208,6 +137,4 @@ val is_bit_set (number: usize) (bit_position: u8) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val generate_shuffle_table: Prims.unit - -> Prims.Pure (t_Array (t_Array u8 (Rust_primitives.mk_usize 16)) (Rust_primitives.mk_usize 16)) - Prims.l_True - (fun _ -> Prims.l_True) + -> Prims.Pure (t_Array (t_Array u8 (sz 16)) (sz 16)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst index 09fb347fe..548a6a706 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fst @@ -20,10 +20,8 @@ let from_coefficient_array (coefficient_array: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.t_Vec256) let to_coefficient_array (x: t_AVX2SIMDUnit) = - let coefficient_array:t_Array i32 (Rust_primitives.mk_usize 8) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 8) - in - let coefficient_array:t_Array i32 (Rust_primitives.mk_usize 8) = + let coefficient_array:t_Array i32 (sz 8) = Rust_primitives.Hax.repeat 0l (sz 8) in + let coefficient_array:t_Array i32 (sz 8) = Libcrux_intrinsics.Avx2_extract.mm256_storeu_si256_i32 coefficient_array x.f_coefficients in coefficient_array diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti index a35eb5b9e..ec092f8da 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Vector_type.fsti @@ -24,4 +24,4 @@ val from_coefficient_array (coefficient_array: t_Slice i32) : Prims.Pure t_AVX2SIMDUnit Prims.l_True (fun _ -> Prims.l_True) val to_coefficient_array (x: t_AVX2SIMDUnit) - : Prims.Pure (t_Array i32 (Rust_primitives.mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti index 35b953c61..d14d3a5c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fsti @@ -37,10 +37,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) -> true); f_to_coefficient_array_post = - (fun - (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) - (out: t_Array i32 (Rust_primitives.mk_usize 8)) - -> + (fun (self: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) (out: t_Array i32 (sz 8)) -> true); f_to_coefficient_array = @@ -349,10 +346,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (Rust_primitives.mk_usize 2 - ) - randomness - out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 2) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -367,10 +361,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (Rust_primitives.mk_usize 4 - ) - randomness - out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 4) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -469,7 +460,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = = (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) - (out: t_Array u8 (Rust_primitives.mk_usize 13)) + (out: t_Array u8 (sz 13)) -> true); f_t0_serialize @@ -498,7 +489,7 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = = (fun (simd_unit: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit) - (out: t_Array u8 (Rust_primitives.mk_usize 10)) + (out: t_Array u8 (sz 10)) -> true); f_t1_serialize @@ -522,39 +513,30 @@ Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = Libcrux_intrinsics.Avx2_extract.t_Vec256)); f_ntt_pre = - (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (Rust_primitives.mk_usize 32)) - -> - true); + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true); f_ntt_post = (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (Rust_primitives.mk_usize 32)) - (out: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (Rust_primitives.mk_usize 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> true); f_ntt = - (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (Rust_primitives.mk_usize 32)) - -> - let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32) = + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit (sz 32)) -> + let result:t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32) = Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt (Core.Array.impl_23__map #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit - (Rust_primitives.mk_usize 32) + (sz 32) #Libcrux_intrinsics.Avx2_extract.t_Vec256 simd_units (fun x -> let x:Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit = x in x.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_coefficients) <: - t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (Rust_primitives.mk_usize 32)) + t_Array Libcrux_intrinsics.Avx2_extract.t_Vec256 (sz 32)) in Core.Array.impl_23__map #Libcrux_intrinsics.Avx2_extract.t_Vec256 - (Rust_primitives.mk_usize 32) + (sz 32) #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_AVX2SIMDUnit result (fun x -> diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst index 48c1c060a..e42a2efa9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst @@ -3,723 +3,60 @@ module Libcrux_ml_dsa.Simd.Portable.Arithmetic open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY367462299 as v_DUMMY} -let compute_one_hint (v_GAMMA2 low high: i32) = - if - low >. v_GAMMA2 || low <. (Core.Ops.Arith.Neg.neg v_GAMMA2 <: i32) || - low =. (Core.Ops.Arith.Neg.neg v_GAMMA2 <: i32) && high <>. Rust_primitives.mk_i32 0 - then Rust_primitives.mk_i32 1 - else Rust_primitives.mk_i32 0 +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY81638022 as v_DUMMY} -let get_n_least_significant_bits (n: u8) (value: u64) = - value &. ((Rust_primitives.mk_u64 1 <>! - Rust_primitives.mk_i32 23 - in - fe -! (quotient *! Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY524003877 as v_DUMMY} -let montgomery_reduce_element (value: i64) = - let t:u64 = - (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i64) <: u64) <: u64) *! - Libcrux_ml_dsa.Simd.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - in - let k:i32 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u64) <: i32 in - let k_times_modulus:i64 = - (cast (k <: i32) <: i64) *! (cast (Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: i64) - in - let c:i32 = cast (k_times_modulus >>! v_MONTGOMERY_SHIFT <: i64) <: i32 in - let value_high:i32 = cast (value >>! v_MONTGOMERY_SHIFT <: i64) <: i32 in - value_high -! c +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY379549811 as v_DUMMY} -let montgomery_multiply_fe_by_fer (fe fer: i32) = - montgomery_reduce_element ((cast (fe <: i32) <: i64) *! (cast (fer <: i32) <: i64) <: i64) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY657797394 as v_DUMMY} -let decompose_element (v_GAMMA2 r: i32) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if - ~.((r >. (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) - <: - bool) && - (r <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.mk_usize - 1) - (Rust_primitives.mk_usize 1) - (let list = ["the representative is "] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - (let list = - [Core.Fmt.Rt.impl_1__new_display #i32 r <: Core.Fmt.Rt.t_Argument] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let r:i32 = - r +! - ((r >>! Rust_primitives.mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) - in - let v_ALPHA:i32 = v_GAMMA2 *! Rust_primitives.mk_i32 2 in - let ceil_of_r_by_128_:i32 = - (r +! Rust_primitives.mk_i32 127 <: i32) >>! Rust_primitives.mk_i32 7 - in - let r1:i32 = - match v_ALPHA with - | 190464 -> - let result:i32 = - ((ceil_of_r_by_128_ *! Rust_primitives.mk_i32 11275 <: i32) +! - (Rust_primitives.mk_i32 1 <>! - Rust_primitives.mk_i32 24 - in - (result ^. ((Rust_primitives.mk_i32 43 -! result <: i32) >>! Rust_primitives.mk_i32 31 <: i32) - <: - i32) &. - result - | 523776 -> - let result:i32 = - ((ceil_of_r_by_128_ *! Rust_primitives.mk_i32 1025 <: i32) +! - (Rust_primitives.mk_i32 1 <>! - Rust_primitives.mk_i32 22 - in - result &. Rust_primitives.mk_i32 15 - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY856139336 as v_DUMMY} - <: - Rust_primitives.Hax.t_Never) - in - let r0:i32 = r -! (r1 *! v_ALPHA <: i32) in - let r0:i32 = - r0 -! - (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! Rust_primitives.mk_i32 1 <: i32) /! - Rust_primitives.mk_i32 2 - <: - i32) -! - r0 - <: - i32) >>! - Rust_primitives.mk_i32 31 - <: - i32) &. - Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS - <: - i32) - in - r0, r1 <: (i32 & i32) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY633486193 as v_DUMMY} -let power2round_element (t: i32) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if - ~.((t >. (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) - <: - bool) && - (t <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.mk_usize - 1) - (Rust_primitives.mk_usize 1) - (let list = ["t is "] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - (let list = - [Core.Fmt.Rt.impl_1__new_display #i32 t <: Core.Fmt.Rt.t_Argument] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let t:i32 = - t +! - ((t >>! Rust_primitives.mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) - in - let t1:i32 = - ((t -! Rust_primitives.mk_i32 1 <: i32) +! - (Rust_primitives.mk_i32 1 <>! - Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T - in - let t0:i32 = t -! (t1 < - if r0 >. Rust_primitives.mk_i32 0 - then if r1 =. Rust_primitives.mk_i32 43 then Rust_primitives.mk_i32 0 else r1 +! hint - else if r1 =. Rust_primitives.mk_i32 0 then Rust_primitives.mk_i32 43 else r1 -! hint - | 261888 -> - if r0 >. Rust_primitives.mk_i32 0 - then (r1 +! hint <: i32) &. Rust_primitives.mk_i32 15 - else (r1 -! hint <: i32) &. Rust_primitives.mk_i32 15 - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY773619918 as v_DUMMY} - <: - Rust_primitives.Hax.t_Never) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_MONTGOMERY_SHIFT as v_MONTGOMERY_SHIFT} -let infinity_norm_exceeds - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (bound: i32) - = - let exceeds:bool = false in - let exceeds:bool = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Array.Iter.t_IntoIter - i32 (Rust_primitives.mk_usize 8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array i32 (Rust_primitives.mk_usize 8)) - #FStar.Tactics.Typeclasses.solve - simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - <: - Core.Array.Iter.t_IntoIter i32 (Rust_primitives.mk_usize 8)) - <: - Core.Array.Iter.t_IntoIter i32 (Rust_primitives.mk_usize 8)) - exceeds - (fun exceeds coefficient -> - let exceeds:bool = exceeds in - let coefficient:i32 = coefficient in - let _:Prims.unit = - if true - then - let _:Prims.unit = - if - ~.((coefficient >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) - <: - bool) && - (coefficient <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 - (Rust_primitives.mk_usize 1) - (Rust_primitives.mk_usize 1) - (let list = ["coefficient is "] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - (let list = - [ - Core.Fmt.Rt.impl_1__new_display #i32 coefficient - <: - Core.Fmt.Rt.t_Argument - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let sign:i32 = coefficient >>! Rust_primitives.mk_i32 31 in - let normalized:i32 = - coefficient -! (sign &. (Rust_primitives.mk_i32 2 *! coefficient <: i32) <: i32) - in - let exceeds:bool = exceeds |. (normalized >=. bound <: bool) in - exceeds) - in - exceeds +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {compute_one_hint as compute_one_hint} -let montgomery_multiply_by_constant - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (c: i32) - = - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let _:usize = temp_1_ in - true) - simd_unit - (fun simd_unit i -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let i:usize = i in - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - (montgomery_reduce_element ((cast (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] - <: - i32) - <: - i64) *! - (cast (c <: i32) <: i64) - <: - i64) - <: - i32) - <: - t_Array i32 (Rust_primitives.mk_usize 8) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {get_n_least_significant_bits as get_n_least_significant_bits} -let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (sum.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun sum temp_1_ -> - let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = sum in - let _:usize = temp_1_ in - true) - sum - (fun sum i -> - let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = sum in - let i:usize = i in - { - sum with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sum - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - ((lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) +! - (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - i32) - <: - t_Array i32 (Rust_primitives.mk_usize 8) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - sum +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {reduce_element as reduce_element} -let compute_hint - (v_GAMMA2: i32) - (low high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let one_hints_count:usize = Rust_primitives.mk_usize 0 in - let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun temp_0_ temp_1_ -> - let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (hint, one_hints_count - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize)) - (fun temp_0_ i -> - let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - usize) = - temp_0_ - in - let i:usize = i in - let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - hint with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - (compute_one_hint v_GAMMA2 - (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - (high.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let one_hints_count:usize = - one_hints_count +! - (cast (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - usize) - in - hint, one_hints_count - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize)) - in - one_hints_count, hint <: (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {montgomery_reduce_element as montgomery_reduce_element} -let decompose - (v_GAMMA2: i32) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let low:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let high:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun temp_0_ temp_1_ -> - let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (high, low - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) - (fun temp_0_ i -> - let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - temp_0_ - in - let i:usize = i in - let low_part, high_part:(i32 & i32) = - decompose_element v_GAMMA2 - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - in - let low:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - low with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize low - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - low_part - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let high:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - high with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize high - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - high_part - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - high, low - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) - in - low, high - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {montgomery_multiply_fe_by_fer as montgomery_multiply_fe_by_fer} -let montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (product.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun product temp_1_ -> - let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = product in - let _:usize = temp_1_ in - true) - product - (fun product i -> - let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = product in - let i:usize = i in - { - product with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize product - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - (montgomery_reduce_element ((cast (lhs - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] - <: - i32) - <: - i64) *! - (cast (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - i64) - <: - i64) - <: - i32) - <: - t_Array i32 (Rust_primitives.mk_usize 8) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - product +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {decompose_element as decompose_element} -let power2round (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - let t0_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let t1_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - Rust_primitives.Hax.Folds.fold_enumerated_slice simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (fun temp_0_ temp_1_ -> - let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (t0_simd_unit, t1_simd_unit - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) - (fun temp_0_ temp_1_ -> - let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - temp_0_ - in - let i, t:(usize & i32) = temp_1_ in - let t0, t1:(i32 & i32) = power2round_element t in - let t0_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - t0_simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t0_simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - t0 - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t1_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - t1_simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1_simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - t1 - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - t0_simd_unit, t1_simd_unit - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) - in - t0_simd_unit, t1_simd_unit - <: - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {infinity_norm_exceeds as infinity_norm_exceeds} -let shift_left_then_reduce - (v_SHIFT_BY: i32) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun out temp_1_ -> - let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = out in - let _:usize = temp_1_ in - true) - out - (fun out i -> - let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = out in - let i:usize = i in - { - out with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - (reduce_element ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i - ] - <: - i32) < - let difference:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = difference in - let _:usize = temp_1_ in - true) - difference - (fun difference i -> - let difference:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = difference in - let i:usize = i in - { - difference with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize difference - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - ((lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) -! - (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - i32) - <: - t_Array i32 (Rust_primitives.mk_usize 8) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - difference +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {use_one_hint as use_one_hint} -let use_hint - (v_GAMMA2: i32) - (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #i32 - (result.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - <: - usize) - (fun result temp_1_ -> - let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = result in - let _:usize = temp_1_ in - true) - result - (fun result i -> - let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = result in - let i:usize = i in - { - result with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - i - (use_one_hint v_GAMMA2 - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) - <: - i32) - <: - t_Array i32 (Rust_primitives.mk_usize 8) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - result +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {montgomery_multiply_by_constant as montgomery_multiply_by_constant} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {add as add} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {compute_hint as compute_hint} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {decompose as decompose} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {montgomery_multiply as montgomery_multiply} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {power2round as power2round} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {shift_left_then_reduce as shift_left_then_reduce} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {subtract as subtract} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {use_hint as use_hint} diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti deleted file mode 100644 index e987f5016..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti +++ /dev/null @@ -1,96 +0,0 @@ -module Libcrux_ml_dsa.Simd.Portable.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () - -let v_MONTGOMERY_SHIFT: u8 = Rust_primitives.mk_u8 32 - -val compute_one_hint (v_GAMMA2 low high: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -val get_n_least_significant_bits (n: u8) (value: u64) - : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) - -val reduce_element (fe: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -val montgomery_reduce_element (value: i64) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -val montgomery_multiply_fe_by_fer (fe fer: i32) - : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -val decompose_element (v_GAMMA2 r: i32) - : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) - -val power2round_element (t: i32) : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) - -val use_one_hint (v_GAMMA2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -val infinity_norm_exceeds - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (bound: i32) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - -val montgomery_multiply_by_constant - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (c: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val compute_hint - (v_GAMMA2: i32) - (low high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - Prims.l_True - (fun _ -> Prims.l_True) - -val decompose - (v_GAMMA2: i32) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - Prims.l_True - (fun _ -> Prims.l_True) - -val montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val power2round (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure - (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - Prims.l_True - (fun _ -> Prims.l_True) - -val shift_left_then_reduce - (v_SHIFT_BY: i32) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val use_hint - (v_GAMMA2: i32) - (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst index 59e3e305f..ff1788cd5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst @@ -7,13 +7,11 @@ let serialize (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in match cast (v_OUTPUT_SIZE <: usize) <: u8 with - | 4 -> + | 4uy -> let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in @@ -23,19 +21,19 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized i - ((coefficient1 < + | 6uy -> let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 4) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in @@ -45,30 +43,24 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) <: u8 in - let coefficient2:u8 = cast (coefficients.[ Rust_primitives.mk_usize 2 ] <: i32) <: u8 in - let coefficient3:u8 = cast (coefficients.[ Rust_primitives.mk_usize 3 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in + let coefficient2:u8 = cast (coefficients.[ sz 2 ] <: i32) <: u8 in + let coefficient3:u8 = cast (coefficients.[ sz 3 ] <: i32) <: u8 in let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 3 *! i <: usize) - ((coefficient1 <>! Rust_primitives.mk_i32 2 <: u8) - <: - u8) + ((sz 3 *! i <: usize) +! sz 1 <: usize) + ((coefficient2 <>! 2l <: u8) <: u8) in let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 3 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - ((coefficient3 <>! Rust_primitives.mk_i32 4 <: u8) - <: - u8) + ((sz 3 *! i <: usize) +! sz 2 <: usize) + ((coefficient3 <>! 4l <: u8) <: u8) in serialized) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst index 1101e8bd4..077803ff8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst @@ -3,430 +3,26 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Error open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY648673932 as v_DUMMY} -let serialize_when_eta_is_2_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - let coefficient0:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient1:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient2:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient3:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient4:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient5:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient6:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) - <: - i32) - <: - u8 - in - let coefficient7:u8 = - cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 7 ] - <: - i32) - <: - i32) - <: - u8 - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 0) - (((coefficient2 <>! Rust_primitives.mk_i32 2 <: u8) - <: - u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 2) - (((coefficient7 <>! Rust_primitives.mk_i32 1 <: u8) - <: - u8) - in - serialized +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY221943049 as v_DUMMY} -let serialize_when_eta_is_4_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 2) - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = - cast (serialize_when_eta_is_4___ETA -! - (coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) - <: - i32) - <: - u8 - in - let coefficient1:u8 = - cast (serialize_when_eta_is_4___ETA -! - (coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) - <: - i32) - <: - u8 - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - i - ((coefficient1 < serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit - | 4 -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_ETA177254429 as deserialize_when_eta_is_4___ETA} - <: - Rust_primitives.Hax.t_Never) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_ETA345140054 as serialize_when_eta_is_2___ETA} -let deserialize_when_eta_is_2_ (serialized: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 3 - <: - bool) - in - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let byte0:i32 = cast (serialized.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32 in - let byte1:i32 = cast (serialized.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32 in - let byte2:i32 = cast (serialized.[ Rust_primitives.mk_usize 2 ] <: u8) <: i32 in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - (deserialize_when_eta_is_2___ETA -! (byte0 &. Rust_primitives.mk_i32 7 <: i32) <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - (deserialize_when_eta_is_2___ETA -! - ((byte0 >>! Rust_primitives.mk_i32 3 <: i32) &. Rust_primitives.mk_i32 7 <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - (deserialize_when_eta_is_2___ETA -! - (((byte0 >>! Rust_primitives.mk_i32 6 <: i32) |. - (byte1 <>! Rust_primitives.mk_i32 1 <: i32) &. Rust_primitives.mk_i32 7 <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - (deserialize_when_eta_is_2___ETA -! - ((byte1 >>! Rust_primitives.mk_i32 4 <: i32) &. Rust_primitives.mk_i32 7 <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - (deserialize_when_eta_is_2___ETA -! - (((byte1 >>! Rust_primitives.mk_i32 7 <: i32) |. - (byte2 <>! Rust_primitives.mk_i32 2 <: i32) &. Rust_primitives.mk_i32 7 <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - (deserialize_when_eta_is_2___ETA -! - ((byte2 >>! Rust_primitives.mk_i32 5 <: i32) &. Rust_primitives.mk_i32 7 <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_ETA858068178 as serialize_when_eta_is_4___ETA} -let deserialize_when_eta_is_4_ (serialized: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 4 - <: - bool) - in - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_enumerated_slice serialized - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let _:usize = temp_1_ in - true) - simd_unit - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let i, byte:(usize & u8) = temp_1_ in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2 *! i <: usize) - (deserialize_when_eta_is_4___ETA -! - (cast (byte &. Rust_primitives.mk_u8 15 <: u8) <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - ((Rust_primitives.mk_usize 2 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - (deserialize_when_eta_is_4___ETA -! - (cast (byte >>! Rust_primitives.mk_i32 4 <: u8) <: i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit) - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize_when_eta_is_2_ as serialize_when_eta_is_2_} -let deserialize (v_ETA: usize) (serialized: t_Slice u8) = - match cast (v_ETA <: usize) <: u8 with - | 2 -> deserialize_when_eta_is_2_ serialized - | 4 -> deserialize_when_eta_is_4_ serialized - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize_when_eta_is_4_ as serialize_when_eta_is_4_} - <: - Rust_primitives.Hax.t_Never) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize1006998023 as serialize} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize_when_eta_is_2_ as deserialize_when_eta_is_2_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize_when_eta_is_4_ as deserialize_when_eta_is_4_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize154437703 as deserialize} diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti deleted file mode 100644 index 7164821d8..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti +++ /dev/null @@ -1,49 +0,0 @@ -module Libcrux_ml_dsa.Simd.Portable.Encoding.Error -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () - -let deserialize_when_eta_is_2___ETA: i32 = Rust_primitives.mk_i32 2 - -let deserialize_when_eta_is_4___ETA: i32 = Rust_primitives.mk_i32 4 - -let serialize_when_eta_is_2___ETA: i32 = Rust_primitives.mk_i32 2 - -let serialize_when_eta_is_4___ETA: i32 = Rust_primitives.mk_i32 4 - -val serialize_when_eta_is_2_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_when_eta_is_4_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val serialize - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_when_eta_is_2_ (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize_when_eta_is_4_ (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize (v_ETA: usize) (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst index d1d4b15fc..8eb4337c6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst @@ -3,963 +3,30 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY771885219 as v_DUMMY} -let serialize_when_gamma1_is_2_pow_17_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 4) - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) - in - let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) - in - let coefficient2:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 2 ] <: i32) - in - let coefficient3:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 3 ] <: i32) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 9 *! i <: usize) - (cast (coefficient0 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - (cast (coefficient0 >>! Rust_primitives.mk_i32 8 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - (cast (coefficient0 >>! Rust_primitives.mk_i32 16 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - ((serialized.[ (Rust_primitives.mk_usize 9 *! i <: usize) +! - Rust_primitives.mk_usize 2 - <: - usize ] - <: - u8) |. - (cast (coefficient1 <>! Rust_primitives.mk_i32 6 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 4 <: usize) - (cast (coefficient1 >>! Rust_primitives.mk_i32 14 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 4 <: usize) - ((serialized.[ (Rust_primitives.mk_usize 9 *! i <: usize) +! - Rust_primitives.mk_usize 4 - <: - usize ] - <: - u8) |. - (cast (coefficient2 <>! Rust_primitives.mk_i32 4 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 6 <: usize) - (cast (coefficient2 >>! Rust_primitives.mk_i32 12 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 6 <: usize) - ((serialized.[ (Rust_primitives.mk_usize 9 *! i <: usize) +! - Rust_primitives.mk_usize 6 - <: - usize ] - <: - u8) |. - (cast (coefficient3 <>! Rust_primitives.mk_i32 2 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 9 *! i <: usize) +! Rust_primitives.mk_usize 8 <: usize) - (cast (coefficient3 >>! Rust_primitives.mk_i32 10 <: i32) <: u8) - in - serialized) - in - serialized +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY1067577027 as v_DUMMY} -let serialize_when_gamma1_is_2_pow_19_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_OUTPUT_SIZE - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 2) - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) - in - let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! - (coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 5 *! i <: usize) - (cast (coefficient0 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - (cast (coefficient0 >>! Rust_primitives.mk_i32 8 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - (cast (coefficient0 >>! Rust_primitives.mk_i32 16 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - ((serialized.[ (Rust_primitives.mk_usize 5 *! i <: usize) +! - Rust_primitives.mk_usize 2 - <: - usize ] - <: - u8) |. - (cast (coefficient1 <>! Rust_primitives.mk_i32 4 <: i32) <: u8) - in - let serialized:t_Array u8 v_OUTPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 4 <: usize) - (cast (coefficient1 >>! Rust_primitives.mk_i32 12 <: i32) <: u8) - in - serialized) - in - serialized +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_GAMMA1183990813 as deserialize_when_gamma1_is_2_pow_17___GAMMA1} -let serialize - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - = - match cast (v_OUTPUT_SIZE <: usize) <: u8 with - | 18 -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit - | 20 -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_GAMMA1_TIMES_2_BITMASK305664693 as deserialize_when_gamma1_is_2_pow_17___GAMMA1_TIMES_2_BITMASK} - <: - Rust_primitives.Hax.t_Never) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_GAMMA1465203885 as deserialize_when_gamma1_is_2_pow_19___GAMMA1} -let deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 18 - <: - bool) - in - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 9) - serialized - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let _:usize = temp_1_ in - true) - simd_unit - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4 *! i <: usize) - (cast (bytes.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4 *! i <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 *! - i - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32) <>! - Rust_primitives.mk_i32 2 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - ((Rust_primitives.mk_usize 4 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (Rust_primitives.mk_usize - 4 *! - i - <: - usize) +! - Rust_primitives.mk_usize 1 - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 3 ] <: u8) <: i32) <>! - Rust_primitives.mk_i32 4 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - ((Rust_primitives.mk_usize 4 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (Rust_primitives.mk_usize - 4 *! - i - <: - usize) +! - Rust_primitives.mk_usize 2 - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 5 ] <: u8) <: i32) <>! - Rust_primitives.mk_i32 6 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - ((Rust_primitives.mk_usize 4 *! i <: usize) +! Rust_primitives.mk_usize 3 <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (Rust_primitives.mk_usize - 4 *! - i - <: - usize) +! - Rust_primitives.mk_usize 3 - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 7 ] <: u8) <: i32) < - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let _:usize = temp_1_ in - true) - simd_unit - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2 *! i <: usize) - (cast (bytes.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2 *! i <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 *! - i - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32) <>! - Rust_primitives.mk_i32 4 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - ((Rust_primitives.mk_usize 2 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (Rust_primitives.mk_usize - 2 *! - i - <: - usize) +! - Rust_primitives.mk_usize 1 - <: - usize ] - <: - i32) |. - ((cast (bytes.[ Rust_primitives.mk_usize 3 ] <: u8) <: i32) < deserialize_when_gamma1_is_2_pow_17_ serialized - | 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_GAMMA1658756807 as serialize_when_gamma1_is_2_pow_19___GAMMA1} - <: - Rust_primitives.Hax.t_Never) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize_when_gamma1_is_2_pow_17_ as serialize_when_gamma1_is_2_pow_17_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize_when_gamma1_is_2_pow_19_ as serialize_when_gamma1_is_2_pow_19_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {serialize526929060 as serialize} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize_when_gamma1_is_2_pow_17_ as deserialize_when_gamma1_is_2_pow_17_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize_when_gamma1_is_2_pow_19_ as deserialize_when_gamma1_is_2_pow_19_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {deserialize244287932 as deserialize} diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti deleted file mode 100644 index 0c47ebcf4..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti +++ /dev/null @@ -1,61 +0,0 @@ -module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () - -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = - Rust_primitives.mk_i32 1 < Prims.l_True) - -val serialize_when_gamma1_is_2_pow_19_ - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val serialize - (v_OUTPUT_SIZE: usize) - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fst index ae51fdbc1..4658c7a86 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fst @@ -3,851 +3,18 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.T0 open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY768581343 as v_DUMMY} -let change_t0_interval (t0: i32) = - (Rust_primitives.mk_i32 1 <>! Rust_primitives.mk_i32 8 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 1) - ((serialized.[ Rust_primitives.mk_usize 1 ] <: u8) |. - (cast (coefficient1 <>! Rust_primitives.mk_i32 3 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 3) - (cast (coefficient1 >>! Rust_primitives.mk_i32 11 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 3) - ((serialized.[ Rust_primitives.mk_usize 3 ] <: u8) |. - (cast (coefficient2 <>! Rust_primitives.mk_i32 6 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 4) - ((serialized.[ Rust_primitives.mk_usize 4 ] <: u8) |. - (cast (coefficient3 <>! Rust_primitives.mk_i32 1 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 6) - (cast (coefficient3 >>! Rust_primitives.mk_i32 9 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 6) - ((serialized.[ Rust_primitives.mk_usize 6 ] <: u8) |. - (cast (coefficient4 <>! Rust_primitives.mk_i32 4 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 8) - (cast (coefficient4 >>! Rust_primitives.mk_i32 12 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 8) - ((serialized.[ Rust_primitives.mk_usize 8 ] <: u8) |. - (cast (coefficient5 <>! Rust_primitives.mk_i32 7 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 9) - ((serialized.[ Rust_primitives.mk_usize 9 ] <: u8) |. - (cast (coefficient6 <>! Rust_primitives.mk_i32 2 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 11) - (cast (coefficient6 >>! Rust_primitives.mk_i32 10 <: i32) <: u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 13) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 11) - ((serialized.[ Rust_primitives.mk_usize 11 ] <: u8) |. - (cast (coefficient7 <>! Rust_primitives.mk_i32 5 <: i32) <: u8) - in - serialized +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY442276865 as v_DUMMY} -let deserialize (serialized: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 13 - <: - bool) - in - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let byte0:i32 = cast (serialized.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32 in - let byte1:i32 = cast (serialized.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32 in - let byte2:i32 = cast (serialized.[ Rust_primitives.mk_usize 2 ] <: u8) <: i32 in - let byte3:i32 = cast (serialized.[ Rust_primitives.mk_usize 3 ] <: u8) <: i32 in - let byte4:i32 = cast (serialized.[ Rust_primitives.mk_usize 4 ] <: u8) <: i32 in - let byte5:i32 = cast (serialized.[ Rust_primitives.mk_usize 5 ] <: u8) <: i32 in - let byte6:i32 = cast (serialized.[ Rust_primitives.mk_usize 6 ] <: u8) <: i32 in - let byte7:i32 = cast (serialized.[ Rust_primitives.mk_usize 7 ] <: u8) <: i32 in - let byte8:i32 = cast (serialized.[ Rust_primitives.mk_usize 8 ] <: u8) <: i32 in - let byte9:i32 = cast (serialized.[ Rust_primitives.mk_usize 9 ] <: u8) <: i32 in - let byte10:i32 = cast (serialized.[ Rust_primitives.mk_usize 10 ] <: u8) <: i32 in - let byte11:i32 = cast (serialized.[ Rust_primitives.mk_usize 11 ] <: u8) <: i32 in - let byte12:i32 = cast (serialized.[ Rust_primitives.mk_usize 12 ] <: u8) <: i32 in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - byte0 - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) |. - (byte1 <>! Rust_primitives.mk_i32 5 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) |. - (byte2 <>! Rust_primitives.mk_i32 2 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) |. - (byte4 <>! Rust_primitives.mk_i32 7 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) |. - (byte5 <>! Rust_primitives.mk_i32 4 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) |. - (byte7 <>! Rust_primitives.mk_i32 1 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) |. - (byte9 <>! Rust_primitives.mk_i32 6 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) |. - (byte10 <>! Rust_primitives.mk_i32 3 <: i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 7 ] - <: - i32) |. - (byte12 < Prims.l_True) - -let deserialize__BITS_IN_LOWER_PART_OF_T_MASK: i32 = - (Rust_primitives.mk_i32 1 < Prims.l_True) - -val deserialize (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T1.fst index 92eb0bd96..1d556b8ed 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T1.fst @@ -3,234 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.T1 open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY720308282 as v_DUMMY} -let serialize (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) (Rust_primitives.mk_usize 10) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (Rust_primitives.mk_usize 4) - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = serialized in - let _:usize = temp_1_ in - true) - serialized - (fun serialized temp_1_ -> - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (Rust_primitives.mk_usize 5 *! i <: usize) - (cast ((coefficients.[ Rust_primitives.mk_usize 0 ] <: i32) &. - Rust_primitives.mk_i32 255 - <: - i32) - <: - u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 1 <: usize) - (((cast ((coefficients.[ Rust_primitives.mk_usize 1 ] <: i32) &. - Rust_primitives.mk_i32 63 - <: - i32) - <: - u8) <>! - Rust_primitives.mk_i32 8 - <: - i32) &. - Rust_primitives.mk_i32 3 - <: - i32) - <: - u8) - <: - u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 2 <: usize) - (((cast ((coefficients.[ Rust_primitives.mk_usize 2 ] <: i32) &. - Rust_primitives.mk_i32 15 - <: - i32) - <: - u8) <>! - Rust_primitives.mk_i32 6 - <: - i32) &. - Rust_primitives.mk_i32 15 - <: - i32) - <: - u8) - <: - u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 3 <: usize) - (((cast ((coefficients.[ Rust_primitives.mk_usize 3 ] <: i32) &. - Rust_primitives.mk_i32 3 - <: - i32) - <: - u8) <>! - Rust_primitives.mk_i32 4 - <: - i32) &. - Rust_primitives.mk_i32 63 - <: - i32) - <: - u8) - <: - u8) - in - let serialized:t_Array u8 (Rust_primitives.mk_usize 10) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((Rust_primitives.mk_usize 5 *! i <: usize) +! Rust_primitives.mk_usize 4 <: usize) - (cast (((coefficients.[ Rust_primitives.mk_usize 3 ] <: i32) >>! - Rust_primitives.mk_i32 2 - <: - i32) &. - Rust_primitives.mk_i32 255 - <: - i32) - <: - u8) - in - serialized) - in - serialized +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY690934349 as v_DUMMY} -let deserialize (serialized: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. - Rust_primitives.mk_usize 10 - <: - bool) - in - () - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - #FStar.Tactics.Typeclasses.solve - () - in - let mask:i32 = - (Rust_primitives.mk_i32 1 < - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let _:usize = temp_1_ in - true) - simd_unit - (fun simd_unit temp_1_ -> - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - let byte0:i32 = cast (bytes.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32 in - let byte1:i32 = cast (bytes.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32 in - let byte2:i32 = cast (bytes.[ Rust_primitives.mk_usize 2 ] <: u8) <: i32 in - let byte3:i32 = cast (bytes.[ Rust_primitives.mk_usize 3 ] <: u8) <: i32 in - let byte4:i32 = cast (bytes.[ Rust_primitives.mk_usize 4 ] <: u8) <: i32 in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4 *! i <: usize) - ((byte0 |. (byte1 <>! Rust_primitives.mk_i32 2 <: i32) |. - (byte2 <>! Rust_primitives.mk_i32 4 <: i32) |. - (byte3 <>! Rust_primitives.mk_i32 6 <: i32) |. - (byte4 < Prims.l_True) - -val deserialize (serialized: t_Slice u8) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst index b93407247..b4ea90c2b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst @@ -3,1542 +3,42 @@ module Libcrux_ml_dsa.Simd.Portable.Ntt open Core open FStar.Mul -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY486617197 as v_DUMMY} -let invert_ntt_at_layer_0_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1 zeta2 zeta3: i32) - = - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 1 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 0 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 3 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 2 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 5 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 4 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta2 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 6 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 7 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta3 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY671965844 as v_DUMMY} -let invert_ntt_at_layer_1_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1: i32) - = - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 2 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 0 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 3 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 1 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 6 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 4 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 5 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 7 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY879052313 as v_DUMMY} -let invert_ntt_at_layer_2_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta: i32) - = - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 4 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 0 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 - ) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 5 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 1 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 - ) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 6 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 2 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 - ) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 - ] - <: - i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 3 - ] - <: - i32) - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 7 ] - <: - i32) - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 - ) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY359502844 as v_DUMMY} -let simd_unit_ntt_at_layer_0_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1 zeta2 zeta3: i32) - = - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 1 ] - <: - i32) - zeta0 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 3 ] - <: - i32) - zeta1 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 5 ] - <: - i32) - zeta2 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 ] - <: - i32) - zeta3 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 6 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY91690999 as v_DUMMY} -let ntt_at_layer_0_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - = - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - <: - usize) - (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let round:usize = round in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - round - (simd_unit_ntt_at_layer_0_ (re.[ round ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 1 - <: - usize ] - <: - i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 2 - <: - usize ] - <: - i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 3 - <: - usize ] - <: - i32) - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 4 in - re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in - zeta_i, re - <: - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY782304655 as v_DUMMY} -let simd_unit_ntt_at_layer_1_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta1 zeta2: i32) - = - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 2 ] - <: - i32) - zeta1 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 3 ] - <: - i32) - zeta1 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 6 ] - <: - i32) - zeta2 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 4 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 ] - <: - i32) - zeta2 - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 5 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY344990702 as v_DUMMY} -let ntt_at_layer_1_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - = - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - <: - usize) - (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let round:usize = round in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - round - (simd_unit_ntt_at_layer_1_ (re.[ round ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! - Rust_primitives.mk_usize 1 - <: - usize ] - <: - i32) - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 2 in - re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - in - let zeta_i:usize = zeta_i -! Rust_primitives.mk_usize 1 in - zeta_i, re - <: - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY410925233 as v_DUMMY} -let simd_unit_ntt_at_layer_2_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta: i32) - = - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 4 ] - <: - i32) - zeta - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 0 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 5 ] - <: - i32) - zeta - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 1 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 6 ] - <: - i32) - zeta - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 2 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let t:i32 = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize 7 ] - <: - i32) - zeta - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) -! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - { - simd_unit with - Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients - (Rust_primitives.mk_usize 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ Rust_primitives.mk_usize - 3 ] - <: - i32) +! - t - <: - i32) - } - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - in - simd_unit +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY997570341 as v_DUMMY} -let ntt_at_layer_2_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - = - let (re, zeta_i), hax_temp_output:(t_Array - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (Rust_primitives.mk_usize 32) & - usize) = - Rust_primitives.Hax.Folds.fold_range (Rust_primitives.mk_usize 0) - (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - <: - usize) - (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let round:usize = round in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - round - (simd_unit_ntt_at_layer_2_ (re.[ round ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - in - zeta_i, re - <: - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {invert_ntt_at_layer_0_ as invert_ntt_at_layer_0_} -let ntt - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - = - let zeta_i:usize = Rust_primitives.mk_usize 0 in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 7) zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 6) zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 5) zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 4) zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_3_plus (Rust_primitives.mk_usize 3) zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_2_ zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_1_ zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - let tmp0, tmp1:(usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) = - ntt_at_layer_0_ zeta_i re - in - let zeta_i:usize = tmp0 in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - tmp1 - in - let _:Prims.unit = () in - re +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {invert_ntt_at_layer_1_ as invert_ntt_at_layer_1_} -let ntt_at_layer_3_plus - (v_LAYER zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - = - let step:usize = Rust_primitives.mk_usize 1 <>! v_LAYER <: usize) - (fun temp_0_ temp_1_ -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let _:usize = temp_1_ in - true) - (re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - (fun temp_0_ round -> - let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize) = - temp_0_ - in - let round:usize = round in - let zeta_i:usize = zeta_i +! Rust_primitives.mk_usize 1 in - let offset:usize = - ((round *! step <: usize) *! Rust_primitives.mk_usize 2 <: usize) /! - Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT - in - let step_by:usize = step /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Folds.fold_range offset - (offset +! step_by <: usize) - (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - re - in - let _:usize = temp_1_ in - true) - re - (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - re - in - let j:usize = j in - let t:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = - Libcrux_ml_dsa.Simd.Traits.montgomery_multiply_by_fer #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (re.[ j +! step_by <: usize ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (j +! step_by <: usize) - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract (re.[ j ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - t - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - j - (Libcrux_ml_dsa.Simd.Portable.Arithmetic.add (re.[ j ] - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - t - <: - Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - in - re) - in - re, zeta_i - <: - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32) & - usize)) - in - zeta_i, re - <: - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {invert_ntt_at_layer_2_ as invert_ntt_at_layer_2_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {simd_unit_ntt_at_layer_0_ as simd_unit_ntt_at_layer_0_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {simd_unit_ntt_at_layer_1_ as simd_unit_ntt_at_layer_1_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {simd_unit_ntt_at_layer_2_ as simd_unit_ntt_at_layer_2_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt_at_layer_0_ as ntt_at_layer_0_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt_at_layer_1_ as ntt_at_layer_1_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt_at_layer_2_ as ntt_at_layer_2_} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt as ntt} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt_at_layer_3_plus as ntt_at_layer_3_plus} diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti deleted file mode 100644 index 66de4b801..000000000 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti +++ /dev/null @@ -1,101 +0,0 @@ -module Libcrux_ml_dsa.Simd.Portable.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_dsa.Simd.Portable in - let open Libcrux_ml_dsa.Simd.Traits in - () - -val invert_ntt_at_layer_0_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1 zeta2 zeta3: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val invert_ntt_at_layer_1_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val invert_ntt_at_layer_2_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val simd_unit_ntt_at_layer_0_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta0 zeta1 zeta2 zeta3: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val ntt_at_layer_0_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) - -val simd_unit_ntt_at_layer_1_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta1 zeta2: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val ntt_at_layer_1_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) - -val simd_unit_ntt_at_layer_2_ - (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (zeta: i32) - : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - Prims.l_True - (fun _ -> Prims.l_True) - -val ntt_at_layer_2_ - (zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) - -val ntt - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - : Prims.Pure - (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) - -val ntt_at_layer_3_plus - (v_LAYER zeta_i: usize) - (re: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - : Prims.Pure - (usize & - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fst new file mode 100644 index 000000000..8841abdd5 --- /dev/null +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fst @@ -0,0 +1,3895 @@ +module Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_dsa.Simd.Portable.Vector_type in + let open Libcrux_ml_dsa.Simd.Traits in + () + +let compute_one_hint (v_GAMMA2 low high: i32) = + if + low >. v_GAMMA2 || low <. (Core.Ops.Arith.Neg.neg v_GAMMA2 <: i32) || + low =. (Core.Ops.Arith.Neg.neg v_GAMMA2 <: i32) && high <>. 0l + then 1l + else 0l + +let get_n_least_significant_bits (n: u8) (value: u64) = value &. ((1uL <>! 23l in + fe -! (quotient *! Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + +let montgomery_reduce_element (value: i64) = + let t:u64 = + (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i64) <: u64) <: u64) *! + Libcrux_ml_dsa.Simd.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + in + let k:i32 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u64) <: i32 in + let k_times_modulus:i64 = + (cast (k <: i32) <: i64) *! (cast (Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: i64) + in + let c:i32 = cast (k_times_modulus >>! v_MONTGOMERY_SHIFT <: i64) <: i32 in + let value_high:i32 = cast (value >>! v_MONTGOMERY_SHIFT <: i64) <: i32 in + value_high -! c + +let montgomery_multiply_fe_by_fer (fe fer: i32) = + montgomery_reduce_element ((cast (fe <: i32) <: i64) *! (cast (fer <: i32) <: i64) <: i64) + +let invert_ntt_at_layer_0_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1 zeta2 zeta3: i32) + = + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + (montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let invert_ntt_at_layer_1_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1: i32) + = + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let invert_ntt_at_layer_2_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta: i32) + = + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let a_minus_b:i32 = + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let simd_unit_ntt_at_layer_0_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1 zeta2 zeta3: i32) + = + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 1 ] + <: + i32) + zeta0 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 3 ] + <: + i32) + zeta1 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 5 ] + <: + i32) + zeta2 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 7 ] + <: + i32) + zeta3 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let simd_unit_ntt_at_layer_1_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta1 zeta2: i32) + = + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 2 ] + <: + i32) + zeta1 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 3 ] + <: + i32) + zeta1 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 6 ] + <: + i32) + zeta2 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 7 ] + <: + i32) + zeta2 + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let simd_unit_ntt_at_layer_2_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta: i32) + = + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 4 ] + <: + i32) + zeta + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 5 ] + <: + i32) + zeta + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 6 ] + <: + i32) + zeta + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t:i32 = + montgomery_multiply_fe_by_fer (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ + sz 7 ] + <: + i32) + zeta + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) -! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) +! t + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +let decompose_element (v_GAMMA2 r: i32) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.((r >. (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + <: + bool) && + (r <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (sz 1) + (sz 1) + (let list = ["the representative is "] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + (let list = + [Core.Fmt.Rt.impl_1__new_display #i32 r <: Core.Fmt.Rt.t_Argument] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let r:i32 = r +! ((r >>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in + let v_ALPHA:i32 = v_GAMMA2 *! 2l in + let ceil_of_r_by_128_:i32 = (r +! 127l <: i32) >>! 7l in + let r1:i32 = + match v_ALPHA with + | 190464l -> + let result:i32 = + ((ceil_of_r_by_128_ *! 11275l <: i32) +! (1l <>! 24l + in + (result ^. ((43l -! result <: i32) >>! 31l <: i32) <: i32) &. result + | 523776l -> + let result:i32 = + ((ceil_of_r_by_128_ *! 1025l <: i32) +! (1l <>! 22l + in + result &. 15l + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + in + let r0:i32 = r -! (r1 *! v_ALPHA <: i32) in + let r0:i32 = + r0 -! + (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! 1l <: i32) /! 2l <: i32) -! r0 <: i32) >>! + 31l + <: + i32) &. + Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS + <: + i32) + in + r0, r1 <: (i32 & i32) + +let infinity_norm_exceeds + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (bound: i32) + = + let exceeds:bool = false in + let exceeds:bool = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Array.Iter.t_IntoIter + i32 (sz 8)) + #FStar.Tactics.Typeclasses.solve + (Core.Iter.Traits.Collect.f_into_iter #(t_Array i32 (sz 8)) + #FStar.Tactics.Typeclasses.solve + simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + <: + Core.Array.Iter.t_IntoIter i32 (sz 8)) + <: + Core.Array.Iter.t_IntoIter i32 (sz 8)) + exceeds + (fun exceeds coefficient -> + let exceeds:bool = exceeds in + let coefficient:i32 = coefficient in + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.((coefficient >. + (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + <: + bool) && + (coefficient <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 + (sz 1) + (sz 1) + (let list = ["coefficient is "] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + (let list = + [ + Core.Fmt.Rt.impl_1__new_display #i32 coefficient + <: + Core.Fmt.Rt.t_Argument + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let sign:i32 = coefficient >>! 31l in + let normalized:i32 = coefficient -! (sign &. (2l *! coefficient <: i32) <: i32) in + let exceeds:bool = exceeds |. (normalized >=. bound <: bool) in + exceeds) + in + exceeds + +let power2round_element (t: i32) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.((t >. (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + <: + bool) && + (t <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (sz 1) + (sz 1) + (let list = ["t is "] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + (let list = + [Core.Fmt.Rt.impl_1__new_display #i32 t <: Core.Fmt.Rt.t_Argument] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in + () + in + let t:i32 = t +! ((t >>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in + let t1:i32 = + ((t -! 1l <: i32) +! + (1l <>! + Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T + in + let t0:i32 = t -! (t1 < + if r0 >. 0l + then if r1 =. 43l then 0l else r1 +! hint + else if r1 =. 0l then 43l else r1 -! hint + | 261888l -> if r0 >. 0l then (r1 +! hint <: i32) &. 15l else (r1 -! hint <: i32) &. 15l + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +let serialize_when_eta_is_2_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + let coefficient0:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient1:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient2:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient3:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient4:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient5:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient6:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) + <: + i32) + <: + u8 + in + let coefficient7:u8 = + cast (v_ETA345140054 -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) + <: + i32) + <: + u8 + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 0) + (((coefficient2 <>! 2l <: u8) + <: + u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 2) + (((coefficient7 <>! 1l <: u8) + <: + u8) + in + serialized + +let serialize977980603 (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + let serialized:t_Array u8 (sz 13) = Rust_primitives.Hax.repeat 0uy (sz 13) in + let coefficient0:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] + <: + i32) + in + let coefficient1:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] + <: + i32) + in + let coefficient2:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] + <: + i32) + in + let coefficient3:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] + <: + i32) + in + let coefficient4:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] + <: + i32) + in + let coefficient5:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] + <: + i32) + in + let coefficient6:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] + <: + i32) + in + let coefficient7:i32 = + change_t0_interval (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] + <: + i32) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 0) + (cast (coefficient0 <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 1) + (cast (coefficient0 >>! 8l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 1) + ((serialized.[ sz 1 ] <: u8) |. (cast (coefficient1 <>! 3l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 3) + (cast (coefficient1 >>! 11l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 3) + ((serialized.[ sz 3 ] <: u8) |. (cast (coefficient2 <>! 6l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 4) + ((serialized.[ sz 4 ] <: u8) |. (cast (coefficient3 <>! 1l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 6) + (cast (coefficient3 >>! 9l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 6) + ((serialized.[ sz 6 ] <: u8) |. (cast (coefficient4 <>! 4l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 8) + (cast (coefficient4 >>! 12l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 8) + ((serialized.[ sz 8 ] <: u8) |. (cast (coefficient5 <>! 7l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 9) + ((serialized.[ sz 9 ] <: u8) |. (cast (coefficient6 <>! 2l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 11) + (cast (coefficient6 >>! 10l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 13) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 11) + ((serialized.[ sz 11 ] <: u8) |. (cast (coefficient7 <>! 5l <: i32) <: u8) + in + serialized + +let montgomery_multiply_by_constant + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (c: i32) + = + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let _:usize = temp_1_ in + true) + simd_unit + (fun simd_unit i -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let i:usize = i in + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + (montgomery_reduce_element ((cast (simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] + <: + i32) + <: + i64) *! + (cast (c <: i32) <: i64) + <: + i64) + <: + i32) + <: + t_Array i32 (sz 8) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + simd_unit + +let serialize_when_eta_is_4_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient0:u8 = + cast (v_ETA858068178 -! (coefficients.[ sz 0 ] <: i32) <: i32) <: u8 + in + let coefficient1:u8 = + cast (v_ETA858068178 -! (coefficients.[ sz 1 ] <: i32) <: i32) <: u8 + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + i + ((coefficient1 < serialize_when_eta_is_2_ v_OUTPUT_SIZE simd_unit + | 4uy -> serialize_when_eta_is_4_ v_OUTPUT_SIZE simd_unit + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +let serialize_when_gamma1_is_2_pow_17_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient0:i32 = v_GAMMA1331343739 -! (coefficients.[ sz 0 ] <: i32) in + let coefficient1:i32 = v_GAMMA1331343739 -! (coefficients.[ sz 1 ] <: i32) in + let coefficient2:i32 = v_GAMMA1331343739 -! (coefficients.[ sz 2 ] <: i32) in + let coefficient3:i32 = v_GAMMA1331343739 -! (coefficients.[ sz 3 ] <: i32) in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 9 *! i <: usize) + (cast (coefficient0 <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 1 <: usize) + (cast (coefficient0 >>! 8l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 2 <: usize) + (cast (coefficient0 >>! 16l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 2 <: usize) + ((serialized.[ (sz 9 *! i <: usize) +! sz 2 <: usize ] <: u8) |. + (cast (coefficient1 <>! 6l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 4 <: usize) + (cast (coefficient1 >>! 14l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 4 <: usize) + ((serialized.[ (sz 9 *! i <: usize) +! sz 4 <: usize ] <: u8) |. + (cast (coefficient2 <>! 4l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 6 <: usize) + (cast (coefficient2 >>! 12l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 6 <: usize) + ((serialized.[ (sz 9 *! i <: usize) +! sz 6 <: usize ] <: u8) |. + (cast (coefficient3 <>! 2l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 9 *! i <: usize) +! sz 8 <: usize) + (cast (coefficient3 >>! 10l <: i32) <: u8) + in + serialized) + in + serialized + +let serialize_when_gamma1_is_2_pow_19_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let serialized:t_Array u8 v_OUTPUT_SIZE = Rust_primitives.Hax.repeat 0uy v_OUTPUT_SIZE in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUTPUT_SIZE = serialized in + let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient0:i32 = v_GAMMA1658756807 -! (coefficients.[ sz 0 ] <: i32) in + let coefficient1:i32 = v_GAMMA1658756807 -! (coefficients.[ sz 1 ] <: i32) in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 5 *! i <: usize) + (cast (coefficient0 <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 1 <: usize) + (cast (coefficient0 >>! 8l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 2 <: usize) + (cast (coefficient0 >>! 16l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 2 <: usize) + ((serialized.[ (sz 5 *! i <: usize) +! sz 2 <: usize ] <: u8) |. + (cast (coefficient1 <>! 4l <: i32) <: u8) + in + let serialized:t_Array u8 v_OUTPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 4 <: usize) + (cast (coefficient1 >>! 12l <: i32) <: u8) + in + serialized) + in + serialized + +let serialize526929060 + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + match cast (v_OUTPUT_SIZE <: usize) <: u8 with + | 18uy -> serialize_when_gamma1_is_2_pow_17_ v_OUTPUT_SIZE simd_unit + | 20uy -> serialize_when_gamma1_is_2_pow_19_ v_OUTPUT_SIZE simd_unit + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +let serialize300254843 (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + let serialized:t_Array u8 (sz 10) = Rust_primitives.Hax.repeat 0uy (sz 10) in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 10) = serialized in + let _:usize = temp_1_ in + true) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 10) = serialized in + let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 5 *! i <: usize) + (cast ((coefficients.[ sz 0 ] <: i32) &. 255l <: i32) <: u8) + in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 1 <: usize) + (((cast ((coefficients.[ sz 1 ] <: i32) &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) + <: + u8) + in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 2 <: usize) + (((cast ((coefficients.[ sz 2 ] <: i32) &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) + <: + u8) + in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 3 <: usize) + (((cast ((coefficients.[ sz 3 ] <: i32) &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) + <: + u8) + in + let serialized:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + ((sz 5 *! i <: usize) +! sz 4 <: usize) + (cast (((coefficients.[ sz 3 ] <: i32) >>! 2l <: i32) &. 255l <: i32) <: u8) + in + serialized) + in + serialized + +let ntt_at_layer_0_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + = + let zeta_i:usize = zeta_i +! sz 1 in + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & + usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + <: + usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + (fun temp_0_ round -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let round:usize = round in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + round + (simd_unit_ntt_at_layer_0_ (re.[ round ] + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] + <: + i32) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize ] + <: + i32) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize ] + <: + i32) + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + let zeta_i:usize = zeta_i +! sz 4 in + re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + in + let zeta_i:usize = zeta_i -! sz 1 in + zeta_i, re + <: + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + +let ntt_at_layer_1_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + = + let zeta_i:usize = zeta_i +! sz 1 in + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & + usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + <: + usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + (fun temp_0_ round -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let round:usize = round in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + round + (simd_unit_ntt_at_layer_1_ (re.[ round ] + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] + <: + i32) + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + let zeta_i:usize = zeta_i +! sz 2 in + re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + in + let zeta_i:usize = zeta_i -! sz 1 in + zeta_i, re + <: + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + +let ntt_at_layer_2_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + = + let (re, zeta_i), hax_temp_output:(t_Array + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & + usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + <: + usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + (fun temp_0_ round -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + round + (simd_unit_ntt_at_layer_2_ (re.[ round ] + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + in + zeta_i, re + <: + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + +let rec add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (sum.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun sum temp_1_ -> + let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = sum in + let _:usize = temp_1_ in + true) + sum + (fun sum i -> + let sum:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = sum in + let i:usize = i in + { + sum with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sum + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + ((lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) +! + (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + i32) + <: + t_Array i32 (sz 8) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + sum + +and compute_hint + (v_GAMMA2: i32) + (low high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let one_hints_count:usize = sz 0 in + let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun temp_0_ temp_1_ -> + let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (hint, one_hints_count + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize)) + (fun temp_0_ i -> + let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + usize) = + temp_0_ + in + let i:usize = i in + let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + hint with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + (compute_one_hint v_GAMMA2 + (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + (high.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let one_hints_count:usize = + one_hints_count +! + (cast (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + usize) + in + hint, one_hints_count + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & usize)) + in + one_hints_count, hint <: (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + +and decompose + (v_GAMMA2: i32) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let low:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let high:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun temp_0_ temp_1_ -> + let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (high, low + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) + (fun temp_0_ i -> + let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + temp_0_ + in + let i:usize = i in + let low_part, high_part:(i32 & i32) = + decompose_element v_GAMMA2 + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + in + let low:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + low with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize low + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + low_part + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let high:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + high with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize high + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + high_part + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + high, low + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) + in + low, high + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + +and montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (product.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun product temp_1_ -> + let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = product in + let _:usize = temp_1_ in + true) + product + (fun product i -> + let product:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = product in + let i:usize = i in + { + product with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize product + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + (montgomery_reduce_element ((cast (lhs + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] + <: + i32) + <: + i64) *! + (cast (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + i64) + <: + i64) + <: + i32) + <: + t_Array i32 (sz 8) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + product + +and power2round (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + let t0_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let t1_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + Rust_primitives.Hax.Folds.fold_enumerated_slice simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (fun temp_0_ temp_1_ -> + let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (t0_simd_unit, t1_simd_unit + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) + (fun temp_0_ temp_1_ -> + let t0_simd_unit, t1_simd_unit:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) = + temp_0_ + in + let i, t:(usize & i32) = temp_1_ in + let t0, t1:(i32 & i32) = power2round_element t in + let t0_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + t0_simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t0_simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + t0 + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let t1_simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + t1_simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1_simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + t1 + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + t0_simd_unit, t1_simd_unit + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit)) + in + t0_simd_unit, t1_simd_unit + <: + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + +and shift_left_then_reduce + (v_SHIFT_BY: i32) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun out temp_1_ -> + let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = out in + let _:usize = temp_1_ in + true) + out + (fun out i -> + let out:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = out in + let i:usize = i in + { + out with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + (reduce_element ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i + ] + <: + i32) < + let difference:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = difference in + let _:usize = temp_1_ in + true) + difference + (fun difference i -> + let difference:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = difference in + let i:usize = i in + { + difference with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize difference + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + ((lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) -! + (rhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + i32) + <: + t_Array i32 (sz 8) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + difference + +and use_hint + (v_GAMMA2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + = + let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #i32 + (result.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients <: t_Slice i32) + <: + usize) + (fun result temp_1_ -> + let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = result in + let _:usize = temp_1_ in + true) + result + (fun result i -> + let result:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = result in + let i:usize = i in + { + result with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + i + (use_one_hint v_GAMMA2 + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ i ] <: i32) + <: + i32) + <: + t_Array i32 (sz 8) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + result + +and deserialize_when_eta_is_2_ (serialized: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 3 <: bool) + in + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let byte0:i32 = cast (serialized.[ sz 0 ] <: u8) <: i32 in + let byte1:i32 = cast (serialized.[ sz 1 ] <: u8) <: i32 in + let byte2:i32 = cast (serialized.[ sz 2 ] <: u8) <: i32 in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + (v_ETA832233724 -! (byte0 &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + (v_ETA832233724 -! ((byte0 >>! 3l <: i32) &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + (v_ETA832233724 -! (((byte0 >>! 6l <: i32) |. (byte1 <>! 1l <: i32) &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + (v_ETA832233724 -! ((byte1 >>! 4l <: i32) &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + (v_ETA832233724 -! (((byte1 >>! 7l <: i32) |. (byte2 <>! 2l <: i32) &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + (v_ETA832233724 -! ((byte2 >>! 5l <: i32) &. 7l <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit + +and deserialize_when_eta_is_4_ (serialized: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 4 <: bool) + in + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_enumerated_slice serialized + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let _:usize = temp_1_ in + true) + simd_unit + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let i, byte:(usize & u8) = temp_1_ in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2 *! i <: usize) + (v_ETA177254429 -! (cast (byte &. 15uy <: u8) <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + ((sz 2 *! i <: usize) +! sz 1 <: usize) + (v_ETA177254429 -! (cast (byte >>! 4l <: u8) <: i32) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + simd_unit) + in + simd_unit + +and deserialize154437703 (v_ETA: usize) (serialized: t_Slice u8) = + match cast (v_ETA <: usize) <: u8 with + | 2uy -> deserialize_when_eta_is_2_ serialized + | 4uy -> deserialize_when_eta_is_4_ serialized + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +and deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 18 <: bool) + in + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 9) + serialized + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let _:usize = temp_1_ in + true) + simd_unit + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let i, bytes:(usize & t_Slice u8) = temp_1_ in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4 *! i <: usize) + (cast (bytes.[ sz 0 ] <: u8) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4 *! i <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 *! i + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 2l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + ((sz 4 *! i <: usize) +! sz 1 <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (sz 4 *! i + <: + usize) +! + sz 1 + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 3 ] <: u8) <: i32) <>! 4l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + ((sz 4 *! i <: usize) +! sz 2 <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (sz 4 *! i + <: + usize) +! + sz 2 + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 5 ] <: u8) <: i32) <>! 6l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + ((sz 4 *! i <: usize) +! sz 3 <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (sz 4 *! i + <: + usize) +! + sz 3 + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 7 ] <: u8) <: i32) < + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let _:usize = temp_1_ in + true) + simd_unit + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let i, bytes:(usize & t_Slice u8) = temp_1_ in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2 *! i <: usize) + (cast (bytes.[ sz 0 ] <: u8) <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2 *! i <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 *! i + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 4l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + ((sz 2 *! i <: usize) +! sz 1 <: usize) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ (sz 2 *! i + <: + usize) +! + sz 1 + <: + usize ] + <: + i32) |. + ((cast (bytes.[ sz 3 ] <: u8) <: i32) < deserialize_when_gamma1_is_2_pow_17_ serialized + | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" + + <: + Rust_primitives.Hax.t_Never) + +and deserialize297775919 (serialized: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 13 <: bool) + in + () + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.f_ZERO #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + #FStar.Tactics.Typeclasses.solve + () + in + let byte0:i32 = cast (serialized.[ sz 0 ] <: u8) <: i32 in + let byte1:i32 = cast (serialized.[ sz 1 ] <: u8) <: i32 in + let byte2:i32 = cast (serialized.[ sz 2 ] <: u8) <: i32 in + let byte3:i32 = cast (serialized.[ sz 3 ] <: u8) <: i32 in + let byte4:i32 = cast (serialized.[ sz 4 ] <: u8) <: i32 in + let byte5:i32 = cast (serialized.[ sz 5 ] <: u8) <: i32 in + let byte6:i32 = cast (serialized.[ sz 6 ] <: u8) <: i32 in + let byte7:i32 = cast (serialized.[ sz 7 ] <: u8) <: i32 in + let byte8:i32 = cast (serialized.[ sz 8 ] <: u8) <: i32 in + let byte9:i32 = cast (serialized.[ sz 9 ] <: u8) <: i32 in + let byte10:i32 = cast (serialized.[ sz 10 ] <: u8) <: i32 in + let byte11:i32 = cast (serialized.[ sz 11 ] <: u8) <: i32 in + let byte12:i32 = cast (serialized.[ sz 12 ] <: u8) <: i32 in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + byte0 + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 0 ] <: i32) |. + (byte1 <>! 5l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 1 ] <: i32) |. + (byte2 <>! 2l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 2 ] <: i32) |. + (byte4 <>! 7l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 3 ] <: i32) |. + (byte5 <>! 4l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 4 ] <: i32) |. + (byte7 <>! 1l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 5 ] <: i32) |. + (byte9 <>! 6l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 6 ] <: i32) |. + (byte10 <>! 3l <: i32) + } + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients.[ sz 7 ] <: i32) |. + (byte12 < + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let _:usize = temp_1_ in + true) + simd_unit + (fun simd_unit temp_1_ -> + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = simd_unit in + let i, bytes:(usize & t_Slice u8) = temp_1_ in + let byte0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let byte1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in + let byte2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in + let byte3:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in + let byte4:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in + let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + { + simd_unit with + Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_coefficients + (sz 4 *! i <: usize) + ((byte0 |. (byte1 <>! 2l <: i32) |. (byte2 <>! 4l <: i32) |. (byte3 <>! 6l <: i32) |. (byte4 <>! v_LAYER <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) + (re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + (fun temp_0_ round -> + let re, zeta_i:(t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (sz 32) & + usize) = + temp_0_ + in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in + let offset:usize = + ((round *! step <: usize) *! sz 2 <: usize) /! + Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + in + let step_by:usize = step /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) = + Rust_primitives.Hax.Folds.fold_range offset + (offset +! step_by <: usize) + (fun re temp_1_ -> + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) + = + re + in + let _:usize = temp_1_ in + true) + re + (fun re j -> + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) + = + re + in + let j:usize = j in + let t:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = + Libcrux_ml_dsa.Simd.Traits.montgomery_multiply_by_fer #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + (re.[ j +! step_by <: usize ] + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (Libcrux_ml_dsa.Simd.Traits.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (j +! step_by <: usize) + (subtract (re.[ j ] + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + t + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + j + (add (re.[ j ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + t + <: + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + in + re) + in + re, zeta_i + <: + (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32) & usize)) + in + zeta_i, re + <: + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fsti similarity index 57% rename from libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti rename to libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fsti index f6a95bc61..ccc1ad686 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224.fsti @@ -1,4 +1,4 @@ -module Libcrux_ml_dsa.Simd.Portable +module Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 #set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -7,8 +7,266 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_dsa.Simd.Portable.Vector_type in + let open Libcrux_ml_dsa.Simd.Traits in () +let v_MONTGOMERY_SHIFT: u8 = 32uy + +val compute_one_hint (v_GAMMA2 low high: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val get_n_least_significant_bits (n: u8) (value: u64) + : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +let v_ETA832233724: i32 = 2l + +let v_ETA177254429: i32 = 4l + +let v_ETA345140054: i32 = 2l + +let v_ETA858068178: i32 = 4l + +let v_GAMMA1183990813: i32 = 1l < Prims.l_True) + +let v_BITS_IN_LOWER_PART_OF_T_MASK: i32 = + (1l < Prims.l_True) + +val montgomery_reduce_element (value: i64) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_fe_by_fer (fe fer: i32) + : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_0_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1 zeta2 zeta3: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_1_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val invert_ntt_at_layer_2_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val simd_unit_ntt_at_layer_0_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta0 zeta1 zeta2 zeta3: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val simd_unit_ntt_at_layer_1_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta1 zeta2: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val simd_unit_ntt_at_layer_2_ + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (zeta: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val decompose_element (v_GAMMA2 r: i32) + : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) + +val infinity_norm_exceeds + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (bound: i32) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val power2round_element (t: i32) : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) + +val use_one_hint (v_GAMMA2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val serialize_when_eta_is_2_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize977980603 (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 (sz 13)) Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constant + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + (c: i32) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val serialize_when_eta_is_4_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize1006998023 + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_when_gamma1_is_2_pow_17_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_when_gamma1_is_2_pow_19_ + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize526929060 + (v_OUTPUT_SIZE: usize) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 v_OUTPUT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val serialize300254843 (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +val ntt_at_layer_0_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + : Prims.Pure + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_at_layer_1_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + : Prims.Pure + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_at_layer_2_ + (zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + : Prims.Pure + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +val add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val compute_hint + (v_GAMMA2: i32) + (low high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure (usize & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + Prims.l_True + (fun _ -> Prims.l_True) + +val decompose + (v_GAMMA2: i32) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + Prims.l_True + (fun _ -> Prims.l_True) + +val montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val power2round (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure + (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit & + Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + Prims.l_True + (fun _ -> Prims.l_True) + +val shift_left_then_reduce + (v_SHIFT_BY: i32) + (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val use_hint + (v_GAMMA2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_when_eta_is_2_ (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_when_eta_is_4_ (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize154437703 (v_ETA: usize) (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize244287932 (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize297775919 (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize960784460 (serialized: t_Slice u8) + : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = @@ -36,7 +294,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = = (fun (self: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (out: t_Array i32 (Rust_primitives.mk_usize 8)) + (out: t_Array i32 (sz 8)) -> true); f_to_coefficient_array @@ -64,7 +322,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.add lhs rhs); + add lhs rhs); f_subtract_pre = (fun @@ -86,7 +344,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract lhs rhs); + subtract lhs rhs); f_montgomery_multiply_by_constant_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (c: i32) -> true); @@ -101,7 +359,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_montgomery_multiply_by_constant = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (c: i32) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant simd_unit c); + montgomery_multiply_by_constant simd_unit c); f_montgomery_multiply_pre = (fun @@ -123,7 +381,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (lhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply lhs rhs); + montgomery_multiply lhs rhs); f_shift_left_then_reduce_pre = (fun @@ -145,7 +403,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (v_SHIFT_BY: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.shift_left_then_reduce v_SHIFT_BY simd_unit); + shift_left_then_reduce v_SHIFT_BY simd_unit); f_power2round_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true); @@ -161,7 +419,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_power2round = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.power2round simd_unit); + power2round simd_unit); f_infinity_norm_exceeds_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) -> @@ -177,7 +435,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_infinity_norm_exceeds = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (bound: i32) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.infinity_norm_exceeds simd_unit bound); + infinity_norm_exceeds simd_unit bound); f_decompose_pre = (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> @@ -195,7 +453,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_decompose = (fun (v_GAMMA2: i32) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.decompose v_GAMMA2 simd_unit); + decompose v_GAMMA2 simd_unit); f_compute_hint_pre = (fun @@ -220,7 +478,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (low: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.compute_hint v_GAMMA2 low high); + compute_hint v_GAMMA2 low high); f_use_hint_pre = (fun @@ -245,7 +503,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint v_GAMMA2 simd_unit hint); + use_hint v_GAMMA2 simd_unit hint); f_rejection_sample_less_than_field_modulus_pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); @@ -315,7 +573,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_OUTPUT_SIZE simd_unit); + serialize526929060 v_OUTPUT_SIZE simd_unit); f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true); f_gamma1_deserialize_post = @@ -328,7 +586,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_gamma1_deserialize = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized); + deserialize244287932 v_GAMMA1_EXPONENT serialized); f_commitment_serialize_pre = (fun @@ -372,7 +630,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (v_OUTPUT_SIZE: usize) (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_OUTPUT_SIZE simd_unit); + serialize1006998023 v_OUTPUT_SIZE simd_unit); f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true); f_error_deserialize_post = @@ -384,8 +642,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = true); f_error_deserialize = - (fun (v_ETA: usize) (serialized: t_Slice u8) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Error.deserialize v_ETA serialized); + (fun (v_ETA: usize) (serialized: t_Slice u8) -> deserialize154437703 v_ETA serialized); f_t0_serialize_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true); @@ -393,13 +650,13 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (out: t_Array u8 (Rust_primitives.mk_usize 13)) + (out: t_Array u8 (sz 13)) -> true); f_t0_serialize = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.T0.serialize simd_unit); + serialize977980603 simd_unit); f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true); f_t0_deserialize_post = @@ -408,10 +665,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true); - f_t0_deserialize - = - (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T0.deserialize serialized - ); + f_t0_deserialize = (fun (serialized: t_Slice u8) -> deserialize297775919 serialized); f_t1_serialize_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true); @@ -419,13 +673,13 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) - (out: t_Array u8 (Rust_primitives.mk_usize 10)) + (out: t_Array u8 (sz 10)) -> true); f_t1_serialize = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.T1.serialize simd_unit); + serialize300254843 simd_unit); f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true); f_t1_deserialize_post = @@ -434,37 +688,26 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) -> true); - f_t1_deserialize - = - (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T1.deserialize serialized - ); + f_t1_deserialize = (fun (serialized: t_Slice u8) -> deserialize960784460 serialized); f_ntt_pre = (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) -> true); f_ntt_post = (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) - (out: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) -> true); f_ntt = (fun - (simd_units: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit - (Rust_primitives.mk_usize 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units); + ntt simd_units); f_invert_ntt_at_layer_0_pre = (fun @@ -495,7 +738,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (zeta2: i32) (zeta3: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_0_ simd_unit zeta0 zeta1 zeta2 zeta3); + invert_ntt_at_layer_0_ simd_unit zeta0 zeta1 zeta2 zeta3); f_invert_ntt_at_layer_1_pre = (fun @@ -520,7 +763,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = (zeta0: i32) (zeta1: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_1_ simd_unit zeta0 zeta1); + invert_ntt_at_layer_1_ simd_unit zeta0 zeta1); f_invert_ntt_at_layer_2_pre = (fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (zeta: i32) -> @@ -536,5 +779,13 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit = f_invert_ntt_at_layer_2_ = fun (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit) (zeta: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_2_ simd_unit zeta + invert_ntt_at_layer_2_ simd_unit zeta } + +val ntt_at_layer_3_plus + (v_LAYER zeta_i: usize) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + : Prims.Pure + (usize & t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_PortableSIMDUnit (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst index 570bccd7b..25f533de9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst @@ -4,7 +4,7 @@ open Core open FStar.Mul let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = Rust_primitives.mk_usize 0 in + let sampled:usize = sz 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8) #FStar.Tactics.Typeclasses.solve @@ -15,44 +15,36 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl (fun temp_0_ byte -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. Rust_primitives.mk_u8 15 in - let try_1_:u8 = byte >>! Rust_primitives.mk_i32 4 in + let try_0_:u8 = byte &. 15uy in + let try_1_:u8 = byte >>! 4l in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. Rust_primitives.mk_u8 15 + if try_0_ <. 15uy then let try_0_:i32 = cast (try_0_ <: u8) <: i32 in let try_0_mod_5_:i32 = - try_0_ -! - (((try_0_ *! Rust_primitives.mk_i32 26 <: i32) >>! Rust_primitives.mk_i32 7 <: i32) *! - Rust_primitives.mk_i32 5 - <: - i32) + try_0_ -! (((try_0_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (Rust_primitives.mk_i32 2 -! try_0_mod_5_ <: i32) + (2l -! try_0_mod_5_ <: i32) in - let sampled:usize = sampled +! Rust_primitives.mk_usize 1 in + let sampled:usize = sampled +! sz 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. Rust_primitives.mk_u8 15 + if try_1_ <. 15uy then let try_1_:i32 = cast (try_1_ <: u8) <: i32 in let try_1_mod_5_:i32 = - try_1_ -! - (((try_1_ *! Rust_primitives.mk_i32 26 <: i32) >>! Rust_primitives.mk_i32 7 <: i32) *! - Rust_primitives.mk_i32 5 - <: - i32) + try_1_ -! (((try_1_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (Rust_primitives.mk_i32 2 -! try_1_mod_5_ <: i32) + (2l -! try_1_mod_5_ <: i32) in - let sampled:usize = sampled +! Rust_primitives.mk_usize 1 in + let sampled:usize = sampled +! sz 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in @@ -60,7 +52,7 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl out, hax_temp_output <: (t_Slice i32 & usize) let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = Rust_primitives.mk_usize 0 in + let sampled:usize = sz 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(t_Slice u8) #FStar.Tactics.Typeclasses.solve @@ -71,28 +63,28 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl (fun temp_0_ byte -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. Rust_primitives.mk_u8 15 in - let try_1_:u8 = byte >>! Rust_primitives.mk_i32 4 in + let try_0_:u8 = byte &. 15uy in + let try_1_:u8 = byte >>! 4l in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. Rust_primitives.mk_u8 9 + if try_0_ <. 9uy then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (Rust_primitives.mk_i32 4 -! (cast (try_0_ <: u8) <: i32) <: i32) + (4l -! (cast (try_0_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! Rust_primitives.mk_usize 1 in + let sampled:usize = sampled +! sz 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. Rust_primitives.mk_u8 9 + if try_1_ <. 9uy then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (Rust_primitives.mk_i32 4 -! (cast (try_1_ <: u8) <: i32) <: i32) + (4l -! (cast (try_1_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! Rust_primitives.mk_usize 1 in + let sampled:usize = sampled +! sz 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in @@ -100,38 +92,30 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl out, hax_temp_output <: (t_Slice i32 & usize) let rejection_sample_less_than_field_modulus (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = Rust_primitives.mk_usize 0 in + let sampled:usize = sz 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 randomness (Rust_primitives.mk_usize 3) - <: - Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 randomness (sz 3) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) (out, sampled <: (t_Slice i32 & usize)) (fun temp_0_ bytes -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let bytes:t_Slice u8 = bytes in - let b0:i32 = cast (bytes.[ Rust_primitives.mk_usize 0 ] <: u8) <: i32 in - let b1:i32 = cast (bytes.[ Rust_primitives.mk_usize 1 ] <: u8) <: i32 in - let b2:i32 = cast (bytes.[ Rust_primitives.mk_usize 2 ] <: u8) <: i32 in + let b0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let b1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in + let b2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in let coefficient:i32 = - (((b2 < Prims.Pure t_PortableSIMDUnit Prims.l_True (fun _ -> Prims.l_True) +type t_PortableSIMDUnit = { f_coefficients:t_Array i32 (sz 8) } val from_coefficient_array (array: t_Slice i32) : Prims.Pure t_PortableSIMDUnit Prims.l_True (fun _ -> Prims.l_True) val to_coefficient_array (x: t_PortableSIMDUnit) - : Prims.Pure (t_Array i32 (Rust_primitives.mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i32 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val v_ZERO: Prims.unit -> Prims.Pure t_PortableSIMDUnit Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst index 7c8759eec..9a392eeca 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst @@ -1,340 +1,26 @@ module Libcrux_ml_dsa.Simd.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul -type t_PortableSIMDUnit = { f_coefficients:t_Array i32 (Rust_primitives.mk_usize 8) } +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY551832282 as v_DUMMY} -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations t_PortableSIMDUnit = - { - _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; - _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; - f_ZERO_pre = (fun (_: Prims.unit) -> true); - f_ZERO_post = (fun (_: Prims.unit) (out: t_PortableSIMDUnit) -> true); - f_ZERO - = - (fun (_: Prims.unit) -> - { - f_coefficients - = - Rust_primitives.Hax.repeat (Rust_primitives.mk_i32 0) (Rust_primitives.mk_usize 8) - } - <: - t_PortableSIMDUnit); - f_from_coefficient_array_pre = (fun (array: t_Slice i32) -> true); - f_from_coefficient_array_post = (fun (array: t_Slice i32) (out: t_PortableSIMDUnit) -> true); - f_from_coefficient_array - = - (fun (array: t_Slice i32) -> - { - f_coefficients - = - Core.Result.impl__unwrap #(t_Array i32 (Rust_primitives.mk_usize 8)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice i32) - #(t_Array i32 (Rust_primitives.mk_usize 8)) - #FStar.Tactics.Typeclasses.solve - (array.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; - Core.Ops.Range.f_end = Rust_primitives.mk_usize 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i32) - <: - Core.Result.t_Result (t_Array i32 (Rust_primitives.mk_usize 8)) - Core.Array.t_TryFromSliceError) - } - <: - t_PortableSIMDUnit); - f_to_coefficient_array_pre = (fun (self: t_PortableSIMDUnit) -> true); - f_to_coefficient_array_post - = - (fun (self: t_PortableSIMDUnit) (out: t_Array i32 (Rust_primitives.mk_usize 8)) -> true); - f_to_coefficient_array - = - (fun (self: t_PortableSIMDUnit) -> - Core.Result.impl__unwrap #(t_Array i32 (Rust_primitives.mk_usize 8)) - #Core.Convert.t_Infallible - (Core.Convert.f_try_into #(t_Array i32 (Rust_primitives.mk_usize 8)) - #(t_Array i32 (Rust_primitives.mk_usize 8)) - #FStar.Tactics.Typeclasses.solve - self.f_coefficients - <: - Core.Result.t_Result (t_Array i32 (Rust_primitives.mk_usize 8)) - Core.Convert.t_Infallible)); - f_add_pre = (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> true); - f_add_post - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) (out: t_PortableSIMDUnit) -> true); - f_add - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.add lhs rhs); - f_subtract_pre = (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> true); - f_subtract_post - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) (out: t_PortableSIMDUnit) -> true); - f_subtract - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract lhs rhs); - f_montgomery_multiply_by_constant_pre = (fun (simd_unit: t_PortableSIMDUnit) (c: i32) -> true); - f_montgomery_multiply_by_constant_post - = - (fun (simd_unit: t_PortableSIMDUnit) (c: i32) (out: t_PortableSIMDUnit) -> true); - f_montgomery_multiply_by_constant - = - (fun (simd_unit: t_PortableSIMDUnit) (c: i32) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant simd_unit c); - f_montgomery_multiply_pre = (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> true); - f_montgomery_multiply_post - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) (out: t_PortableSIMDUnit) -> true); - f_montgomery_multiply - = - (fun (lhs: t_PortableSIMDUnit) (rhs: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply lhs rhs); - f_shift_left_then_reduce_pre = (fun (v_SHIFT_BY: i32) (simd_unit: t_PortableSIMDUnit) -> true); - f_shift_left_then_reduce_post - = - (fun (v_SHIFT_BY: i32) (simd_unit: t_PortableSIMDUnit) (out: t_PortableSIMDUnit) -> true); - f_shift_left_then_reduce - = - (fun (v_SHIFT_BY: i32) (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.shift_left_then_reduce v_SHIFT_BY simd_unit); - f_power2round_pre = (fun (simd_unit: t_PortableSIMDUnit) -> true); - f_power2round_post - = - (fun (simd_unit: t_PortableSIMDUnit) (out: (t_PortableSIMDUnit & t_PortableSIMDUnit)) -> true); - f_power2round - = - (fun (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.power2round simd_unit); - f_infinity_norm_exceeds_pre = (fun (simd_unit: t_PortableSIMDUnit) (bound: i32) -> true); - f_infinity_norm_exceeds_post - = - (fun (simd_unit: t_PortableSIMDUnit) (bound: i32) (out: bool) -> true); - f_infinity_norm_exceeds - = - (fun (simd_unit: t_PortableSIMDUnit) (bound: i32) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.infinity_norm_exceeds simd_unit bound); - f_decompose_pre = (fun (v_GAMMA2: i32) (simd_unit: t_PortableSIMDUnit) -> true); - f_decompose_post - = - (fun - (v_GAMMA2: i32) - (simd_unit: t_PortableSIMDUnit) - (out: (t_PortableSIMDUnit & t_PortableSIMDUnit)) - -> - true); - f_decompose - = - (fun (v_GAMMA2: i32) (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.decompose v_GAMMA2 simd_unit); - f_compute_hint_pre - = - (fun (v_GAMMA2: i32) (low: t_PortableSIMDUnit) (high: t_PortableSIMDUnit) -> true); - f_compute_hint_post - = - (fun - (v_GAMMA2: i32) - (low: t_PortableSIMDUnit) - (high: t_PortableSIMDUnit) - (out: (usize & t_PortableSIMDUnit)) - -> - true); - f_compute_hint - = - (fun (v_GAMMA2: i32) (low: t_PortableSIMDUnit) (high: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.compute_hint v_GAMMA2 low high); - f_use_hint_pre - = - (fun (v_GAMMA2: i32) (simd_unit: t_PortableSIMDUnit) (hint: t_PortableSIMDUnit) -> true); - f_use_hint_post - = - (fun - (v_GAMMA2: i32) - (simd_unit: t_PortableSIMDUnit) - (hint: t_PortableSIMDUnit) - (out: t_PortableSIMDUnit) - -> - true); - f_use_hint - = - (fun (v_GAMMA2: i32) (simd_unit: t_PortableSIMDUnit) (hint: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint v_GAMMA2 simd_unit hint); - f_rejection_sample_less_than_field_modulus_pre - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_field_modulus_post - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); - f_rejection_sample_less_than_field_modulus - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> - let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_field_modulus randomness - out - in - let out:t_Slice i32 = tmp0 in - let hax_temp_output:usize = out1 in - out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_2_pre - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_2_post - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); - f_rejection_sample_less_than_eta_equals_2_ - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> - let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_2_ randomness - out - in - let out:t_Slice i32 = tmp0 in - let hax_temp_output:usize = out1 in - out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_4_pre - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_4_post - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); - f_rejection_sample_less_than_eta_equals_4_ - = - (fun (randomness: t_Slice u8) (out: t_Slice i32) -> - let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Portable.Sample.rejection_sample_less_than_eta_equals_4_ randomness - out - in - let out:t_Slice i32 = tmp0 in - let hax_temp_output:usize = out1 in - out, hax_temp_output <: (t_Slice i32 & usize)); - f_gamma1_serialize_pre = (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> true); - f_gamma1_serialize_post - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) (out: t_Array u8 v_OUTPUT_SIZE) -> - true); - f_gamma1_serialize - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.serialize v_OUTPUT_SIZE simd_unit); - f_gamma1_deserialize_pre = (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> true); - f_gamma1_deserialize_post - = - (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) (out: t_PortableSIMDUnit) -> true); - f_gamma1_deserialize - = - (fun (v_GAMMA1_EXPONENT: usize) (serialized: t_Slice u8) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.deserialize v_GAMMA1_EXPONENT serialized); - f_commitment_serialize_pre - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> true); - f_commitment_serialize_post - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) (out: t_Array u8 v_OUTPUT_SIZE) -> - true); - f_commitment_serialize - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.serialize v_OUTPUT_SIZE simd_unit); - f_error_serialize_pre = (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> true); - f_error_serialize_post - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) (out: t_Array u8 v_OUTPUT_SIZE) -> - true); - f_error_serialize - = - (fun (v_OUTPUT_SIZE: usize) (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Error.serialize v_OUTPUT_SIZE simd_unit); - f_error_deserialize_pre = (fun (v_ETA: usize) (serialized: t_Slice u8) -> true); - f_error_deserialize_post - = - (fun (v_ETA: usize) (serialized: t_Slice u8) (out: t_PortableSIMDUnit) -> true); - f_error_deserialize - = - (fun (v_ETA: usize) (serialized: t_Slice u8) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.Error.deserialize v_ETA serialized); - f_t0_serialize_pre = (fun (simd_unit: t_PortableSIMDUnit) -> true); - f_t0_serialize_post - = - (fun (simd_unit: t_PortableSIMDUnit) (out: t_Array u8 (Rust_primitives.mk_usize 13)) -> true); - f_t0_serialize - = - (fun (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.T0.serialize simd_unit); - f_t0_deserialize_pre = (fun (serialized: t_Slice u8) -> true); - f_t0_deserialize_post = (fun (serialized: t_Slice u8) (out: t_PortableSIMDUnit) -> true); - f_t0_deserialize - = - (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T0.deserialize serialized - ); - f_t1_serialize_pre = (fun (simd_unit: t_PortableSIMDUnit) -> true); - f_t1_serialize_post - = - (fun (simd_unit: t_PortableSIMDUnit) (out: t_Array u8 (Rust_primitives.mk_usize 10)) -> true); - f_t1_serialize - = - (fun (simd_unit: t_PortableSIMDUnit) -> - Libcrux_ml_dsa.Simd.Portable.Encoding.T1.serialize simd_unit); - f_t1_deserialize_pre = (fun (serialized: t_Slice u8) -> true); - f_t1_deserialize_post = (fun (serialized: t_Slice u8) (out: t_PortableSIMDUnit) -> true); - f_t1_deserialize - = - (fun (serialized: t_Slice u8) -> Libcrux_ml_dsa.Simd.Portable.Encoding.T1.deserialize serialized - ); - f_ntt_pre = (fun (simd_units: t_Array t_PortableSIMDUnit (Rust_primitives.mk_usize 32)) -> true); - f_ntt_post - = - (fun - (simd_units: t_Array t_PortableSIMDUnit (Rust_primitives.mk_usize 32)) - (out: t_Array t_PortableSIMDUnit (Rust_primitives.mk_usize 32)) - -> - true); - f_ntt - = - (fun (simd_units: t_Array t_PortableSIMDUnit (Rust_primitives.mk_usize 32)) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units); - f_invert_ntt_at_layer_0_pre - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta0: i32) (zeta1: i32) (zeta2: i32) (zeta3: i32) -> true - ); - f_invert_ntt_at_layer_0_post - = - (fun - (simd_unit: t_PortableSIMDUnit) - (zeta0: i32) - (zeta1: i32) - (zeta2: i32) - (zeta3: i32) - (out: t_PortableSIMDUnit) - -> - true); - f_invert_ntt_at_layer_0_ - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta0: i32) (zeta1: i32) (zeta2: i32) (zeta3: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_0_ simd_unit zeta0 zeta1 zeta2 zeta3); - f_invert_ntt_at_layer_1_pre - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta0: i32) (zeta1: i32) -> true); - f_invert_ntt_at_layer_1_post - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta0: i32) (zeta1: i32) (out: t_PortableSIMDUnit) -> true - ); - f_invert_ntt_at_layer_1_ - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta0: i32) (zeta1: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_1_ simd_unit zeta0 zeta1); - f_invert_ntt_at_layer_2_pre = (fun (simd_unit: t_PortableSIMDUnit) (zeta: i32) -> true); - f_invert_ntt_at_layer_2_post - = - (fun (simd_unit: t_PortableSIMDUnit) (zeta: i32) (out: t_PortableSIMDUnit) -> true); - f_invert_ntt_at_layer_2_ - = - fun (simd_unit: t_PortableSIMDUnit) (zeta: i32) -> - Libcrux_ml_dsa.Simd.Portable.Ntt.invert_ntt_at_layer_2_ simd_unit zeta - } +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY541533844 as v_DUMMY} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY900481996 as v_DUMMY} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY384609919 as v_DUMMY} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {v_DUMMY450911580 as v_DUMMY} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {arithmetic as arithmetic} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {encoding as encoding} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {ntt as ntt} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {sample as sample} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {vector_type as vector_type} + +include Libcrux_ml_dsa.Simd.Portable.Rec_bundle_437004224 {impl as impl} diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti index b18bea023..1ef0cb0e8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti @@ -16,9 +16,9 @@ class t_Operations (v_Self: Type0) = { (f_from_coefficient_array_pre x0) (fun result -> f_from_coefficient_array_post x0 result); f_to_coefficient_array_pre:v_Self -> Type0; - f_to_coefficient_array_post:v_Self -> t_Array i32 (Rust_primitives.mk_usize 8) -> Type0; + f_to_coefficient_array_post:v_Self -> t_Array i32 (sz 8) -> Type0; f_to_coefficient_array:x0: v_Self - -> Prims.Pure (t_Array i32 (Rust_primitives.mk_usize 8)) + -> Prims.Pure (t_Array i32 (sz 8)) (f_to_coefficient_array_pre x0) (fun result -> f_to_coefficient_array_post x0 result); f_add_pre:v_Self -> v_Self -> Type0; @@ -129,9 +129,9 @@ class t_Operations (v_Self: Type0) = { (f_error_deserialize_pre v_ETA x0) (fun result -> f_error_deserialize_post v_ETA x0 result); f_t0_serialize_pre:v_Self -> Type0; - f_t0_serialize_post:v_Self -> t_Array u8 (Rust_primitives.mk_usize 13) -> Type0; + f_t0_serialize_post:v_Self -> t_Array u8 (sz 13) -> Type0; f_t0_serialize:x0: v_Self - -> Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 13)) + -> Prims.Pure (t_Array u8 (sz 13)) (f_t0_serialize_pre x0) (fun result -> f_t0_serialize_post x0 result); f_t0_deserialize_pre:t_Slice u8 -> Type0; @@ -139,24 +139,19 @@ class t_Operations (v_Self: Type0) = { f_t0_deserialize:x0: t_Slice u8 -> Prims.Pure v_Self (f_t0_deserialize_pre x0) (fun result -> f_t0_deserialize_post x0 result); f_t1_serialize_pre:v_Self -> Type0; - f_t1_serialize_post:v_Self -> t_Array u8 (Rust_primitives.mk_usize 10) -> Type0; + f_t1_serialize_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_t1_serialize:x0: v_Self - -> Prims.Pure (t_Array u8 (Rust_primitives.mk_usize 10)) + -> Prims.Pure (t_Array u8 (sz 10)) (f_t1_serialize_pre x0) (fun result -> f_t1_serialize_post x0 result); f_t1_deserialize_pre:t_Slice u8 -> Type0; f_t1_deserialize_post:t_Slice u8 -> v_Self -> Type0; f_t1_deserialize:x0: t_Slice u8 -> Prims.Pure v_Self (f_t1_deserialize_pre x0) (fun result -> f_t1_deserialize_post x0 result); - f_ntt_pre:t_Array v_Self (Rust_primitives.mk_usize 32) -> Type0; - f_ntt_post: - t_Array v_Self (Rust_primitives.mk_usize 32) -> - t_Array v_Self (Rust_primitives.mk_usize 32) - -> Type0; - f_ntt:x0: t_Array v_Self (Rust_primitives.mk_usize 32) - -> Prims.Pure (t_Array v_Self (Rust_primitives.mk_usize 32)) - (f_ntt_pre x0) - (fun result -> f_ntt_post x0 result); + f_ntt_pre:t_Array v_Self (sz 32) -> Type0; + f_ntt_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0; + f_ntt:x0: t_Array v_Self (sz 32) + -> Prims.Pure (t_Array v_Self (sz 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result); f_invert_ntt_at_layer_0_pre:v_Self -> i32 -> i32 -> i32 -> i32 -> Type0; f_invert_ntt_at_layer_0_post:v_Self -> i32 -> i32 -> i32 -> i32 -> v_Self -> Type0; f_invert_ntt_at_layer_0_:x0: v_Self -> x1: i32 -> x2: i32 -> x3: i32 -> x4: i32 @@ -177,138 +172,50 @@ class t_Operations (v_Self: Type0) = { (fun result -> f_invert_ntt_at_layer_2_post x0 x1 result) } -let v_COEFFICIENTS_IN_SIMD_UNIT: usize = Rust_primitives.mk_usize 8 +let v_COEFFICIENTS_IN_SIMD_UNIT: usize = sz 8 -let v_FIELD_MODULUS: i32 = Rust_primitives.mk_i32 8380417 +let v_FIELD_MODULUS: i32 = 8380417l -let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = Rust_primitives.mk_u64 58728449 +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = 58728449uL let v_SIMD_UNITS_IN_RING_ELEMENT: usize = Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! v_COEFFICIENTS_IN_SIMD_UNIT -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (Rust_primitives.mk_usize 256) = +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 256) = let list = [ - Rust_primitives.mk_i32 0; Rust_primitives.mk_i32 25847; Rust_primitives.mk_i32 (-2608894); - Rust_primitives.mk_i32 (-518909); Rust_primitives.mk_i32 237124; - Rust_primitives.mk_i32 (-777960); Rust_primitives.mk_i32 (-876248); - Rust_primitives.mk_i32 466468; Rust_primitives.mk_i32 1826347; Rust_primitives.mk_i32 2353451; - Rust_primitives.mk_i32 (-359251); Rust_primitives.mk_i32 (-2091905); - Rust_primitives.mk_i32 3119733; Rust_primitives.mk_i32 (-2884855); - Rust_primitives.mk_i32 3111497; Rust_primitives.mk_i32 2680103; Rust_primitives.mk_i32 2725464; - Rust_primitives.mk_i32 1024112; Rust_primitives.mk_i32 (-1079900); - Rust_primitives.mk_i32 3585928; Rust_primitives.mk_i32 (-549488); - Rust_primitives.mk_i32 (-1119584); Rust_primitives.mk_i32 2619752; - Rust_primitives.mk_i32 (-2108549); Rust_primitives.mk_i32 (-2118186); - Rust_primitives.mk_i32 (-3859737); Rust_primitives.mk_i32 (-1399561); - Rust_primitives.mk_i32 (-3277672); Rust_primitives.mk_i32 1757237; - Rust_primitives.mk_i32 (-19422); Rust_primitives.mk_i32 4010497; Rust_primitives.mk_i32 280005; - Rust_primitives.mk_i32 2706023; Rust_primitives.mk_i32 95776; Rust_primitives.mk_i32 3077325; - Rust_primitives.mk_i32 3530437; Rust_primitives.mk_i32 (-1661693); - Rust_primitives.mk_i32 (-3592148); Rust_primitives.mk_i32 (-2537516); - Rust_primitives.mk_i32 3915439; Rust_primitives.mk_i32 (-3861115); - Rust_primitives.mk_i32 (-3043716); Rust_primitives.mk_i32 3574422; - Rust_primitives.mk_i32 (-2867647); Rust_primitives.mk_i32 3539968; - Rust_primitives.mk_i32 (-300467); Rust_primitives.mk_i32 2348700; - Rust_primitives.mk_i32 (-539299); Rust_primitives.mk_i32 (-1699267); - Rust_primitives.mk_i32 (-1643818); Rust_primitives.mk_i32 3505694; - Rust_primitives.mk_i32 (-3821735); Rust_primitives.mk_i32 3507263; - Rust_primitives.mk_i32 (-2140649); Rust_primitives.mk_i32 (-1600420); - Rust_primitives.mk_i32 3699596; Rust_primitives.mk_i32 811944; Rust_primitives.mk_i32 531354; - Rust_primitives.mk_i32 954230; Rust_primitives.mk_i32 3881043; Rust_primitives.mk_i32 3900724; - Rust_primitives.mk_i32 (-2556880); Rust_primitives.mk_i32 2071892; - Rust_primitives.mk_i32 (-2797779); Rust_primitives.mk_i32 (-3930395); - Rust_primitives.mk_i32 (-1528703); Rust_primitives.mk_i32 (-3677745); - Rust_primitives.mk_i32 (-3041255); Rust_primitives.mk_i32 (-1452451); - Rust_primitives.mk_i32 3475950; Rust_primitives.mk_i32 2176455; - Rust_primitives.mk_i32 (-1585221); Rust_primitives.mk_i32 (-1257611); - Rust_primitives.mk_i32 1939314; Rust_primitives.mk_i32 (-4083598); - Rust_primitives.mk_i32 (-1000202); Rust_primitives.mk_i32 (-3190144); - Rust_primitives.mk_i32 (-3157330); Rust_primitives.mk_i32 (-3632928); - Rust_primitives.mk_i32 126922; Rust_primitives.mk_i32 3412210; - Rust_primitives.mk_i32 (-983419); Rust_primitives.mk_i32 2147896; - Rust_primitives.mk_i32 2715295; Rust_primitives.mk_i32 (-2967645); - Rust_primitives.mk_i32 (-3693493); Rust_primitives.mk_i32 (-411027); - Rust_primitives.mk_i32 (-2477047); Rust_primitives.mk_i32 (-671102); - Rust_primitives.mk_i32 (-1228525); Rust_primitives.mk_i32 (-22981); - Rust_primitives.mk_i32 (-1308169); Rust_primitives.mk_i32 (-381987); - Rust_primitives.mk_i32 1349076; Rust_primitives.mk_i32 1852771; - Rust_primitives.mk_i32 (-1430430); Rust_primitives.mk_i32 (-3343383); - Rust_primitives.mk_i32 264944; Rust_primitives.mk_i32 508951; Rust_primitives.mk_i32 3097992; - Rust_primitives.mk_i32 44288; Rust_primitives.mk_i32 (-1100098); Rust_primitives.mk_i32 904516; - Rust_primitives.mk_i32 3958618; Rust_primitives.mk_i32 (-3724342); - Rust_primitives.mk_i32 (-8578); Rust_primitives.mk_i32 1653064; - Rust_primitives.mk_i32 (-3249728); Rust_primitives.mk_i32 2389356; - Rust_primitives.mk_i32 (-210977); Rust_primitives.mk_i32 759969; - Rust_primitives.mk_i32 (-1316856); Rust_primitives.mk_i32 189548; - Rust_primitives.mk_i32 (-3553272); Rust_primitives.mk_i32 3159746; - Rust_primitives.mk_i32 (-1851402); Rust_primitives.mk_i32 (-2409325); - Rust_primitives.mk_i32 (-177440); Rust_primitives.mk_i32 1315589; - Rust_primitives.mk_i32 1341330; Rust_primitives.mk_i32 1285669; - Rust_primitives.mk_i32 (-1584928); Rust_primitives.mk_i32 (-812732); - Rust_primitives.mk_i32 (-1439742); Rust_primitives.mk_i32 (-3019102); - Rust_primitives.mk_i32 (-3881060); Rust_primitives.mk_i32 (-3628969); - Rust_primitives.mk_i32 3839961; Rust_primitives.mk_i32 2091667; Rust_primitives.mk_i32 3407706; - Rust_primitives.mk_i32 2316500; Rust_primitives.mk_i32 3817976; - Rust_primitives.mk_i32 (-3342478); Rust_primitives.mk_i32 2244091; - Rust_primitives.mk_i32 (-2446433); Rust_primitives.mk_i32 (-3562462); - Rust_primitives.mk_i32 266997; Rust_primitives.mk_i32 2434439; - Rust_primitives.mk_i32 (-1235728); Rust_primitives.mk_i32 3513181; - Rust_primitives.mk_i32 (-3520352); Rust_primitives.mk_i32 (-3759364); - Rust_primitives.mk_i32 (-1197226); Rust_primitives.mk_i32 (-3193378); - Rust_primitives.mk_i32 900702; Rust_primitives.mk_i32 1859098; Rust_primitives.mk_i32 909542; - Rust_primitives.mk_i32 819034; Rust_primitives.mk_i32 495491; - Rust_primitives.mk_i32 (-1613174); Rust_primitives.mk_i32 (-43260); - Rust_primitives.mk_i32 (-522500); Rust_primitives.mk_i32 (-655327); - Rust_primitives.mk_i32 (-3122442); Rust_primitives.mk_i32 2031748; - Rust_primitives.mk_i32 3207046; Rust_primitives.mk_i32 (-3556995); - Rust_primitives.mk_i32 (-525098); Rust_primitives.mk_i32 (-768622); - Rust_primitives.mk_i32 (-3595838); Rust_primitives.mk_i32 342297; - Rust_primitives.mk_i32 286988; Rust_primitives.mk_i32 (-2437823); - Rust_primitives.mk_i32 4108315; Rust_primitives.mk_i32 3437287; - Rust_primitives.mk_i32 (-3342277); Rust_primitives.mk_i32 1735879; - Rust_primitives.mk_i32 203044; Rust_primitives.mk_i32 2842341; Rust_primitives.mk_i32 2691481; - Rust_primitives.mk_i32 (-2590150); Rust_primitives.mk_i32 1265009; - Rust_primitives.mk_i32 4055324; Rust_primitives.mk_i32 1247620; Rust_primitives.mk_i32 2486353; - Rust_primitives.mk_i32 1595974; Rust_primitives.mk_i32 (-3767016); - Rust_primitives.mk_i32 1250494; Rust_primitives.mk_i32 2635921; - Rust_primitives.mk_i32 (-3548272); Rust_primitives.mk_i32 (-2994039); - Rust_primitives.mk_i32 1869119; Rust_primitives.mk_i32 1903435; - Rust_primitives.mk_i32 (-1050970); Rust_primitives.mk_i32 (-1333058); - Rust_primitives.mk_i32 1237275; Rust_primitives.mk_i32 (-3318210); - Rust_primitives.mk_i32 (-1430225); Rust_primitives.mk_i32 (-451100); - Rust_primitives.mk_i32 1312455; Rust_primitives.mk_i32 3306115; - Rust_primitives.mk_i32 (-1962642); Rust_primitives.mk_i32 (-1279661); - Rust_primitives.mk_i32 1917081; Rust_primitives.mk_i32 (-2546312); - Rust_primitives.mk_i32 (-1374803); Rust_primitives.mk_i32 1500165; - Rust_primitives.mk_i32 777191; Rust_primitives.mk_i32 2235880; Rust_primitives.mk_i32 3406031; - Rust_primitives.mk_i32 (-542412); Rust_primitives.mk_i32 (-2831860); - Rust_primitives.mk_i32 (-1671176); Rust_primitives.mk_i32 (-1846953); - Rust_primitives.mk_i32 (-2584293); Rust_primitives.mk_i32 (-3724270); - Rust_primitives.mk_i32 594136; Rust_primitives.mk_i32 (-3776993); - Rust_primitives.mk_i32 (-2013608); Rust_primitives.mk_i32 2432395; - Rust_primitives.mk_i32 2454455; Rust_primitives.mk_i32 (-164721); - Rust_primitives.mk_i32 1957272; Rust_primitives.mk_i32 3369112; Rust_primitives.mk_i32 185531; - Rust_primitives.mk_i32 (-1207385); Rust_primitives.mk_i32 (-3183426); - Rust_primitives.mk_i32 162844; Rust_primitives.mk_i32 1616392; Rust_primitives.mk_i32 3014001; - Rust_primitives.mk_i32 810149; Rust_primitives.mk_i32 1652634; - Rust_primitives.mk_i32 (-3694233); Rust_primitives.mk_i32 (-1799107); - Rust_primitives.mk_i32 (-3038916); Rust_primitives.mk_i32 3523897; - Rust_primitives.mk_i32 3866901; Rust_primitives.mk_i32 269760; Rust_primitives.mk_i32 2213111; - Rust_primitives.mk_i32 (-975884); Rust_primitives.mk_i32 1717735; - Rust_primitives.mk_i32 472078; Rust_primitives.mk_i32 (-426683); - Rust_primitives.mk_i32 1723600; Rust_primitives.mk_i32 (-1803090); - Rust_primitives.mk_i32 1910376; Rust_primitives.mk_i32 (-1667432); - Rust_primitives.mk_i32 (-1104333); Rust_primitives.mk_i32 (-260646); - Rust_primitives.mk_i32 (-3833893); Rust_primitives.mk_i32 (-2939036); - Rust_primitives.mk_i32 (-2235985); Rust_primitives.mk_i32 (-420899); - Rust_primitives.mk_i32 (-2286327); Rust_primitives.mk_i32 183443; - Rust_primitives.mk_i32 (-976891); Rust_primitives.mk_i32 1612842; - Rust_primitives.mk_i32 (-3545687); Rust_primitives.mk_i32 (-554416); - Rust_primitives.mk_i32 3919660; Rust_primitives.mk_i32 (-48306); - Rust_primitives.mk_i32 (-1362209); Rust_primitives.mk_i32 3937738; - Rust_primitives.mk_i32 1400424; Rust_primitives.mk_i32 (-846154); - Rust_primitives.mk_i32 1976782 + 0l; 25847l; (-2608894l); (-518909l); 237124l; (-777960l); (-876248l); 466468l; 1826347l; + 2353451l; (-359251l); (-2091905l); 3119733l; (-2884855l); 3111497l; 2680103l; 2725464l; + 1024112l; (-1079900l); 3585928l; (-549488l); (-1119584l); 2619752l; (-2108549l); (-2118186l); + (-3859737l); (-1399561l); (-3277672l); 1757237l; (-19422l); 4010497l; 280005l; 2706023l; + 95776l; 3077325l; 3530437l; (-1661693l); (-3592148l); (-2537516l); 3915439l; (-3861115l); + (-3043716l); 3574422l; (-2867647l); 3539968l; (-300467l); 2348700l; (-539299l); (-1699267l); + (-1643818l); 3505694l; (-3821735l); 3507263l; (-2140649l); (-1600420l); 3699596l; 811944l; + 531354l; 954230l; 3881043l; 3900724l; (-2556880l); 2071892l; (-2797779l); (-3930395l); + (-1528703l); (-3677745l); (-3041255l); (-1452451l); 3475950l; 2176455l; (-1585221l); + (-1257611l); 1939314l; (-4083598l); (-1000202l); (-3190144l); (-3157330l); (-3632928l); + 126922l; 3412210l; (-983419l); 2147896l; 2715295l; (-2967645l); (-3693493l); (-411027l); + (-2477047l); (-671102l); (-1228525l); (-22981l); (-1308169l); (-381987l); 1349076l; 1852771l; + (-1430430l); (-3343383l); 264944l; 508951l; 3097992l; 44288l; (-1100098l); 904516l; 3958618l; + (-3724342l); (-8578l); 1653064l; (-3249728l); 2389356l; (-210977l); 759969l; (-1316856l); + 189548l; (-3553272l); 3159746l; (-1851402l); (-2409325l); (-177440l); 1315589l; 1341330l; + 1285669l; (-1584928l); (-812732l); (-1439742l); (-3019102l); (-3881060l); (-3628969l); + 3839961l; 2091667l; 3407706l; 2316500l; 3817976l; (-3342478l); 2244091l; (-2446433l); + (-3562462l); 266997l; 2434439l; (-1235728l); 3513181l; (-3520352l); (-3759364l); (-1197226l); + (-3193378l); 900702l; 1859098l; 909542l; 819034l; 495491l; (-1613174l); (-43260l); (-522500l); + (-655327l); (-3122442l); 2031748l; 3207046l; (-3556995l); (-525098l); (-768622l); (-3595838l); + 342297l; 286988l; (-2437823l); 4108315l; 3437287l; (-3342277l); 1735879l; 203044l; 2842341l; + 2691481l; (-2590150l); 1265009l; 4055324l; 1247620l; 2486353l; 1595974l; (-3767016l); 1250494l; + 2635921l; (-3548272l); (-2994039l); 1869119l; 1903435l; (-1050970l); (-1333058l); 1237275l; + (-3318210l); (-1430225l); (-451100l); 1312455l; 3306115l; (-1962642l); (-1279661l); 1917081l; + (-2546312l); (-1374803l); 1500165l; 777191l; 2235880l; 3406031l; (-542412l); (-2831860l); + (-1671176l); (-1846953l); (-2584293l); (-3724270l); 594136l; (-3776993l); (-2013608l); + 2432395l; 2454455l; (-164721l); 1957272l; 3369112l; 185531l; (-1207385l); (-3183426l); 162844l; + 1616392l; 3014001l; 810149l; 1652634l; (-3694233l); (-1799107l); (-3038916l); 3523897l; + 3866901l; 269760l; 2213111l; (-975884l); 1717735l; 472078l; (-426683l); 1723600l; (-1803090l); + 1910376l; (-1667432l); (-1104333l); (-260646l); (-3833893l); (-2939036l); (-2235985l); + (-420899l); (-2286327l); 183443l; (-976891l); 1612842l; (-3545687l); (-554416l); 3919660l; + (-48306l); (-1362209l); 3937738l; 1400424l; (-846154l); 1976782l ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst index ec1147591..8af0ff228 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst @@ -17,18 +17,18 @@ let impl_4__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE let t_SigningError_cast_to_repr (x: t_SigningError) = match x with - | SigningError_RejectionSamplingError -> Rust_primitives.mk_isize 0 - | SigningError_ContextTooLongError -> Rust_primitives.mk_isize 1 + | SigningError_RejectionSamplingError -> isz 0 + | SigningError_ContextTooLongError -> isz 1 let t_VerificationError_cast_to_repr (x: t_VerificationError) = match x with - | VerificationError_MalformedHintError -> Rust_primitives.mk_isize 0 - | VerificationError_SignerResponseExceedsBoundError -> Rust_primitives.mk_isize 1 - | VerificationError_CommitmentHashesDontMatchError -> Rust_primitives.mk_isize 3 - | VerificationError_ContextTooLongError -> Rust_primitives.mk_isize 6 - -let impl_4__as_slice (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self._0 <: t_Slice u8 + | VerificationError_MalformedHintError -> isz 0 + | VerificationError_SignerResponseExceedsBoundError -> isz 1 + | VerificationError_CommitmentHashesDontMatchError -> isz 3 + | VerificationError_ContextTooLongError -> isz 6 let impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self._0 <: t_Slice u8 let impl_2__as_slice (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) = self._0 <: t_Slice u8 + +let impl_4__as_slice (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) = self._0 <: t_Slice u8 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti index e1c781c13..f121066d7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fsti @@ -20,46 +20,18 @@ val impl_2__len: v_SIZE: usize -> Prims.unit val impl_4__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) -type t_SigningError = - | SigningError_RejectionSamplingError : t_SigningError - | SigningError_ContextTooLongError : t_SigningError - -val t_SigningError_cast_to_repr (x: t_SigningError) - : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) - -type t_VerificationError = - | VerificationError_MalformedHintError : t_VerificationError - | VerificationError_SignerResponseExceedsBoundError : t_VerificationError - | VerificationError_CommitmentHashesDontMatchError : t_VerificationError - | VerificationError_ContextTooLongError : t_VerificationError - -val t_VerificationError_cast_to_repr (x: t_VerificationError) - : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) - ///An ML-DSA signature. type t_MLDSASignature (v_SIZE: usize) = | MLDSASignature : t_Array u8 v_SIZE -> t_MLDSASignature v_SIZE -/// A reference to the raw byte slice. -val impl_4__as_slice (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-DSA signature key. type t_MLDSASigningKey (v_SIZE: usize) = | MLDSASigningKey : t_Array u8 v_SIZE -> t_MLDSASigningKey v_SIZE -/// A reference to the raw byte slice. -val impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-DSA verification key. type t_MLDSAVerificationKey (v_SIZE: usize) = | MLDSAVerificationKey : t_Array u8 v_SIZE -> t_MLDSAVerificationKey v_SIZE -/// A reference to the raw byte slice. -val impl_2__as_slice (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - /// An ML-DSA key pair. type t_MLDSAKeyPair (v_VERIFICATION_KEY_SIZE: usize) (v_SIGNING_KEY_SIZE: usize) = { f_signing_key:t_MLDSASigningKey v_SIGNING_KEY_SIZE; @@ -73,5 +45,33 @@ type t_Signature f_commitment_hash:t_Array u8 v_COMMITMENT_HASH_SIZE; f_signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) v_COLUMNS_IN_A; - f_hint:t_Array (t_Array i32 (Rust_primitives.mk_usize 256)) v_ROWS_IN_A + f_hint:t_Array (t_Array i32 (sz 256)) v_ROWS_IN_A } + +type t_SigningError = + | SigningError_RejectionSamplingError : t_SigningError + | SigningError_ContextTooLongError : t_SigningError + +val t_SigningError_cast_to_repr (x: t_SigningError) + : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) + +type t_VerificationError = + | VerificationError_MalformedHintError : t_VerificationError + | VerificationError_SignerResponseExceedsBoundError : t_VerificationError + | VerificationError_CommitmentHashesDontMatchError : t_VerificationError + | VerificationError_ContextTooLongError : t_VerificationError + +val t_VerificationError_cast_to_repr (x: t_VerificationError) + : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) + +/// A reference to the raw byte slice. +val impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A reference to the raw byte slice. +val impl_2__as_slice (v_SIZE: usize) (self: t_MLDSAVerificationKey v_SIZE) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A reference to the raw byte slice. +val impl_4__as_slice (v_SIZE: usize) (self: t_MLDSASignature v_SIZE) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Utils.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Utils.fst index 02b37aa5a..82aa84965 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Utils.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Utils.fst @@ -12,18 +12,18 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = in () in - let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat (Rust_primitives.mk_u8 0) v_LEN in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in let out:t_Array u8 v_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; + Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = Rust_primitives.mk_usize 0; + Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/dep.graph b/libcrux-ml-dsa/proofs/fstar/extraction/dep.graph index 2c831085a..ddce2bce1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/dep.graph +++ b/libcrux-ml-dsa/proofs/fstar/extraction/dep.graph @@ -5,21 +5,20 @@ digraph { "fstar_reflection_const" -> "prims" "libcrux_ml_dsa_ml_dsa_87__portable" -> "core_result" "libcrux_ml_dsa_ml_dsa_87__portable" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_87__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__portable" -> "core" "libcrux_ml_dsa_ml_dsa_87__portable" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_87__portable" -> "prims" + "libcrux_ml_dsa_ntt" -> "fstar_int32" + "libcrux_ml_dsa_ntt" -> "fstar_int32" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_ntt" -> "core_slice" "libcrux_ml_dsa_ntt" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_ntt" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_ntt" -> "fstar_pervasives_native" "libcrux_ml_dsa_ntt" -> "fstar_pervasives_native" - "libcrux_ml_dsa_ntt" -> "core_slice" "libcrux_ml_dsa_ntt" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_ntt" -> "rust_primitives" - "libcrux_ml_dsa_ntt" -> "rust_primitives" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_ntt" -> "fstar_tactics_typeclasses" @@ -35,9 +34,19 @@ digraph { "libcrux_ml_dsa_ntt" -> "prims" "libcrux_ml_dsa_ntt" -> "prims" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_ntt" + "libcrux_sha3_portable" -> "libcrux_sha3_generic_keccak" + "libcrux_sha3_portable" -> "libcrux_sha3_generic_keccak" + "libcrux_sha3_portable" -> "fstar_mul" + "libcrux_sha3_portable" -> "fstar_mul" + "libcrux_sha3_portable" -> "core" + "libcrux_sha3_portable" -> "core" + "libcrux_sha3_portable" -> "fstar_pervasives" + "libcrux_sha3_portable" -> "fstar_pervasives" + "libcrux_sha3_portable" -> "prims" + "libcrux_sha3_portable" -> "prims" + "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_44_" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44_" -> "libcrux_ml_dsa_ml_dsa_generic_multiplexing" - "libcrux_ml_dsa_ml_dsa_44_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44_" -> "core" "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_pervasives" @@ -90,10 +99,21 @@ digraph { "core_fmt" -> "fstar_pervasives" "core_fmt" -> "prims" "core_fmt" -> "prims" + "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" + "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" + "libcrux_sha3_generic_keccak" -> "fstar_mul" + "libcrux_sha3_generic_keccak" -> "fstar_mul" + "libcrux_sha3_generic_keccak" -> "core" + "libcrux_sha3_generic_keccak" -> "core" + "libcrux_sha3_generic_keccak" -> "fstar_pervasives" + "libcrux_sha3_generic_keccak" -> "fstar_pervasives" + "libcrux_sha3_generic_keccak" -> "prims" + "libcrux_sha3_generic_keccak" -> "prims" + "libcrux_sha3_generic_keccak" -> "libcrux_sha3_generic_keccak" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "core" @@ -134,10 +154,10 @@ digraph { "fstar_tactics_v1_logic" -> "fstar_pervasives" "fstar_tactics_v1_logic" -> "prims" "fstar_tactics_v1_logic" -> "prims" + "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_vector_type" -> "libcrux_intrinsics_avx2_extract" @@ -182,10 +202,6 @@ digraph { "fstar_tactics_bv" -> "prims" "fstar_tactics_bv" -> "prims" "fstar_tactics_bv" -> "fstar_tactics_bv" - "libcrux_platform_platform" -> "fstar_mul" - "libcrux_platform_platform" -> "core" - "libcrux_platform_platform" -> "fstar_pervasives" - "libcrux_platform_platform" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "core_convert" @@ -194,9 +210,15 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "core_array" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "core_result" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "core_result" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int64" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int64" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int8" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "hax_lib" @@ -206,8 +228,8 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_mul" @@ -249,8 +271,8 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "fstar_mul" @@ -264,7 +286,6 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" -> "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_eta" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "core_result" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_87__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "core" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "fstar_pervasives" @@ -332,16 +353,18 @@ digraph { "fstar_tactics_bv_lemmas" -> "fstar_pervasives" "fstar_tactics_bv_lemmas" -> "prims" "fstar_tactics_bv_lemmas" -> "prims" - "libcrux_sha3_portable_incremental" -> "libcrux_sha3_portable" - "libcrux_sha3_portable_incremental" -> "libcrux_sha3_portable" - "libcrux_sha3_portable_incremental" -> "fstar_mul" - "libcrux_sha3_portable_incremental" -> "fstar_mul" - "libcrux_sha3_portable_incremental" -> "core" - "libcrux_sha3_portable_incremental" -> "core" - "libcrux_sha3_portable_incremental" -> "fstar_pervasives" - "libcrux_sha3_portable_incremental" -> "fstar_pervasives" - "libcrux_sha3_portable_incremental" -> "prims" - "libcrux_sha3_portable_incremental" -> "prims" + "libcrux_sha3_generic_keccak" -> "fstar_tactics_typeclasses" + "libcrux_sha3_generic_keccak" -> "fstar_tactics_typeclasses" + "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" + "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" + "libcrux_sha3_generic_keccak" -> "fstar_mul" + "libcrux_sha3_generic_keccak" -> "fstar_mul" + "libcrux_sha3_generic_keccak" -> "core" + "libcrux_sha3_generic_keccak" -> "core" + "libcrux_sha3_generic_keccak" -> "fstar_pervasives" + "libcrux_sha3_generic_keccak" -> "fstar_pervasives" + "libcrux_sha3_generic_keccak" -> "prims" + "libcrux_sha3_generic_keccak" -> "prims" "fstar_uint" -> "fstar_seq_base" "fstar_uint" -> "fstar_seq_base" "fstar_uint" -> "fstar_math_lemmas" @@ -396,17 +419,26 @@ digraph { "lib_sequence" -> "fstar_pervasives" "lib_sequence" -> "prims" "lib_sequence" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_ml_dsa_65_" -> "core_result" "libcrux_ml_dsa_ml_dsa_65_" -> "libcrux_ml_dsa_types" + "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_65_" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_ml_dsa_65_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65_" -> "core" "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_65_" -> "prims" + "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_87_" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_87_" -> "libcrux_ml_dsa_ml_dsa_generic_multiplexing" - "libcrux_ml_dsa_ml_dsa_87_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87_" -> "core" "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_pervasives" @@ -416,8 +448,6 @@ digraph { "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives" "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_mul" @@ -428,6 +458,10 @@ digraph { "libcrux_ml_dsa_encoding_gamma1" -> "fstar_pervasives" "libcrux_ml_dsa_encoding_gamma1" -> "prims" "libcrux_ml_dsa_encoding_gamma1" -> "prims" + "libcrux_platform_platform" -> "fstar_mul" + "libcrux_platform_platform" -> "core" + "libcrux_platform_platform" -> "fstar_pervasives" + "libcrux_platform_platform" -> "prims" "fstar_pervasives" -> "prims" "fstar_pervasives" -> "prims" "fstar_pervasives" -> "fstar_pervasives" @@ -452,8 +486,6 @@ digraph { "rust_primitives_hax" -> "prims" "libcrux_ml_dsa_hash_functions_shake256" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_shake256" -> "rust_primitives_hax" - "libcrux_ml_dsa_hash_functions_shake256" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_shake256" -> "rust_primitives" "libcrux_ml_dsa_hash_functions_shake256" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_shake256" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_shake256" -> "fstar_mul" @@ -478,8 +510,10 @@ digraph { "libcrux_ml_dsa_simd_traits" -> "fstar_list_tot" "libcrux_ml_dsa_simd_traits" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_simd_traits" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_simd_traits" -> "rust_primitives" - "libcrux_ml_dsa_simd_traits" -> "rust_primitives" + "libcrux_ml_dsa_simd_traits" -> "fstar_uint64" + "libcrux_ml_dsa_simd_traits" -> "fstar_uint64" + "libcrux_ml_dsa_simd_traits" -> "fstar_int32" + "libcrux_ml_dsa_simd_traits" -> "fstar_int32" "libcrux_ml_dsa_simd_traits" -> "core_clone" "libcrux_ml_dsa_simd_traits" -> "core_clone" "libcrux_ml_dsa_simd_traits" -> "core_marker" @@ -494,14 +528,17 @@ digraph { "libcrux_ml_dsa_simd_traits" -> "fstar_pervasives" "libcrux_ml_dsa_simd_traits" -> "prims" "libcrux_ml_dsa_simd_traits" -> "prims" + "libcrux_ml_dsa_ml_dsa_65__neon" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_65__neon" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_65__neon" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" - "libcrux_ml_dsa_ml_dsa_65__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__neon" -> "core" "libcrux_ml_dsa_ml_dsa_65__neon" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_65__neon" -> "prims" "libcrux_ml_dsa_ml_dsa_65__neon" -> "libcrux_ml_dsa_ml_dsa_65__neon" + "libcrux_ml_dsa_encoding_t0" -> "core_ops_range" + "libcrux_ml_dsa_encoding_t0" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_t0" -> "fstar_uint8" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_constants" @@ -510,25 +547,22 @@ digraph { "libcrux_ml_dsa_encoding_t0" -> "core_iter_adapters_enumerate" "libcrux_ml_dsa_encoding_t0" -> "core_iter_traits_collect" "libcrux_ml_dsa_encoding_t0" -> "core_iter_traits_collect" + "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax" + "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax" + "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_t0" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_t0" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_t0" -> "core_option" "libcrux_ml_dsa_encoding_t0" -> "core_option" "libcrux_ml_dsa_encoding_t0" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_t0" -> "fstar_pervasives_native" - "libcrux_ml_dsa_encoding_t0" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_t0" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_t0" -> "core_slice" - "libcrux_ml_dsa_encoding_t0" -> "core_ops_range" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_t0" -> "core_slice" + "libcrux_ml_dsa_encoding_t0" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_t0" -> "core_slice_iter" "libcrux_ml_dsa_encoding_t0" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t0" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_simd_traits" @@ -572,7 +606,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "libcrux_platform_platform" - "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "core" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "fstar_pervasives" @@ -614,19 +647,6 @@ digraph { "fstar_string" -> "fstar_pervasives" "fstar_string" -> "prims" "fstar_string" -> "prims" - "bitvec_equality" -> "fstar_functionalextensionality" - "bitvec_equality" -> "fstar_functionalextensionality" - "bitvec_equality" -> "fstar_mul" - "bitvec_equality" -> "fstar_mul" - "bitvec_equality" -> "rust_primitives" - "bitvec_equality" -> "rust_primitives" - "bitvec_equality" -> "core" - "bitvec_equality" -> "core" - "bitvec_equality" -> "fstar_pervasives" - "bitvec_equality" -> "fstar_pervasives" - "bitvec_equality" -> "prims" - "bitvec_equality" -> "prims" - "bitvec_equality" -> "bitvec_equality" "spec_sha3" -> "fstar_pervasives_native" "spec_sha3" -> "fstar_pervasives_native" "spec_sha3" -> "spec_sha3_constants" @@ -649,18 +669,18 @@ digraph { "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_portable_incremental" "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_ml_dsa_hash_functions_shake256" "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_ml_dsa_hash_functions_shake256" - "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_portable" - "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_portable" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_uint8" + "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_uint8" "libcrux_ml_dsa_hash_functions_simd256" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_simd256" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_pervasives_native" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_pervasives_native" - "libcrux_ml_dsa_hash_functions_simd256" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_simd256" -> "rust_primitives" "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_ml_dsa_hash_functions_shake128" + "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_portable" + "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_portable" "libcrux_ml_dsa_hash_functions_simd256" -> "libcrux_sha3_avx2_x4_incremental" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_mul" "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_mul" @@ -670,6 +690,19 @@ digraph { "libcrux_ml_dsa_hash_functions_simd256" -> "fstar_pervasives" "libcrux_ml_dsa_hash_functions_simd256" -> "prims" "libcrux_ml_dsa_hash_functions_simd256" -> "prims" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_portable_encoding_commitment" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_pervasives_native" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_portable_sample" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_int32" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_uint8" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_traits" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_portable_vector_type" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_mul" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_pervasives" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "prims" "fstar_calc" -> "fstar_classical" "fstar_calc" -> "fstar_classical" "fstar_calc" -> "fstar_preorder" @@ -681,6 +714,43 @@ digraph { "fstar_calc" -> "prims" "fstar_calc" -> "prims" "fstar_calc" -> "fstar_calc" + "spec_utils" -> "rust_primitives_integers" + "spec_utils" -> "rust_primitives_integers" + "spec_utils" -> "fstar_calc" + "spec_utils" -> "fstar_calc" + "spec_utils" -> "fstar_int32" + "spec_utils" -> "fstar_int32" + "spec_utils" -> "fstar_int16" + "spec_utils" -> "fstar_int16" + "spec_utils" -> "fstar_math_lemmas" + "spec_utils" -> "fstar_math_lemmas" + "spec_utils" -> "fstar_classical_sugar" + "spec_utils" -> "fstar_classical_sugar" + "spec_utils" -> "rust_primitives_hax_monomorphized_update_at" + "spec_utils" -> "rust_primitives_hax_monomorphized_update_at" + "spec_utils" -> "core_ops_range" + "spec_utils" -> "lib_inttypes" + "spec_utils" -> "lib_inttypes" + "spec_utils" -> "lib_rawinttypes" + "spec_utils" -> "lib_rawinttypes" + "spec_utils" -> "spec_sha3" + "spec_utils" -> "spec_sha3" + "spec_utils" -> "fstar_list_tot" + "spec_utils" -> "fstar_list_tot" + "spec_utils" -> "rust_primitives_hax" + "spec_utils" -> "rust_primitives_hax" + "spec_utils" -> "lib_loopcombinators" + "spec_utils" -> "lib_loopcombinators" + "spec_utils" -> "fstar_seq" + "spec_utils" -> "fstar_seq" + "spec_utils" -> "core" + "spec_utils" -> "core" + "spec_utils" -> "fstar_mul" + "spec_utils" -> "fstar_mul" + "spec_utils" -> "fstar_pervasives" + "spec_utils" -> "fstar_pervasives" + "spec_utils" -> "prims" + "spec_utils" -> "prims" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "rust_primitives_hax" @@ -689,8 +759,8 @@ digraph { "libcrux_ml_dsa_simd_avx2_arithmetic" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_avx2_arithmetic" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_arithmetic" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_arithmetic" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_arithmetic" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "core_num" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_avx2_arithmetic" -> "fstar_pervasives_native" @@ -710,8 +780,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "core_result" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "core_result" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_avx2" @@ -776,8 +844,8 @@ digraph { "lib_inttypes" -> "fstar_pervasives" "lib_inttypes" -> "prims" "lib_inttypes" -> "prims" - "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t0" -> "fstar_mul" @@ -804,15 +872,19 @@ digraph { "libcrux_ml_dsa_encoding_signature" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_encoding_signature" -> "core_result" "libcrux_ml_dsa_encoding_signature" -> "core_result" + "libcrux_ml_dsa_encoding_signature" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_signature" -> "fstar_uint8" "libcrux_ml_dsa_encoding_signature" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_signature" -> "fstar_pervasives_native" + "libcrux_ml_dsa_encoding_signature" -> "rust_primitives" + "libcrux_ml_dsa_encoding_signature" -> "rust_primitives" + "libcrux_ml_dsa_encoding_signature" -> "fstar_int32" + "libcrux_ml_dsa_encoding_signature" -> "fstar_int32" "libcrux_ml_dsa_encoding_signature" -> "core_ops_range" "libcrux_ml_dsa_encoding_signature" -> "libcrux_ml_dsa_encoding_gamma1" "libcrux_ml_dsa_encoding_signature" -> "libcrux_ml_dsa_encoding_gamma1" "libcrux_ml_dsa_encoding_signature" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_signature" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_signature" -> "rust_primitives" - "libcrux_ml_dsa_encoding_signature" -> "rust_primitives" "libcrux_ml_dsa_encoding_signature" -> "rust_primitives_hax_folds" "libcrux_ml_dsa_encoding_signature" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_signature" -> "rust_primitives_hax" @@ -841,8 +913,8 @@ digraph { "libcrux_ml_dsa_utils" -> "core_ops_range" "libcrux_ml_dsa_utils" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_utils" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_utils" -> "rust_primitives" - "libcrux_ml_dsa_utils" -> "rust_primitives" + "libcrux_ml_dsa_utils" -> "fstar_uint8" + "libcrux_ml_dsa_utils" -> "fstar_uint8" "libcrux_ml_dsa_utils" -> "rust_primitives_hax" "libcrux_ml_dsa_utils" -> "rust_primitives_hax" "libcrux_ml_dsa_utils" -> "core_slice" @@ -973,14 +1045,20 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_error" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int16" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int16" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives_hax" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "core_slice" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "hax_lib" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "hax_lib" @@ -1005,8 +1083,8 @@ digraph { "fstar_list_tot_properties" -> "prims" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_ntt" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_ntt" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_ntt" -> "core" @@ -1015,10 +1093,16 @@ digraph { "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_pervasives" "libcrux_ml_dsa_simd_avx2_ntt" -> "prims" "libcrux_ml_dsa_simd_avx2_ntt" -> "prims" + "libcrux_sha3_avx2_x4" -> "fstar_mul" + "libcrux_sha3_avx2_x4" -> "fstar_mul" + "libcrux_sha3_avx2_x4" -> "core" + "libcrux_sha3_avx2_x4" -> "core" + "libcrux_sha3_avx2_x4" -> "fstar_pervasives" + "libcrux_sha3_avx2_x4" -> "fstar_pervasives" + "libcrux_sha3_avx2_x4" -> "prims" + "libcrux_sha3_avx2_x4" -> "prims" "libcrux_ml_dsa_hash_functions_shake128" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_shake128" -> "rust_primitives_hax" - "libcrux_ml_dsa_hash_functions_shake128" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_shake128" -> "rust_primitives" "libcrux_ml_dsa_hash_functions_shake128" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_shake128" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_shake128" -> "fstar_mul" @@ -1029,10 +1113,19 @@ digraph { "libcrux_ml_dsa_hash_functions_shake128" -> "fstar_pervasives" "libcrux_ml_dsa_hash_functions_shake128" -> "prims" "libcrux_ml_dsa_hash_functions_shake128" -> "prims" + "libcrux_sha3_portable" -> "fstar_mul" + "libcrux_sha3_portable" -> "fstar_mul" + "libcrux_sha3_portable" -> "core" + "libcrux_sha3_portable" -> "core" + "libcrux_sha3_portable" -> "fstar_pervasives" + "libcrux_sha3_portable" -> "fstar_pervasives" + "libcrux_sha3_portable" -> "prims" + "libcrux_sha3_portable" -> "prims" + "libcrux_sha3_portable" -> "libcrux_sha3_portable" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core" @@ -1073,36 +1166,36 @@ digraph { "rust_primitives_hax_folds" -> "fstar_pervasives" "rust_primitives_hax_folds" -> "prims" "rust_primitives_hax_folds" -> "prims" - "libcrux_ml_dsa_encoding_signing_key" -> "core_convert" - "libcrux_ml_dsa_encoding_signing_key" -> "core_convert" - "libcrux_ml_dsa_encoding_signing_key" -> "core_array" - "libcrux_ml_dsa_encoding_signing_key" -> "core_array" - "libcrux_ml_dsa_encoding_signing_key" -> "core_result" - "libcrux_ml_dsa_encoding_signing_key" -> "core_result" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_t0" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_t0" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_error" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_error" - "libcrux_ml_dsa_encoding_signing_key" -> "fstar_pervasives_native" - "libcrux_ml_dsa_encoding_signing_key" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_signing_key" -> "core_slice_iter" "libcrux_ml_dsa_encoding_signing_key" -> "core_slice_iter" "libcrux_ml_dsa_encoding_signing_key" -> "core_iter_traits_collect" "libcrux_ml_dsa_encoding_signing_key" -> "core_iter_traits_collect" "libcrux_ml_dsa_encoding_signing_key" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_signing_key" -> "core_iter_traits_iterator" - "libcrux_ml_dsa_encoding_signing_key" -> "core_slice" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_encoding_signing_key" -> "core_ops_range" "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives" - "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives" + "libcrux_ml_dsa_encoding_signing_key" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_signing_key" -> "fstar_uint8" "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives_hax" + "libcrux_ml_dsa_encoding_signing_key" -> "core_convert" + "libcrux_ml_dsa_encoding_signing_key" -> "core_convert" + "libcrux_ml_dsa_encoding_signing_key" -> "core_array" + "libcrux_ml_dsa_encoding_signing_key" -> "core_array" + "libcrux_ml_dsa_encoding_signing_key" -> "core_result" + "libcrux_ml_dsa_encoding_signing_key" -> "core_result" + "libcrux_ml_dsa_encoding_signing_key" -> "fstar_pervasives_native" + "libcrux_ml_dsa_encoding_signing_key" -> "fstar_pervasives_native" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_t0" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_t0" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_error" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_error" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_encoding_signing_key" -> "core_slice" "libcrux_ml_dsa_encoding_signing_key" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_signing_key" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_simd_traits" @@ -1118,23 +1211,12 @@ digraph { "libcrux_ml_dsa_encoding_signing_key" -> "prims" "libcrux_ml_dsa_encoding_signing_key" -> "prims" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_encoding_signing_key" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "core_slice" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "hax_lib" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_encoding_t0" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_encoding_t0" -> "core" "libcrux_ml_dsa_simd_portable_encoding_t0" -> "fstar_pervasives" "libcrux_ml_dsa_simd_portable_encoding_t0" -> "prims" "libcrux_ml_dsa_simd_portable_encoding_t0" -> "libcrux_ml_dsa_simd_portable_encoding_t0" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_vector_type" -> "core" @@ -1152,12 +1234,13 @@ digraph { "libcrux_ml_dsa_simd_portable_sample" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_simd_portable_sample" -> "core_slice" "libcrux_ml_dsa_simd_portable_sample" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_portable_sample" -> "fstar_int32" + "libcrux_ml_dsa_simd_portable_sample" -> "fstar_uint8" "libcrux_ml_dsa_simd_portable_sample" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_portable_sample" -> "core_slice_iter" "libcrux_ml_dsa_simd_portable_sample" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_portable_sample" -> "core_iter_traits_collect" "libcrux_ml_dsa_simd_portable_sample" -> "core_iter_traits_iterator" - "libcrux_ml_dsa_simd_portable_sample" -> "rust_primitives" "libcrux_ml_dsa_simd_portable_sample" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_sample" -> "core" "libcrux_ml_dsa_simd_portable_sample" -> "fstar_pervasives" @@ -1172,12 +1255,16 @@ digraph { "fstar_stubs_tactics_types" -> "fstar_pervasives" "fstar_stubs_tactics_types" -> "prims" "fstar_stubs_tactics_types" -> "prims" + "libcrux_ml_dsa_samplex4" -> "fstar_uint16" + "libcrux_ml_dsa_samplex4" -> "fstar_uint16" "libcrux_ml_dsa_samplex4" -> "core_panicking" "libcrux_ml_dsa_samplex4" -> "core_panicking" "libcrux_ml_dsa_samplex4" -> "fstar_pervasives_native" "libcrux_ml_dsa_samplex4" -> "fstar_pervasives_native" "libcrux_ml_dsa_samplex4" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_samplex4" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_samplex4" -> "fstar_uint8" + "libcrux_ml_dsa_samplex4" -> "fstar_uint8" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_sample" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_sample" "libcrux_ml_dsa_samplex4" -> "rust_primitives_hax" @@ -1186,8 +1273,8 @@ digraph { "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_samplex4" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_samplex4" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_samplex4" -> "rust_primitives" - "libcrux_ml_dsa_samplex4" -> "rust_primitives" + "libcrux_ml_dsa_samplex4" -> "fstar_int32" + "libcrux_ml_dsa_samplex4" -> "fstar_int32" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_hash_functions_shake256" @@ -1213,8 +1300,6 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_pervasives" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "prims" - "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_vector_type" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_vector_type" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_vector_type" -> "core_convert" @@ -1236,7 +1321,6 @@ digraph { "fstar_stubs_tactics_result" -> "prims" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "core_result" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_simd_portable" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_pre_hash" @@ -1249,13 +1333,12 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "prims" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "core_result" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_65__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "core" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "prims" - "libcrux_ml_dsa_constants" -> "rust_primitives" - "libcrux_ml_dsa_constants" -> "rust_primitives" + "libcrux_ml_dsa_constants" -> "fstar_int32" + "libcrux_ml_dsa_constants" -> "fstar_int32" "libcrux_ml_dsa_constants" -> "fstar_mul" "libcrux_ml_dsa_constants" -> "fstar_mul" "libcrux_ml_dsa_constants" -> "core" @@ -1290,10 +1373,10 @@ digraph { "fstar_int" -> "fstar_pervasives" "fstar_int" -> "prims" "fstar_int" -> "prims" + "libcrux_ml_dsa_matrix" -> "fstar_int32" + "libcrux_ml_dsa_matrix" -> "fstar_int32" "libcrux_ml_dsa_matrix" -> "libcrux_ml_dsa_arithmetic" "libcrux_ml_dsa_matrix" -> "libcrux_ml_dsa_arithmetic" - "libcrux_ml_dsa_matrix" -> "rust_primitives" - "libcrux_ml_dsa_matrix" -> "rust_primitives" "libcrux_ml_dsa_matrix" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_matrix" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_matrix" -> "rust_primitives_hax_monomorphized_update_at" @@ -1316,12 +1399,12 @@ digraph { "libcrux_ml_dsa_matrix" -> "prims" "libcrux_ml_dsa_matrix" -> "prims" "libcrux_ml_dsa_matrix" -> "libcrux_ml_dsa_matrix" + "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_int32" + "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_44__neon" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__neon" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__neon" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" "libcrux_ml_dsa_ml_dsa_44__neon" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" - "libcrux_ml_dsa_ml_dsa_44__neon" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_44__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__neon" -> "core" @@ -1431,7 +1514,6 @@ digraph { "fstar_monotonic_witnessed" -> "fstar_monotonic_witnessed" "libcrux_ml_dsa_ml_dsa_65__neon" -> "core_result" "libcrux_ml_dsa_ml_dsa_65__neon" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_65__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__neon" -> "core" "libcrux_ml_dsa_ml_dsa_65__neon" -> "fstar_pervasives" @@ -1479,17 +1561,6 @@ digraph { "fstar_tactics_effect" -> "fstar_pervasives" "fstar_tactics_effect" -> "prims" "fstar_tactics_effect" -> "prims" - "libcrux_intrinsics_avx2_extract" -> "fstar_mul" - "libcrux_intrinsics_avx2_extract" -> "fstar_mul" - "libcrux_intrinsics_avx2_extract" -> "core" - "libcrux_intrinsics_avx2_extract" -> "core" - "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" - "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" - "libcrux_intrinsics_avx2_extract" -> "prims" - "libcrux_intrinsics_avx2_extract" -> "prims" - "libcrux_intrinsics_avx2_extract" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives" - "libcrux_ml_dsa_encoding_signing_key" -> "rust_primitives" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_signing_key" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_signing_key" -> "fstar_tactics_typeclasses" @@ -1524,8 +1595,8 @@ digraph { "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_ml_dsa_simd_avx2_arithmetic" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_ml_dsa_simd_avx2_arithmetic" - "libcrux_ml_dsa_simd_avx2_ntt" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_ntt" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_ntt" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_ntt" -> "fstar_mul" @@ -1550,8 +1621,6 @@ digraph { "fstar_stubs_syntax_syntax" -> "fstar_pervasives" "fstar_stubs_syntax_syntax" -> "prims" "fstar_stubs_syntax_syntax" -> "prims" - "libcrux_ml_dsa_polynomial" -> "rust_primitives" - "libcrux_ml_dsa_polynomial" -> "rust_primitives" "libcrux_ml_dsa_polynomial" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_polynomial" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_polynomial" -> "libcrux_ml_dsa_simd_traits" @@ -1568,8 +1637,6 @@ digraph { "core_fmt_rt" -> "fstar_pervasives" "core_fmt_rt" -> "prims" "core_fmt_rt" -> "prims" - "libcrux_ml_dsa_types" -> "rust_primitives" - "libcrux_ml_dsa_types" -> "rust_primitives" "libcrux_ml_dsa_types" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_types" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_types" -> "fstar_mul" @@ -1581,15 +1648,6 @@ digraph { "libcrux_ml_dsa_types" -> "prims" "libcrux_ml_dsa_types" -> "prims" "libcrux_ml_dsa_types" -> "libcrux_ml_dsa_types" - "libcrux_sha3_portable" -> "fstar_mul" - "libcrux_sha3_portable" -> "fstar_mul" - "libcrux_sha3_portable" -> "core" - "libcrux_sha3_portable" -> "core" - "libcrux_sha3_portable" -> "fstar_pervasives" - "libcrux_sha3_portable" -> "fstar_pervasives" - "libcrux_sha3_portable" -> "prims" - "libcrux_sha3_portable" -> "prims" - "libcrux_sha3_portable" -> "libcrux_sha3_portable" "lib_bytesequence" -> "fstar_pervasives_native" "lib_bytesequence" -> "fstar_pervasives_native" "lib_bytesequence" -> "fstar_calc" @@ -1646,18 +1704,18 @@ digraph { "libcrux_ml_dsa_pre_hash" -> "rust_primitives_hax" "libcrux_ml_dsa_pre_hash" -> "fstar_list_tot" "libcrux_ml_dsa_pre_hash" -> "fstar_list_tot" - "libcrux_ml_dsa_pre_hash" -> "core_result" - "libcrux_ml_dsa_pre_hash" -> "core_result" - "libcrux_ml_dsa_pre_hash" -> "core_option" - "libcrux_ml_dsa_pre_hash" -> "core_option" + "libcrux_ml_dsa_pre_hash" -> "fstar_uint8" + "libcrux_ml_dsa_pre_hash" -> "fstar_uint8" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_pre_hash" -> "core_convert" "libcrux_ml_dsa_pre_hash" -> "core_convert" - "libcrux_ml_dsa_pre_hash" -> "rust_primitives" - "libcrux_ml_dsa_pre_hash" -> "rust_primitives" "libcrux_ml_dsa_pre_hash" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_pre_hash" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_pre_hash" -> "core_result" + "libcrux_ml_dsa_pre_hash" -> "core_result" + "libcrux_ml_dsa_pre_hash" -> "core_option" + "libcrux_ml_dsa_pre_hash" -> "core_option" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_portable" @@ -1738,8 +1796,8 @@ digraph { "libcrux_ml_dsa_simd_portable" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_error" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "core" @@ -1748,15 +1806,6 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_error" -> "fstar_pervasives" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_error" -> "prims" - "libcrux_sha3_avx2_x4_incremental" -> "libcrux_sha3_neon_x2_incremental" - "libcrux_sha3_avx2_x4_incremental" -> "fstar_mul" - "libcrux_sha3_avx2_x4_incremental" -> "fstar_mul" - "libcrux_sha3_avx2_x4_incremental" -> "core" - "libcrux_sha3_avx2_x4_incremental" -> "core" - "libcrux_sha3_avx2_x4_incremental" -> "fstar_pervasives" - "libcrux_sha3_avx2_x4_incremental" -> "fstar_pervasives" - "libcrux_sha3_avx2_x4_incremental" -> "prims" - "libcrux_sha3_avx2_x4_incremental" -> "prims" "fstar_seq_base" -> "fstar_list_tot" "fstar_seq_base" -> "fstar_list_tot" "fstar_seq_base" -> "fstar_pervasives" @@ -1777,6 +1826,20 @@ digraph { "fstar_int8" -> "prims" "fstar_int8" -> "prims" "fstar_int8" -> "fstar_int8" + "bitvec_utils" -> "fstar_list_tot" + "bitvec_utils" -> "fstar_list_tot" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "core" + "bitvec_utils" -> "core" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "prims" + "bitvec_utils" -> "prims" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_sha3_portable_incremental" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_sha3_portable" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_sha3_portable" @@ -1795,15 +1858,7 @@ digraph { "core_clone" -> "fstar_pervasives" "core_clone" -> "prims" "core_clone" -> "prims" - "libcrux_ml_dsa_simd_portable_ntt" -> "fstar_pervasives_native" - "libcrux_ml_dsa_simd_portable_ntt" -> "core_slice" - "libcrux_ml_dsa_simd_portable_ntt" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_ntt" -> "libcrux_ml_dsa_simd_portable_arithmetic" - "libcrux_ml_dsa_simd_portable_ntt" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_ntt" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_ntt" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_ntt" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_ntt" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_simd_portable_ntt" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_ntt" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_ntt" -> "core" "libcrux_ml_dsa_simd_portable_ntt" -> "fstar_pervasives" @@ -1818,27 +1873,27 @@ digraph { "fstar_bv" -> "prims" "fstar_bv" -> "prims" "libcrux_ml_dsa_polynomial" -> "core_ops_range" - "libcrux_ml_dsa_polynomial" -> "core_array_iter" - "libcrux_ml_dsa_polynomial" -> "core_iter_traits_collect" - "libcrux_ml_dsa_polynomial" -> "core_iter_traits_collect" - "libcrux_ml_dsa_polynomial" -> "core_iter_traits_iterator" - "libcrux_ml_dsa_polynomial" -> "core_iter_traits_iterator" + "libcrux_ml_dsa_polynomial" -> "fstar_int32" + "libcrux_ml_dsa_polynomial" -> "fstar_int32" + "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_polynomial" -> "core_option" "libcrux_ml_dsa_polynomial" -> "core_option" "libcrux_ml_dsa_polynomial" -> "fstar_pervasives_native" "libcrux_ml_dsa_polynomial" -> "fstar_pervasives_native" + "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_folds" "libcrux_ml_dsa_polynomial" -> "core_slice_iter" "libcrux_ml_dsa_polynomial" -> "core_slice_iter" + "libcrux_ml_dsa_polynomial" -> "core_slice" "libcrux_ml_dsa_polynomial" -> "hax_lib" "libcrux_ml_dsa_polynomial" -> "hax_lib" - "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_polynomial" -> "core_slice" - "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_polynomial" -> "rust_primitives" - "libcrux_ml_dsa_polynomial" -> "rust_primitives" "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax" "libcrux_ml_dsa_polynomial" -> "rust_primitives_hax" + "libcrux_ml_dsa_polynomial" -> "core_array_iter" + "libcrux_ml_dsa_polynomial" -> "core_iter_traits_collect" + "libcrux_ml_dsa_polynomial" -> "core_iter_traits_collect" + "libcrux_ml_dsa_polynomial" -> "core_iter_traits_iterator" + "libcrux_ml_dsa_polynomial" -> "core_iter_traits_iterator" "libcrux_ml_dsa_polynomial" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_polynomial" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_polynomial" -> "libcrux_ml_dsa_simd_traits" @@ -1852,8 +1907,6 @@ digraph { "libcrux_ml_dsa_polynomial" -> "prims" "libcrux_ml_dsa_polynomial" -> "prims" "libcrux_ml_dsa_polynomial" -> "libcrux_ml_dsa_polynomial" - "libcrux_ml_dsa_types" -> "rust_primitives" - "libcrux_ml_dsa_types" -> "rust_primitives" "libcrux_ml_dsa_types" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_types" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_types" -> "fstar_tactics_typeclasses" @@ -1937,28 +1990,14 @@ digraph { "core_marker" -> "fstar_pervasives" "core_marker" -> "prims" "core_marker" -> "prims" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_ntt" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_encoding_t1" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_encoding_t0" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_encoding_error" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_encoding_commitment" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_encoding_gamma1" - "libcrux_ml_dsa_simd_portable" -> "fstar_pervasives_native" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_sample" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_arithmetic" - "libcrux_ml_dsa_simd_portable" -> "core_ops_range" - "libcrux_ml_dsa_simd_portable" -> "core_convert" - "libcrux_ml_dsa_simd_portable" -> "core_array" - "libcrux_ml_dsa_simd_portable" -> "core_result" - "libcrux_ml_dsa_simd_portable" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable" -> "rust_primitives" + "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable" -> "fstar_mul" "libcrux_ml_dsa_simd_portable" -> "core" "libcrux_ml_dsa_simd_portable" -> "fstar_pervasives" "libcrux_ml_dsa_simd_portable" -> "prims" "libcrux_ml_dsa_simd_portable" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_encoding_verification_key" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_verification_key" -> "fstar_uint8" "libcrux_ml_dsa_encoding_verification_key" -> "core_convert" "libcrux_ml_dsa_encoding_verification_key" -> "core_convert" "libcrux_ml_dsa_encoding_verification_key" -> "core_array" @@ -1967,17 +2006,15 @@ digraph { "libcrux_ml_dsa_encoding_verification_key" -> "core_result" "libcrux_ml_dsa_encoding_verification_key" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_verification_key" -> "fstar_pervasives_native" + "libcrux_ml_dsa_encoding_verification_key" -> "core_ops_range" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_encoding_t1" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_encoding_t1" + "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_verification_key" -> "core_slice" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_encoding_verification_key" -> "core_ops_range" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives" + "libcrux_ml_dsa_encoding_verification_key" -> "core_slice" "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_polynomial" @@ -2123,6 +2160,16 @@ digraph { "fstar_uint8" -> "prims" "fstar_uint8" -> "prims" "fstar_uint8" -> "fstar_uint8" + "libcrux_sha3_traits" -> "fstar_tactics_typeclasses" + "libcrux_sha3_traits" -> "fstar_tactics_typeclasses" + "libcrux_sha3_traits" -> "fstar_mul" + "libcrux_sha3_traits" -> "fstar_mul" + "libcrux_sha3_traits" -> "core" + "libcrux_sha3_traits" -> "core" + "libcrux_sha3_traits" -> "fstar_pervasives" + "libcrux_sha3_traits" -> "fstar_pervasives" + "libcrux_sha3_traits" -> "prims" + "libcrux_sha3_traits" -> "prims" "rust_primitives" -> "fstar_seq" "rust_primitives" -> "fstar_seq" "rust_primitives" -> "fstar_tactics_typeclasses" @@ -2147,8 +2194,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "core_result" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "core_result" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_portable" @@ -2198,17 +2243,6 @@ digraph { "fstar_reflection_v1" -> "fstar_pervasives" "fstar_reflection_v1" -> "prims" "fstar_reflection_v1" -> "prims" - "libcrux_sha3_neon_x2_incremental" -> "core_core_arch_arm_shared_neon" - "libcrux_sha3_neon_x2_incremental" -> "libcrux_sha3_generic_keccak" - "libcrux_sha3_neon_x2_incremental" -> "libcrux_sha3_generic_keccak" - "libcrux_sha3_neon_x2_incremental" -> "fstar_mul" - "libcrux_sha3_neon_x2_incremental" -> "fstar_mul" - "libcrux_sha3_neon_x2_incremental" -> "core" - "libcrux_sha3_neon_x2_incremental" -> "core" - "libcrux_sha3_neon_x2_incremental" -> "fstar_pervasives" - "libcrux_sha3_neon_x2_incremental" -> "fstar_pervasives" - "libcrux_sha3_neon_x2_incremental" -> "prims" - "libcrux_sha3_neon_x2_incremental" -> "prims" "fstar_tactics_v2_logic" -> "fstar_pervasives_native" "fstar_tactics_v2_logic" -> "fstar_pervasives_native" "fstar_tactics_v2_logic" -> "fstar_stubs_tactics_v2_builtins" @@ -2227,18 +2261,8 @@ digraph { "fstar_tactics_v2_logic" -> "fstar_pervasives" "fstar_tactics_v2_logic" -> "prims" "fstar_tactics_v2_logic" -> "prims" - "libcrux_sha3_avx2_x4" -> "fstar_mul" - "libcrux_sha3_avx2_x4" -> "fstar_mul" - "libcrux_sha3_avx2_x4" -> "core" - "libcrux_sha3_avx2_x4" -> "core" - "libcrux_sha3_avx2_x4" -> "fstar_pervasives" - "libcrux_sha3_avx2_x4" -> "fstar_pervasives" - "libcrux_sha3_avx2_x4" -> "prims" - "libcrux_sha3_avx2_x4" -> "prims" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_polynomial" - "libcrux_ml_dsa_samplex4" -> "rust_primitives" - "libcrux_ml_dsa_samplex4" -> "rust_primitives" "libcrux_ml_dsa_samplex4" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_samplex4" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_samplex4" -> "libcrux_ml_dsa_simd_traits" @@ -2349,8 +2373,8 @@ digraph { "libcrux_ml_dsa_ntt" -> "rust_primitives_hax" "libcrux_ml_dsa_ntt" -> "fstar_list_tot" "libcrux_ml_dsa_ntt" -> "fstar_list_tot" - "libcrux_ml_dsa_ntt" -> "rust_primitives" - "libcrux_ml_dsa_ntt" -> "rust_primitives" + "libcrux_ml_dsa_ntt" -> "fstar_int32" + "libcrux_ml_dsa_ntt" -> "fstar_int32" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ntt" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ntt" -> "fstar_mul" @@ -2415,32 +2439,20 @@ digraph { "libcrux_ml_dsa_hash_functions_neon" -> "libcrux_ml_dsa_hash_functions_neon" "libcrux_ml_dsa_ml_dsa_44_" -> "core_result" "libcrux_ml_dsa_ml_dsa_44_" -> "libcrux_ml_dsa_types" + "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_44_" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_ml_dsa_44_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44_" -> "core" "libcrux_ml_dsa_ml_dsa_44_" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_44_" -> "prims" "libcrux_ml_dsa_ml_dsa_87_" -> "core_result" "libcrux_ml_dsa_ml_dsa_87_" -> "libcrux_ml_dsa_types" + "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_87_" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_ml_dsa_87_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87_" -> "core" "libcrux_ml_dsa_ml_dsa_87_" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_87_" -> "prims" - "libcrux_sha3_generic_keccak" -> "fstar_tactics_typeclasses" - "libcrux_sha3_generic_keccak" -> "fstar_tactics_typeclasses" - "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" - "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" - "libcrux_sha3_generic_keccak" -> "fstar_mul" - "libcrux_sha3_generic_keccak" -> "fstar_mul" - "libcrux_sha3_generic_keccak" -> "core" - "libcrux_sha3_generic_keccak" -> "core" - "libcrux_sha3_generic_keccak" -> "fstar_pervasives" - "libcrux_sha3_generic_keccak" -> "fstar_pervasives" - "libcrux_sha3_generic_keccak" -> "prims" - "libcrux_sha3_generic_keccak" -> "prims" "fstar_tactics_unseal" -> "fstar_tactics_effect" "fstar_tactics_unseal" -> "fstar_tactics_effect" "fstar_tactics_unseal" -> "fstar_sealed" @@ -2455,8 +2467,6 @@ digraph { "libcrux_ml_dsa_pre_hash" -> "core_slice" "libcrux_ml_dsa_pre_hash" -> "core_option" "libcrux_ml_dsa_pre_hash" -> "core_option" - "libcrux_ml_dsa_pre_hash" -> "rust_primitives" - "libcrux_ml_dsa_pre_hash" -> "rust_primitives" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_pre_hash" -> "libcrux_ml_dsa_hash_functions_portable" @@ -2493,27 +2503,27 @@ digraph { "fstar_bv" -> "fstar_bv" "fstar_pervasives_native" -> "prims" "fstar_pervasives_native" -> "prims" + "libcrux_ml_dsa_encoding_gamma1" -> "core_ops_range" + "libcrux_ml_dsa_encoding_gamma1" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_gamma1" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_gamma1" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_gamma1" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_gamma1" -> "core_option" "libcrux_ml_dsa_encoding_gamma1" -> "core_option" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_pervasives_native" - "libcrux_ml_dsa_encoding_gamma1" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_gamma1" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_folds" + "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_gamma1" -> "core_panicking" "libcrux_ml_dsa_encoding_gamma1" -> "core_panicking" - "libcrux_ml_dsa_encoding_gamma1" -> "core_slice" - "libcrux_ml_dsa_encoding_gamma1" -> "core_ops_range" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives" - "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives" "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_gamma1" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_polynomial" - "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_gamma1" -> "core_slice" + "libcrux_ml_dsa_encoding_gamma1" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_gamma1" -> "core_slice_iter" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_gamma1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_simd_traits" @@ -2527,9 +2537,9 @@ digraph { "libcrux_ml_dsa_encoding_gamma1" -> "prims" "libcrux_ml_dsa_encoding_gamma1" -> "prims" "libcrux_ml_dsa_encoding_gamma1" -> "libcrux_ml_dsa_encoding_gamma1" + "libcrux_ml_dsa_ml_dsa_87__avx2" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" - "libcrux_ml_dsa_ml_dsa_87__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "core" "libcrux_ml_dsa_ml_dsa_87__avx2" -> "fstar_pervasives" @@ -2623,8 +2633,6 @@ digraph { "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_error" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_error" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives" "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_error" -> "fstar_mul" @@ -2673,6 +2681,10 @@ digraph { "core_result" -> "fstar_pervasives" "core_result" -> "prims" "core_result" -> "prims" + "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_int32" + "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_int32" + "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives_hax" + "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_portable_vector_type" -> "core_ops_range" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_tactics_typeclasses" @@ -2682,10 +2694,6 @@ digraph { "libcrux_ml_dsa_simd_portable_vector_type" -> "core_array" "libcrux_ml_dsa_simd_portable_vector_type" -> "core_result" "libcrux_ml_dsa_simd_portable_vector_type" -> "core_result" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_vector_type" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_vector_type" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_vector_type" -> "core" @@ -2697,8 +2705,8 @@ digraph { "libcrux_ml_dsa_simd_portable_vector_type" -> "libcrux_ml_dsa_simd_portable_vector_type" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "core" @@ -2745,6 +2753,15 @@ digraph { "libcrux_ml_dsa_utils" -> "fstar_pervasives" "libcrux_ml_dsa_utils" -> "prims" "libcrux_ml_dsa_utils" -> "prims" + "libcrux_sha3_traits" -> "fstar_mul" + "libcrux_sha3_traits" -> "fstar_mul" + "libcrux_sha3_traits" -> "core" + "libcrux_sha3_traits" -> "core" + "libcrux_sha3_traits" -> "fstar_pervasives" + "libcrux_sha3_traits" -> "fstar_pervasives" + "libcrux_sha3_traits" -> "prims" + "libcrux_sha3_traits" -> "prims" + "libcrux_sha3_traits" -> "libcrux_sha3_traits" "fstar_ghost" -> "fstar_pervasives" "fstar_ghost" -> "fstar_pervasives" "fstar_ghost" -> "prims" @@ -2826,46 +2843,34 @@ digraph { "fstar_all" -> "fstar_pervasives" "fstar_all" -> "prims" "fstar_all" -> "prims" - "spec_utils" -> "rust_primitives_integers" - "spec_utils" -> "rust_primitives_integers" - "spec_utils" -> "fstar_calc" - "spec_utils" -> "fstar_calc" - "spec_utils" -> "fstar_int32" - "spec_utils" -> "fstar_int32" - "spec_utils" -> "fstar_int16" - "spec_utils" -> "fstar_int16" - "spec_utils" -> "fstar_math_lemmas" - "spec_utils" -> "fstar_math_lemmas" - "spec_utils" -> "fstar_classical_sugar" - "spec_utils" -> "fstar_classical_sugar" - "spec_utils" -> "rust_primitives_hax_monomorphized_update_at" - "spec_utils" -> "rust_primitives_hax_monomorphized_update_at" - "spec_utils" -> "core_ops_range" - "spec_utils" -> "lib_inttypes" - "spec_utils" -> "lib_inttypes" - "spec_utils" -> "lib_rawinttypes" - "spec_utils" -> "lib_rawinttypes" - "spec_utils" -> "spec_sha3" - "spec_utils" -> "spec_sha3" - "spec_utils" -> "fstar_list_tot" - "spec_utils" -> "fstar_list_tot" - "spec_utils" -> "rust_primitives_hax" - "spec_utils" -> "rust_primitives_hax" - "spec_utils" -> "lib_loopcombinators" - "spec_utils" -> "lib_loopcombinators" - "spec_utils" -> "fstar_seq" - "spec_utils" -> "fstar_seq" - "spec_utils" -> "core" - "spec_utils" -> "core" - "spec_utils" -> "fstar_mul" - "spec_utils" -> "fstar_mul" - "spec_utils" -> "fstar_pervasives" - "spec_utils" -> "fstar_pervasives" - "spec_utils" -> "prims" - "spec_utils" -> "prims" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "hax_lib" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_slice" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "rust_primitives_hax_folds" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_uint8" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_array_iter" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_iter_traits_collect" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_iter_traits_iterator" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_pervasives_native" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_fmt_rt" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_list_tot" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_fmt" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_panicking" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "rust_primitives_hax" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_uint64" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_int32" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core_ops_arith_neg" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_traits" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_portable_vector_type" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_mul" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "core" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "fstar_pervasives" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "prims" + "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_ml_dsa_65__portable" -> "core_result" "libcrux_ml_dsa_ml_dsa_65__portable" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_65__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__portable" -> "core" "libcrux_ml_dsa_ml_dsa_65__portable" -> "fstar_pervasives" @@ -2874,8 +2879,6 @@ digraph { "libcrux_ml_dsa_encoding_commitment" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_commitment" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_commitment" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives" - "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives" "libcrux_ml_dsa_encoding_commitment" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_commitment" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_commitment" -> "fstar_mul" @@ -2901,6 +2904,16 @@ digraph { "core_convert" -> "fstar_pervasives" "core_convert" -> "prims" "core_convert" -> "prims" + "libcrux_sha3_portable_incremental" -> "libcrux_sha3_portable" + "libcrux_sha3_portable_incremental" -> "libcrux_sha3_portable" + "libcrux_sha3_portable_incremental" -> "fstar_mul" + "libcrux_sha3_portable_incremental" -> "fstar_mul" + "libcrux_sha3_portable_incremental" -> "core" + "libcrux_sha3_portable_incremental" -> "core" + "libcrux_sha3_portable_incremental" -> "fstar_pervasives" + "libcrux_sha3_portable_incremental" -> "fstar_pervasives" + "libcrux_sha3_portable_incremental" -> "prims" + "libcrux_sha3_portable_incremental" -> "prims" "fstar_seq_properties" -> "fstar_list_tot_properties" "fstar_seq_properties" -> "fstar_list_tot_properties" "fstar_seq_properties" -> "fstar_list_tot_base" @@ -2917,6 +2930,10 @@ digraph { "fstar_seq_properties" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "core_panicking" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int16" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int16" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int8" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "core_convert" @@ -2928,10 +2945,12 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "fstar_mul" @@ -2943,9 +2962,9 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_commitment" -> "libcrux_ml_dsa_simd_avx2_encoding_commitment" + "libcrux_ml_dsa_ml_dsa_87__portable" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_87__portable" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_87__portable" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" - "libcrux_ml_dsa_ml_dsa_87__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__portable" -> "core" "libcrux_ml_dsa_ml_dsa_87__portable" -> "fstar_pervasives" @@ -2964,8 +2983,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_ml_dsa_generic" -> "core_option" "libcrux_ml_dsa_ml_dsa_generic" -> "core_option" - "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_sha3_portable_incremental" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_simd_traits" @@ -3021,18 +3038,6 @@ digraph { "fstar_stubs_tactics_v1_builtins" -> "fstar_pervasives" "fstar_stubs_tactics_v1_builtins" -> "prims" "fstar_stubs_tactics_v1_builtins" -> "prims" - "bitvec_equality" -> "fstar_functionalextensionality" - "bitvec_equality" -> "fstar_functionalextensionality" - "bitvec_equality" -> "fstar_mul" - "bitvec_equality" -> "fstar_mul" - "bitvec_equality" -> "rust_primitives" - "bitvec_equality" -> "rust_primitives" - "bitvec_equality" -> "core" - "bitvec_equality" -> "core" - "bitvec_equality" -> "fstar_pervasives" - "bitvec_equality" -> "fstar_pervasives" - "bitvec_equality" -> "prims" - "bitvec_equality" -> "prims" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_convert" @@ -3043,15 +3048,21 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_result" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int64" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int64" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_panicking" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives_hax" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "fstar_int8" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "libcrux_intrinsics_avx2_extract" - "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "core_slice" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "hax_lib" "libcrux_ml_dsa_simd_avx2_encoding_gamma1" -> "hax_lib" @@ -3068,8 +3079,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_44__avx2" -> "core_result" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_44__avx2" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_44__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "core" @@ -3080,7 +3089,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_44__avx2" -> "prims" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_portable_vector_type" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_ml_dsa_generic" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_simd_portable" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_pre_hash" @@ -3093,12 +3101,50 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "prims" "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" + "bitvec_intrinsics" -> "fstar_string" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_stubs_tactics_v2_builtins" + "bitvec_intrinsics" -> "fstar_int8" + "bitvec_intrinsics" -> "fstar_int8" + "bitvec_intrinsics" -> "fstar_uint8" + "bitvec_intrinsics" -> "fstar_uint8" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_seq" + "bitvec_intrinsics" -> "fstar_seq" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "prims" + "bitvec_intrinsics" -> "prims" "core_ops_arith_neg" -> "rust_primitives" "core_ops_arith_neg" -> "rust_primitives" "core_ops_arith_neg" -> "fstar_pervasives" "core_ops_arith_neg" -> "fstar_pervasives" "core_ops_arith_neg" -> "prims" "core_ops_arith_neg" -> "prims" + "libcrux_ml_dsa_arithmetic" -> "fstar_int32" + "libcrux_ml_dsa_arithmetic" -> "fstar_int32" "libcrux_ml_dsa_arithmetic" -> "core_slice_iter" "libcrux_ml_dsa_arithmetic" -> "core_slice_iter" "libcrux_ml_dsa_arithmetic" -> "core_iter_traits_collect" @@ -3110,8 +3156,6 @@ digraph { "libcrux_ml_dsa_arithmetic" -> "core_slice" "libcrux_ml_dsa_arithmetic" -> "fstar_pervasives_native" "libcrux_ml_dsa_arithmetic" -> "fstar_pervasives_native" - "libcrux_ml_dsa_arithmetic" -> "rust_primitives" - "libcrux_ml_dsa_arithmetic" -> "rust_primitives" "libcrux_ml_dsa_arithmetic" -> "rust_primitives_hax_folds" "libcrux_ml_dsa_arithmetic" -> "rust_primitives_hax" "libcrux_ml_dsa_arithmetic" -> "rust_primitives_hax" @@ -3134,11 +3178,13 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_pervasives_native" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives_hax_folds" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "core" @@ -3221,7 +3267,6 @@ digraph { "fstar_tactics_v1_derived" -> "prims" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_simd_portable_vector_type" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_ml_dsa_generic" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_simd_portable" "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" -> "libcrux_ml_dsa_pre_hash" @@ -3246,46 +3291,14 @@ digraph { "libcrux_ml_dsa_hash_functions_shake128" -> "prims" "libcrux_ml_dsa_hash_functions_shake128" -> "prims" "libcrux_ml_dsa_hash_functions_shake128" -> "libcrux_ml_dsa_hash_functions_shake128" + "libcrux_ml_dsa_ml_dsa_87__neon" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_87__neon" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_87__neon" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_neon" - "libcrux_ml_dsa_ml_dsa_87__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__neon" -> "core" "libcrux_ml_dsa_ml_dsa_87__neon" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_87__neon" -> "prims" "libcrux_ml_dsa_ml_dsa_87__neon" -> "libcrux_ml_dsa_ml_dsa_87__neon" - "tactics_utils" -> "fstar_tactics_effect" - "tactics_utils" -> "fstar_tactics_effect" - "tactics_utils" -> "fstar_char" - "tactics_utils" -> "fstar_string" - "tactics_utils" -> "fstar_reflection_v2" - "tactics_utils" -> "fstar_reflection_v2" - "tactics_utils" -> "fstar_tactics_util" - "tactics_utils" -> "fstar_tactics_util" - "tactics_utils" -> "fstar_tactics_v1" - "tactics_utils" -> "fstar_tactics_v1" - "tactics_utils" -> "fstar_tactics" - "tactics_utils" -> "fstar_tactics" - "tactics_utils" -> "fstar_pervasives_native" - "tactics_utils" -> "fstar_pervasives_native" - "tactics_utils" -> "fstar_mul" - "tactics_utils" -> "fstar_mul" - "tactics_utils" -> "fstar_class_printable" - "tactics_utils" -> "fstar_class_printable" - "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" - "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" - "tactics_utils" -> "fstar_tactics_v2" - "tactics_utils" -> "fstar_tactics_v2" - "tactics_utils" -> "fstar_list_tot" - "tactics_utils" -> "fstar_list_tot" - "tactics_utils" -> "fstar_option" - "tactics_utils" -> "fstar_option" - "tactics_utils" -> "core" - "tactics_utils" -> "core" - "tactics_utils" -> "fstar_pervasives" - "tactics_utils" -> "fstar_pervasives" - "tactics_utils" -> "prims" - "tactics_utils" -> "prims" "fstar_tactics_typeclasses" -> "fstar_stubs_pprint" "fstar_tactics_typeclasses" -> "fstar_list_tot" "fstar_tactics_typeclasses" -> "fstar_list_tot" @@ -3321,8 +3334,8 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_list_tot" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_list_tot" - "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "rust_primitives" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "fstar_mul" "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" -> "core" @@ -3394,15 +3407,15 @@ digraph { "fstar_int128" -> "fstar_int128" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_ml_dsa_hash_functions_shake256" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_ml_dsa_hash_functions_shake256" + "libcrux_ml_dsa_hash_functions_portable" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_hash_functions_portable" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_hash_functions_portable" -> "fstar_uint8" + "libcrux_ml_dsa_hash_functions_portable" -> "fstar_uint8" "libcrux_ml_dsa_hash_functions_portable" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_portable" -> "rust_primitives_hax" "libcrux_ml_dsa_hash_functions_portable" -> "fstar_pervasives_native" "libcrux_ml_dsa_hash_functions_portable" -> "fstar_pervasives_native" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_sha3_portable_incremental" - "libcrux_ml_dsa_hash_functions_portable" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_portable" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_portable" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_hash_functions_portable" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_hash_functions_portable" -> "libcrux_sha3_portable" @@ -3441,8 +3454,6 @@ digraph { "libcrux_ml_dsa_simd_avx2" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2" -> "core_convert" "libcrux_ml_dsa_simd_avx2" -> "core_convert" - "libcrux_ml_dsa_simd_avx2" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_simd_avx2" -> "libcrux_ml_dsa_simd_traits" @@ -3457,6 +3468,8 @@ digraph { "libcrux_ml_dsa_simd_avx2" -> "fstar_pervasives" "libcrux_ml_dsa_simd_avx2" -> "prims" "libcrux_ml_dsa_simd_avx2" -> "prims" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int8" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "hax_lib" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "hax_lib" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "core_slice" @@ -3473,10 +3486,12 @@ digraph { "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_encoding_t1" -> "fstar_mul" @@ -3516,8 +3531,6 @@ digraph { "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_t0" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t0" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives" - "libcrux_ml_dsa_encoding_t0" -> "rust_primitives" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_t0" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_t0" -> "fstar_mul" @@ -3542,8 +3555,6 @@ digraph { "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_sample" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_sample" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_sample" -> "rust_primitives" - "libcrux_ml_dsa_sample" -> "rust_primitives" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_hash_functions_shake256" @@ -3566,6 +3577,22 @@ digraph { "fstar_vconfig" -> "fstar_pervasives" "fstar_vconfig" -> "prims" "fstar_vconfig" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "core_slice" + "libcrux_intrinsics_avx2_extract" -> "bitvec_intrinsics" + "libcrux_intrinsics_avx2_extract" -> "fstar_int32" + "libcrux_intrinsics_avx2_extract" -> "fstar_int32" + "libcrux_intrinsics_avx2_extract" -> "spec_utils" + "libcrux_intrinsics_avx2_extract" -> "spec_utils" + "libcrux_intrinsics_avx2_extract" -> "fstar_seq" + "libcrux_intrinsics_avx2_extract" -> "fstar_seq" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "prims" "fstar_seq_properties" -> "fstar_list_tot_properties" "fstar_seq_properties" -> "fstar_list_tot_properties" "fstar_seq_properties" -> "fstar_list_tot_base" @@ -3606,9 +3633,9 @@ digraph { "core_ops_index" -> "fstar_pervasives" "core_ops_index" -> "prims" "core_ops_index" -> "prims" + "libcrux_ml_dsa_ml_dsa_44__portable" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_44__portable" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__portable" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" - "libcrux_ml_dsa_ml_dsa_44__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__portable" -> "core" "libcrux_ml_dsa_ml_dsa_44__portable" -> "fstar_pervasives" @@ -3618,10 +3645,23 @@ digraph { "fstar_float" -> "fstar_pervasives" "fstar_float" -> "prims" "fstar_float" -> "prims" - "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_mul" - "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "core" - "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "bitvec_equality" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "libcrux_ml_dsa_simd_portable_vector_type" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_mul" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "core" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_pervasives" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "prims" "rust_primitives_hax_monomorphized_update_at" -> "core_ops_range" "rust_primitives_hax_monomorphized_update_at" -> "rust_primitives_hax" @@ -3668,6 +3708,19 @@ digraph { "fstar_tactics_v2" -> "fstar_pervasives" "fstar_tactics_v2" -> "prims" "fstar_tactics_v2" -> "prims" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "prims" + "fstar_int32" -> "prims" + "fstar_int32" -> "fstar_int32" "fstar_reflection_v2_derived" -> "fstar_list_tot_base" "fstar_reflection_v2_derived" -> "fstar_list_tot_base" "fstar_reflection_v2_derived" -> "fstar_pervasives_native" @@ -3688,34 +3741,10 @@ digraph { "fstar_reflection_v2_derived" -> "fstar_pervasives" "fstar_reflection_v2_derived" -> "prims" "fstar_reflection_v2_derived" -> "prims" - "fstar_int32" -> "fstar_uint32" - "fstar_int32" -> "fstar_uint32" - "fstar_int32" -> "fstar_math_lemmas" - "fstar_int32" -> "fstar_math_lemmas" - "fstar_int32" -> "fstar_mul" - "fstar_int32" -> "fstar_mul" - "fstar_int32" -> "fstar_int" - "fstar_int32" -> "fstar_int" - "fstar_int32" -> "fstar_pervasives" - "fstar_int32" -> "fstar_pervasives" - "fstar_int32" -> "prims" - "fstar_int32" -> "prims" - "fstar_int32" -> "fstar_int32" - "libcrux_sha3_traits" -> "fstar_mul" - "libcrux_sha3_traits" -> "fstar_mul" - "libcrux_sha3_traits" -> "core" - "libcrux_sha3_traits" -> "core" - "libcrux_sha3_traits" -> "fstar_pervasives" - "libcrux_sha3_traits" -> "fstar_pervasives" - "libcrux_sha3_traits" -> "prims" - "libcrux_sha3_traits" -> "prims" - "libcrux_sha3_traits" -> "libcrux_sha3_traits" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_t1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t1" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_encoding_t1" -> "fstar_mul" @@ -3782,7 +3811,6 @@ digraph { "fstar_int_cast" -> "prims" "libcrux_ml_dsa_ml_dsa_44__neon" -> "core_result" "libcrux_ml_dsa_ml_dsa_44__neon" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_44__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__neon" -> "core" "libcrux_ml_dsa_ml_dsa_44__neon" -> "fstar_pervasives" @@ -3818,8 +3846,8 @@ digraph { "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives" - "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives" + "libcrux_ml_dsa_encoding_commitment" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_commitment" -> "fstar_uint8" "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_commitment" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_commitment" -> "libcrux_ml_dsa_polynomial" @@ -3837,24 +3865,6 @@ digraph { "libcrux_ml_dsa_encoding_commitment" -> "prims" "libcrux_ml_dsa_encoding_commitment" -> "prims" "libcrux_ml_dsa_encoding_commitment" -> "libcrux_ml_dsa_encoding_commitment" - "libcrux_intrinsics_avx2_extract" -> "core_slice" - "libcrux_intrinsics_avx2_extract" -> "rust_primitives" - "libcrux_intrinsics_avx2_extract" -> "rust_primitives" - "libcrux_intrinsics_avx2_extract" -> "bitvec_intrinsics" - "libcrux_intrinsics_avx2_extract" -> "fstar_int32" - "libcrux_intrinsics_avx2_extract" -> "fstar_int32" - "libcrux_intrinsics_avx2_extract" -> "spec_utils" - "libcrux_intrinsics_avx2_extract" -> "spec_utils" - "libcrux_intrinsics_avx2_extract" -> "fstar_seq" - "libcrux_intrinsics_avx2_extract" -> "fstar_seq" - "libcrux_intrinsics_avx2_extract" -> "fstar_mul" - "libcrux_intrinsics_avx2_extract" -> "fstar_mul" - "libcrux_intrinsics_avx2_extract" -> "core" - "libcrux_intrinsics_avx2_extract" -> "core" - "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" - "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" - "libcrux_intrinsics_avx2_extract" -> "prims" - "libcrux_intrinsics_avx2_extract" -> "prims" "fstar_reflection_v2" -> "fstar_reflection_v2_collect" "fstar_reflection_v2" -> "fstar_reflection_v2_collect" "fstar_reflection_v2" -> "fstar_reflection_v2_compare" @@ -3877,6 +3887,8 @@ digraph { "libcrux_ml_dsa_hash_functions_neon" -> "libcrux_ml_dsa_hash_functions_shake256" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_tactics_typeclasses" + "libcrux_ml_dsa_hash_functions_neon" -> "fstar_uint8" + "libcrux_ml_dsa_hash_functions_neon" -> "fstar_uint8" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_pervasives_native" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_pervasives_native" "libcrux_ml_dsa_hash_functions_neon" -> "rust_primitives_hax_monomorphized_update_at" @@ -3887,8 +3899,6 @@ digraph { "libcrux_ml_dsa_hash_functions_neon" -> "fstar_list_tot" "libcrux_ml_dsa_hash_functions_neon" -> "libcrux_ml_dsa_hash_functions_shake128" "libcrux_ml_dsa_hash_functions_neon" -> "libcrux_ml_dsa_hash_functions_shake128" - "libcrux_ml_dsa_hash_functions_neon" -> "rust_primitives" - "libcrux_ml_dsa_hash_functions_neon" -> "rust_primitives" "libcrux_ml_dsa_hash_functions_neon" -> "libcrux_sha3_neon_x2_incremental" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_mul" "libcrux_ml_dsa_hash_functions_neon" -> "fstar_mul" @@ -3906,6 +3916,15 @@ digraph { "lib_rawinttypes" -> "prims" "lib_rawinttypes" -> "prims" "lib_rawinttypes" -> "lib_rawinttypes" + "libcrux_sha3_avx2_x4_incremental" -> "libcrux_sha3_neon_x2_incremental" + "libcrux_sha3_avx2_x4_incremental" -> "fstar_mul" + "libcrux_sha3_avx2_x4_incremental" -> "fstar_mul" + "libcrux_sha3_avx2_x4_incremental" -> "core" + "libcrux_sha3_avx2_x4_incremental" -> "core" + "libcrux_sha3_avx2_x4_incremental" -> "fstar_pervasives" + "libcrux_sha3_avx2_x4_incremental" -> "fstar_pervasives" + "libcrux_sha3_avx2_x4_incremental" -> "prims" + "libcrux_sha3_avx2_x4_incremental" -> "prims" "fstar_tactics_namedview" -> "fstar_range" "fstar_tactics_namedview" -> "fstar_reflection_v2" "fstar_tactics_namedview" -> "fstar_reflection_v2" @@ -3949,18 +3968,19 @@ digraph { "libcrux_ml_dsa_matrix" -> "fstar_pervasives" "libcrux_ml_dsa_matrix" -> "prims" "libcrux_ml_dsa_matrix" -> "prims" + "libcrux_ml_dsa_ml_dsa_65__portable" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_65__portable" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_65__portable" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_portable" - "libcrux_ml_dsa_ml_dsa_65__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__portable" -> "core" "libcrux_ml_dsa_ml_dsa_65__portable" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_65__portable" -> "prims" "libcrux_ml_dsa_ml_dsa_65__portable" -> "libcrux_ml_dsa_ml_dsa_65__portable" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "core_panicking" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_int32" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "rust_primitives" + "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_uint8" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "libcrux_ml_dsa_simd_portable_vector_type" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_mul" @@ -3968,8 +3988,6 @@ digraph { "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "fstar_pervasives" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "prims" "libcrux_ml_dsa_simd_portable_encoding_commitment" -> "libcrux_ml_dsa_simd_portable_encoding_commitment" - "libcrux_ml_dsa_arithmetic" -> "rust_primitives" - "libcrux_ml_dsa_arithmetic" -> "rust_primitives" "libcrux_ml_dsa_arithmetic" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_arithmetic" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_arithmetic" -> "fstar_tactics_typeclasses" @@ -3984,9 +4002,9 @@ digraph { "libcrux_ml_dsa_arithmetic" -> "fstar_pervasives" "libcrux_ml_dsa_arithmetic" -> "prims" "libcrux_ml_dsa_arithmetic" -> "prims" + "libcrux_ml_dsa_ml_dsa_65__avx2" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" - "libcrux_ml_dsa_ml_dsa_65__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "core" "libcrux_ml_dsa_ml_dsa_65__avx2" -> "fstar_pervasives" @@ -4036,42 +4054,6 @@ digraph { "libcrux_ml_dsa_constants" -> "prims" "libcrux_ml_dsa_constants" -> "prims" "libcrux_ml_dsa_constants" -> "libcrux_ml_dsa_constants" - "bitvec_intrinsics" -> "fstar_string" - "bitvec_intrinsics" -> "fstar_tactics_v2_derived" - "bitvec_intrinsics" -> "fstar_tactics_v2_derived" - "bitvec_intrinsics" -> "fstar_stubs_tactics_v2_builtins" - "bitvec_intrinsics" -> "fstar_int8" - "bitvec_intrinsics" -> "fstar_int8" - "bitvec_intrinsics" -> "fstar_uint8" - "bitvec_intrinsics" -> "fstar_uint8" - "bitvec_intrinsics" -> "fstar_list_tot" - "bitvec_intrinsics" -> "fstar_list_tot" - "bitvec_intrinsics" -> "fstar_tactics_v2" - "bitvec_intrinsics" -> "fstar_tactics_v2" - "bitvec_intrinsics" -> "fstar_int16" - "bitvec_intrinsics" -> "fstar_int16" - "bitvec_intrinsics" -> "fstar_tactics" - "bitvec_intrinsics" -> "fstar_tactics" - "bitvec_intrinsics" -> "fstar_seq" - "bitvec_intrinsics" -> "fstar_seq" - "bitvec_intrinsics" -> "fstar_int32" - "bitvec_intrinsics" -> "fstar_int32" - "bitvec_intrinsics" -> "tactics_utils" - "bitvec_intrinsics" -> "tactics_utils" - "bitvec_intrinsics" -> "bitvec_equality" - "bitvec_intrinsics" -> "bitvec_equality" - "bitvec_intrinsics" -> "bitvec_utils" - "bitvec_intrinsics" -> "bitvec_utils" - "bitvec_intrinsics" -> "fstar_mul" - "bitvec_intrinsics" -> "fstar_mul" - "bitvec_intrinsics" -> "rust_primitives" - "bitvec_intrinsics" -> "rust_primitives" - "bitvec_intrinsics" -> "core" - "bitvec_intrinsics" -> "core" - "bitvec_intrinsics" -> "fstar_pervasives" - "bitvec_intrinsics" -> "fstar_pervasives" - "bitvec_intrinsics" -> "prims" - "bitvec_intrinsics" -> "prims" "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" @@ -4125,6 +4107,8 @@ digraph { "fstar_int64" -> "prims" "fstar_int64" -> "prims" "fstar_int64" -> "fstar_int64" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_verification_key" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_verification_key" "libcrux_ml_dsa_ml_dsa_generic" -> "core_convert" "libcrux_ml_dsa_ml_dsa_generic" -> "core_convert" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_signature" @@ -4133,30 +4117,36 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_generic" -> "core_result" "libcrux_ml_dsa_ml_dsa_generic" -> "core_result" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_int32" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_commitment" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_commitment" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_sample" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_sample" - "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_pervasives_native" - "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_pervasives_native" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_signing_key" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_signing_key" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_verification_key" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_verification_key" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_arithmetic" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_arithmetic" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_matrix" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_matrix" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_sample" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_sample" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_pervasives_native" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_pervasives_native" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_constants" + "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" + "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_uint16" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_uint16" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_uint8" + "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_uint8" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_utils" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_utils" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_samplex4" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_samplex4" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_signing_key" + "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_encoding_signing_key" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_polynomial" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_constants" "libcrux_ml_dsa_ml_dsa_generic" -> "core_slice" "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives_hax" "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives_hax" @@ -4166,8 +4156,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_ml_dsa_generic" -> "core_option" "libcrux_ml_dsa_ml_dsa_generic" -> "core_option" - "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_generic" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_sha3_portable_incremental" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_simd_traits" @@ -4188,7 +4176,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic" -> "libcrux_ml_dsa_ml_dsa_generic" "libcrux_ml_dsa_ml_dsa_87__neon" -> "core_result" "libcrux_ml_dsa_ml_dsa_87__neon" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_87__neon" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_87__neon" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_87__neon" -> "core" "libcrux_ml_dsa_ml_dsa_87__neon" -> "fstar_pervasives" @@ -4209,8 +4196,6 @@ digraph { "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_avx2_vector_type" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_ml_dsa_generic" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_ml_dsa_generic" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" -> "libcrux_ml_dsa_simd_avx2" @@ -4242,25 +4227,25 @@ digraph { "fstar_predicateextensionality" -> "fstar_pervasives" "fstar_predicateextensionality" -> "prims" "fstar_predicateextensionality" -> "prims" + "libcrux_ml_dsa_encoding_t1" -> "core_ops_range" + "libcrux_ml_dsa_encoding_t1" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_t1" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax" + "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax" + "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_t1" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_t1" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_t1" -> "core_option" "libcrux_ml_dsa_encoding_t1" -> "core_option" "libcrux_ml_dsa_encoding_t1" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_t1" -> "fstar_pervasives_native" - "libcrux_ml_dsa_encoding_t1" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_t1" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_t1" -> "core_slice" - "libcrux_ml_dsa_encoding_t1" -> "core_ops_range" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives" - "libcrux_ml_dsa_encoding_t1" -> "rust_primitives" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_t1" -> "core_slice" + "libcrux_ml_dsa_encoding_t1" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_t1" -> "core_slice_iter" "libcrux_ml_dsa_encoding_t1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t1" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_t1" -> "libcrux_ml_dsa_simd_traits" @@ -4279,17 +4264,21 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_ml_dsa_simd_avx2_rejection_sample_shuffle_table" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_ml_dsa_simd_traits" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int8" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int32" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_int32" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_intrinsics_avx2_extract" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "core_ops_range" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_uint8" + "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_uint8" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives_hax" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "hax_lib" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "hax_lib" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives" - "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "rust_primitives" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "core_slice" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_pervasives_native" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "fstar_pervasives_native" @@ -4302,9 +4291,21 @@ digraph { "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "prims" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "prims" "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" -> "libcrux_ml_dsa_simd_avx2_rejection_sample_less_than_field_modulus" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_65_" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_65_" -> "libcrux_ml_dsa_ml_dsa_generic_multiplexing" - "libcrux_ml_dsa_ml_dsa_65_" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_65_" -> "core" "libcrux_ml_dsa_ml_dsa_65_" -> "fstar_pervasives" @@ -4327,8 +4328,12 @@ digraph { "libcrux_ml_dsa_sample" -> "hax_lib" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_encoding_gamma1" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_encoding_gamma1" + "libcrux_ml_dsa_sample" -> "fstar_uint8" + "libcrux_ml_dsa_sample" -> "fstar_uint8" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_sample" -> "rust_primitives" + "libcrux_ml_dsa_sample" -> "rust_primitives" "libcrux_ml_dsa_sample" -> "core_convert" "libcrux_ml_dsa_sample" -> "core_convert" "libcrux_ml_dsa_sample" -> "core_array" @@ -4336,6 +4341,8 @@ digraph { "libcrux_ml_dsa_sample" -> "core_result" "libcrux_ml_dsa_sample" -> "core_result" "libcrux_ml_dsa_sample" -> "core_num" + "libcrux_ml_dsa_sample" -> "fstar_uint64" + "libcrux_ml_dsa_sample" -> "fstar_uint64" "libcrux_ml_dsa_sample" -> "core_panicking" "libcrux_ml_dsa_sample" -> "core_panicking" "libcrux_ml_dsa_sample" -> "rust_primitives_hax" @@ -4354,10 +4361,12 @@ digraph { "libcrux_ml_dsa_sample" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_sample" -> "fstar_pervasives_native" "libcrux_ml_dsa_sample" -> "fstar_pervasives_native" + "libcrux_ml_dsa_sample" -> "fstar_uint16" + "libcrux_ml_dsa_sample" -> "fstar_uint16" + "libcrux_ml_dsa_sample" -> "fstar_int32" + "libcrux_ml_dsa_sample" -> "fstar_int32" "libcrux_ml_dsa_sample" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_sample" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_sample" -> "rust_primitives" - "libcrux_ml_dsa_sample" -> "rust_primitives" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_simd_traits" "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_hash_functions_shake256" @@ -4375,33 +4384,11 @@ digraph { "libcrux_ml_dsa_sample" -> "libcrux_ml_dsa_sample" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "core_result" - "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "core" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "fstar_pervasives" "libcrux_ml_dsa_ml_dsa_generic_multiplexing" -> "prims" - "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" - "libcrux_sha3_generic_keccak" -> "libcrux_sha3_traits" - "libcrux_sha3_generic_keccak" -> "fstar_mul" - "libcrux_sha3_generic_keccak" -> "fstar_mul" - "libcrux_sha3_generic_keccak" -> "core" - "libcrux_sha3_generic_keccak" -> "core" - "libcrux_sha3_generic_keccak" -> "fstar_pervasives" - "libcrux_sha3_generic_keccak" -> "fstar_pervasives" - "libcrux_sha3_generic_keccak" -> "prims" - "libcrux_sha3_generic_keccak" -> "prims" - "libcrux_sha3_generic_keccak" -> "libcrux_sha3_generic_keccak" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "core_slice" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "hax_lib" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "core_panicking" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_encoding_error" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_simd_portable_encoding_error" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_encoding_error" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_encoding_error" -> "core" "libcrux_ml_dsa_simd_portable_encoding_error" -> "fstar_pervasives" @@ -4450,17 +4437,7 @@ digraph { "lib_sequence" -> "prims" "lib_sequence" -> "prims" "lib_sequence" -> "lib_sequence" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "core_slice" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "hax_lib" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_encoding_t1" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_simd_portable_encoding_t1" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_encoding_t1" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_encoding_t1" -> "core" "libcrux_ml_dsa_simd_portable_encoding_t1" -> "fstar_pervasives" @@ -4518,34 +4495,12 @@ digraph { "fstar_uint128" -> "fstar_pervasives" "fstar_uint128" -> "prims" "fstar_uint128" -> "prims" - "bitvec_utils" -> "fstar_list_tot" - "bitvec_utils" -> "fstar_list_tot" - "bitvec_utils" -> "rust_primitives_bitvectors" - "bitvec_utils" -> "rust_primitives_bitvectors" - "bitvec_utils" -> "bitvec_equality" - "bitvec_utils" -> "bitvec_equality" - "bitvec_utils" -> "fstar_functionalextensionality" - "bitvec_utils" -> "fstar_functionalextensionality" - "bitvec_utils" -> "core" - "bitvec_utils" -> "core" - "bitvec_utils" -> "fstar_pervasives" - "bitvec_utils" -> "fstar_pervasives" - "bitvec_utils" -> "prims" - "bitvec_utils" -> "prims" "fstar_tset" -> "fstar_set" "fstar_tset" -> "fstar_set" "fstar_tset" -> "fstar_pervasives" "fstar_tset" -> "fstar_pervasives" "fstar_tset" -> "prims" "fstar_tset" -> "prims" - "libcrux_sha3_neon_x2" -> "fstar_mul" - "libcrux_sha3_neon_x2" -> "fstar_mul" - "libcrux_sha3_neon_x2" -> "core" - "libcrux_sha3_neon_x2" -> "core" - "libcrux_sha3_neon_x2" -> "fstar_pervasives" - "libcrux_sha3_neon_x2" -> "fstar_pervasives" - "libcrux_sha3_neon_x2" -> "prims" - "libcrux_sha3_neon_x2" -> "prims" "fstar_list_tot" -> "fstar_list_tot_properties" "fstar_list_tot" -> "fstar_list_tot_properties" "fstar_list_tot" -> "fstar_list_tot_base" @@ -4572,17 +4527,7 @@ digraph { "fstar_reflection_v2_compare" -> "prims" "fstar_reflection_v2_compare" -> "prims" "fstar_reflection_v2_compare" -> "fstar_reflection_v2_compare" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "core_slice" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "hax_lib" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "core_panicking" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "libcrux_ml_dsa_simd_portable" + "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "core" "libcrux_ml_dsa_simd_portable_encoding_gamma1" -> "fstar_pervasives" @@ -4642,6 +4587,17 @@ digraph { "fstar_tset" -> "prims" "fstar_tset" -> "prims" "fstar_tset" -> "fstar_tset" + "libcrux_sha3_neon_x2_incremental" -> "core_core_arch_arm_shared_neon" + "libcrux_sha3_neon_x2_incremental" -> "libcrux_sha3_generic_keccak" + "libcrux_sha3_neon_x2_incremental" -> "libcrux_sha3_generic_keccak" + "libcrux_sha3_neon_x2_incremental" -> "fstar_mul" + "libcrux_sha3_neon_x2_incremental" -> "fstar_mul" + "libcrux_sha3_neon_x2_incremental" -> "core" + "libcrux_sha3_neon_x2_incremental" -> "core" + "libcrux_sha3_neon_x2_incremental" -> "fstar_pervasives" + "libcrux_sha3_neon_x2_incremental" -> "fstar_pervasives" + "libcrux_sha3_neon_x2_incremental" -> "prims" + "libcrux_sha3_neon_x2_incremental" -> "prims" "fstar_tactics_visit" -> "fstar_pervasives_native" "fstar_tactics_visit" -> "fstar_pervasives_native" "fstar_tactics_visit" -> "fstar_tactics_util" @@ -4691,33 +4647,33 @@ digraph { "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives" "fstar_reflection_v2_derived_lemmas" -> "prims" "fstar_reflection_v2_derived_lemmas" -> "prims" + "libcrux_ml_dsa_encoding_error" -> "core_ops_range" + "libcrux_ml_dsa_encoding_error" -> "fstar_uint8" + "libcrux_ml_dsa_encoding_error" -> "fstar_uint8" "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_ntt" "libcrux_ml_dsa_encoding_error" -> "core_iter_adapters_enumerate" "libcrux_ml_dsa_encoding_error" -> "core_iter_adapters_enumerate" "libcrux_ml_dsa_encoding_error" -> "core_iter_traits_collect" "libcrux_ml_dsa_encoding_error" -> "core_iter_traits_collect" + "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" + "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" "libcrux_ml_dsa_encoding_error" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_error" -> "core_iter_traits_iterator" "libcrux_ml_dsa_encoding_error" -> "core_option" "libcrux_ml_dsa_encoding_error" -> "core_option" "libcrux_ml_dsa_encoding_error" -> "fstar_pervasives_native" "libcrux_ml_dsa_encoding_error" -> "fstar_pervasives_native" - "libcrux_ml_dsa_encoding_error" -> "core_slice_iter" - "libcrux_ml_dsa_encoding_error" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_folds" + "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_error" -> "core_panicking" "libcrux_ml_dsa_encoding_error" -> "core_panicking" - "libcrux_ml_dsa_encoding_error" -> "core_slice" - "libcrux_ml_dsa_encoding_error" -> "core_ops_range" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives" - "libcrux_ml_dsa_encoding_error" -> "rust_primitives" "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax" "libcrux_ml_dsa_encoding_error" -> "rust_primitives_hax" - "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_polynomial" - "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_polynomial" + "libcrux_ml_dsa_encoding_error" -> "core_slice" + "libcrux_ml_dsa_encoding_error" -> "core_slice_iter" + "libcrux_ml_dsa_encoding_error" -> "core_slice_iter" "libcrux_ml_dsa_encoding_error" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_error" -> "fstar_tactics_typeclasses" "libcrux_ml_dsa_encoding_error" -> "libcrux_ml_dsa_simd_traits" @@ -4756,8 +4712,6 @@ digraph { "libcrux_ml_dsa_encoding_signature" -> "fstar_pervasives" "libcrux_ml_dsa_encoding_signature" -> "prims" "libcrux_ml_dsa_encoding_signature" -> "prims" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives" - "libcrux_ml_dsa_encoding_verification_key" -> "rust_primitives" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_verification_key" -> "libcrux_ml_dsa_polynomial" "libcrux_ml_dsa_encoding_verification_key" -> "fstar_tactics_typeclasses" @@ -4772,19 +4726,8 @@ digraph { "libcrux_ml_dsa_encoding_verification_key" -> "fstar_pervasives" "libcrux_ml_dsa_encoding_verification_key" -> "prims" "libcrux_ml_dsa_encoding_verification_key" -> "prims" - "libcrux_sha3_portable" -> "libcrux_sha3_generic_keccak" - "libcrux_sha3_portable" -> "libcrux_sha3_generic_keccak" - "libcrux_sha3_portable" -> "fstar_mul" - "libcrux_sha3_portable" -> "fstar_mul" - "libcrux_sha3_portable" -> "core" - "libcrux_sha3_portable" -> "core" - "libcrux_sha3_portable" -> "fstar_pervasives" - "libcrux_sha3_portable" -> "fstar_pervasives" - "libcrux_sha3_portable" -> "prims" - "libcrux_sha3_portable" -> "prims" "libcrux_ml_dsa_ml_dsa_44__portable" -> "core_result" "libcrux_ml_dsa_ml_dsa_44__portable" -> "libcrux_ml_dsa_types" - "libcrux_ml_dsa_ml_dsa_44__portable" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__portable" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__portable" -> "core" "libcrux_ml_dsa_ml_dsa_44__portable" -> "fstar_pervasives" @@ -4808,16 +4751,24 @@ digraph { "fstar_reflection_v2_compare" -> "fstar_pervasives" "fstar_reflection_v2_compare" -> "prims" "fstar_reflection_v2_compare" -> "prims" + "libcrux_sha3_neon_x2" -> "fstar_mul" + "libcrux_sha3_neon_x2" -> "fstar_mul" + "libcrux_sha3_neon_x2" -> "core" + "libcrux_sha3_neon_x2" -> "core" + "libcrux_sha3_neon_x2" -> "fstar_pervasives" + "libcrux_sha3_neon_x2" -> "fstar_pervasives" + "libcrux_sha3_neon_x2" -> "prims" + "libcrux_sha3_neon_x2" -> "prims" "fstar_tactics_v1_logic_lemmas" -> "fstar_pervasives" "fstar_tactics_v1_logic_lemmas" -> "fstar_pervasives" "fstar_tactics_v1_logic_lemmas" -> "prims" "fstar_tactics_v1_logic_lemmas" -> "prims" + "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_int32" + "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_int32" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_types" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "libcrux_ml_dsa_ml_dsa_generic_instantiations_avx2" - "libcrux_ml_dsa_ml_dsa_44__avx2" -> "rust_primitives" - "libcrux_ml_dsa_ml_dsa_44__avx2" -> "rust_primitives" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "fstar_mul" "libcrux_ml_dsa_ml_dsa_44__avx2" -> "core" @@ -4842,25 +4793,39 @@ digraph { "core_array_iter" -> "fstar_pervasives" "core_array_iter" -> "prims" "core_array_iter" -> "prims" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "rust_primitives_hax_monomorphized_update_at" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_slice" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "rust_primitives_hax_folds" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "fstar_tactics_typeclasses" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_array_iter" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_iter_traits_collect" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_iter_traits_iterator" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "libcrux_ml_dsa_simd_portable_vector_type" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "libcrux_ml_dsa_constants" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "fstar_pervasives_native" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_fmt_rt" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "fstar_list_tot" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_fmt" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_panicking" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "rust_primitives_hax" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "rust_primitives" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "core_ops_arith_neg" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "libcrux_ml_dsa_simd_traits" - "libcrux_ml_dsa_simd_portable_arithmetic" -> "libcrux_ml_dsa_simd_portable" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_char" + "tactics_utils" -> "fstar_string" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "core" + "tactics_utils" -> "core" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "prims" + "tactics_utils" -> "prims" + "libcrux_ml_dsa_simd_portable_arithmetic" -> "libcrux_ml_dsa_simd_portable_rec_bundle_437004224" "libcrux_ml_dsa_simd_portable_arithmetic" -> "fstar_mul" "libcrux_ml_dsa_simd_portable_arithmetic" -> "core" "libcrux_ml_dsa_simd_portable_arithmetic" -> "fstar_pervasives" @@ -4894,16 +4859,6 @@ digraph { "fstar_tactics_v2_logic" -> "prims" "fstar_tactics_v2_logic" -> "prims" "fstar_tactics_v2_logic" -> "fstar_tactics_v2_logic" - "libcrux_sha3_traits" -> "fstar_tactics_typeclasses" - "libcrux_sha3_traits" -> "fstar_tactics_typeclasses" - "libcrux_sha3_traits" -> "fstar_mul" - "libcrux_sha3_traits" -> "fstar_mul" - "libcrux_sha3_traits" -> "core" - "libcrux_sha3_traits" -> "core" - "libcrux_sha3_traits" -> "fstar_pervasives" - "libcrux_sha3_traits" -> "fstar_pervasives" - "libcrux_sha3_traits" -> "prims" - "libcrux_sha3_traits" -> "prims" "core_iter" -> "rust_primitives_arrays" "core_iter" -> "rust_primitives_arrays" "core_iter" -> "core_ops_range"