Skip to main content

Browse the archive

https://github.com/project-everest/hacl-star
01 October 2021, 10:10:28 UTC
Raw File
Tip revision: d65e32adf1d6233b49571b3677a2b3fd6486c385 authored by Son HO on 17 February 2021, 16:56:15 UTC
Merge branch 'master' into son_random
Tip revision: d65e32a
Hacl.Spec.Bignum.Exponentiation.fsti 
module Hacl.Spec.Bignum.Exponentiation

open FStar.Mul

open Lib.IntTypes
open Lib.Sequence

open Hacl.Spec.Bignum.Definitions

include Hacl.Spec.Bignum.ExpBM
include Hacl.Spec.Bignum.ExpFW

#reset-options "--z3rlimit 50 --fuel 0 --ifuel 0"

// This function is *NOT* constant-time on the exponent b
val bn_mod_exp_raw:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t)) ->
  lbignum t nLen


val bn_mod_exp_raw_lemma:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t)) -> Lemma
  (requires bn_mod_exp_pre n a bBits b /\ pow2 nBits < bn_v n)
  (ensures  bn_mod_exp_post n a bBits b (bn_mod_exp_raw nLen nBits n a bBits b))


// This function is constant-time on the exponent b
val bn_mod_exp_ct:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t)) ->
  lbignum t nLen


val bn_mod_exp_ct_lemma:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t)) -> Lemma
  (requires bn_mod_exp_pre n a bBits b /\ pow2 nBits < bn_v n)
  (ensures  bn_mod_exp_post n a bBits b (bn_mod_exp_ct nLen nBits n a bBits b))


val bn_mod_exp_fw:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t))
  -> l:size_pos{l < bits t /\ pow2 l * nLen <= max_size_t} ->
  lbignum t nLen


val bn_mod_exp_fw_lemma:
    #t:limb_t
  -> nLen:size_pos{2 * bits t * nLen <= max_size_t}
  -> nBits:size_nat{nBits / bits t < nLen}
  -> n:lbignum t nLen
  -> a:lbignum t nLen
  -> bBits:size_pos
  -> b:lbignum t (blocks bBits (bits t))
  -> l:size_pos{l < bits t /\ pow2 l * nLen <= max_size_t} -> Lemma
  (requires bn_mod_exp_pre n a bBits b /\ pow2 nBits < bn_v n)
  (ensures  bn_mod_exp_post n a bBits b (bn_mod_exp_fw nLen nBits n a bBits b l))
back to top