| a34a481 | Matthias J. Kannwischer | 12 January 2024, 14:46:55 UTC | add AIMer | 12 January 2024, 16:23:54 UTC |
| 8e64b0e | Richard Petri | 11 January 2024, 19:48:54 UTC | Merge remote-tracking branch 'origin/snova' | 11 January 2024, 19:48:54 UTC |
| fbebf44 | Richard Petri | 11 January 2024, 18:30:42 UTC | Remove old perk entries from skiplist Fixes #321 | 11 January 2024, 18:30:42 UTC |
| c3dbd50 | Matthias J. Kannwischer | 11 January 2024, 10:14:04 UTC | add skiplist entries for mqom | 11 January 2024, 18:22:33 UTC |
| 759389b | Richard Petri | 07 January 2024, 23:21:31 UTC | Add HAETAE to skiplist and update mupq | 07 January 2024, 23:21:31 UTC |
| 4ad3ef6 | Richard Petri | 07 January 2024, 23:08:59 UTC | Merge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae | 07 January 2024, 23:08:59 UTC |
| 1fa2eac | Richard Petri | 07 January 2024, 23:04:19 UTC | Add perk to skiplist and update mupq | 07 January 2024, 23:04:19 UTC |
| f376768 | Richard Petri | 07 January 2024, 22:28:47 UTC | Merge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m4 | 07 January 2024, 22:28:47 UTC |
| a7fe0c1 | Marco Palumbi | 05 January 2024, 18:19:56 UTC | use symbolic links whenever possible | 05 January 2024, 18:19:56 UTC |
| d98a162 | Matthias J. Kannwischer | 18 December 2023, 02:07:27 UTC | Update Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable. | 19 December 2023, 13:44:24 UTC |
| 4956a30 | Marco Palumbi | 07 December 2023, 13:17:04 UTC | fix ldscripts for the stm32f4discovery board | 07 December 2023, 13:17:04 UTC |
| d581941 | Marco Palumbi | 07 December 2023, 13:10:59 UTC | use fullram linker script with some version | 07 December 2023, 13:10:59 UTC |
| 8dc5cf5 | Marco Palumbi | 07 December 2023, 12:59:00 UTC | add PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/ | 07 December 2023, 13:06:08 UTC |
| 8719b8e | Marc | 01 December 2023, 10:39:22 UTC | Move reference implementations to MUPQ/MUPQ The pure C reference implementations were removed from this pull request. A corresponding pull request in MUPQ/MUPQ has been initiated: https://github.com/mupq/mupq/pull/131 | 01 December 2023, 10:39:30 UTC |
| f7aedf0 | Marc | 01 December 2023, 08:30:58 UTC | Add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, haetae3 and haetae5, labeled as `ref`, with lower stack memory footprint than the original reference implementation. This enables running testvectors.py for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. | 01 December 2023, 08:38:02 UTC |
| e122421 | Marc | 01 December 2023, 08:17:04 UTC | add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, Add slightly modified reference implementations to haetae2, haetae3 and haetae5 with lower stack memory footprint than the original reference implementation. This enables the test vector comparison for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. | 01 December 2023, 08:18:31 UTC |
| 258a11f | Marc | 27 November 2023, 10:36:32 UTC | add ref implementation for haetae2 stack usage (keypair/sign/verify): * haetae2: 26152 / 83128 / 29856 | 01 December 2023, 08:14:29 UTC |
| bd9b47d | Matthias J. Kannwischer | 25 November 2023, 07:24:26 UTC | recompute static tables | 25 November 2023, 07:24:26 UTC |
| dc26f54 | Richard Petri | 24 November 2023, 08:56:49 UTC | Update mupq | 24 November 2023, 08:56:49 UTC |
| 991a5b6 | Richard Petri | 24 November 2023, 08:53:06 UTC | Update skiplist for bike | 24 November 2023, 08:54:00 UTC |
| c37de3c | Richard Petri | 24 November 2023, 08:36:28 UTC | Merge branch 'bike-round4' of https://github.com/37eex9/pqm4 into 37eex9-bike-round4 | 24 November 2023, 08:36:28 UTC |
| d436546 | Richard Petri | 24 November 2023, 07:54:08 UTC | Merge remote-tracking branch 'origin/cross' | 24 November 2023, 07:54:08 UTC |
| 968fbef | Richard Petri | 24 November 2023, 07:51:35 UTC | Merge remote-tracking branch 'origin/asconsign' | 24 November 2023, 07:51:35 UTC |
| f955de1 | Richard Petri | 24 November 2023, 07:49:22 UTC | Merge remote-tracking branch 'origin/perk' | 24 November 2023, 07:49:22 UTC |
| 111ea35 | Richard Petri | 24 November 2023, 07:48:02 UTC | Merge remote-tracking branch 'origin/hawk' | 24 November 2023, 07:48:02 UTC |
| a35e15b | Richard Petri | 24 November 2023, 07:45:36 UTC | Merge remote-tracking branch 'origin/mayo' | 24 November 2023, 07:45:36 UTC |
| 3bac106 | Marc | 23 November 2023, 09:44:48 UTC | Adds HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be selected in config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" after the change). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). | 23 November 2023, 09:44:59 UTC |
| b48968e | Marc | 22 November 2023, 16:28:46 UTC | Update HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be chosen config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" when changing it). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). The scheme HAETAE2 contains a reference implementation, which has been renamed from "clean" in previous commits to "ref". The reference implementation would run out of memory for schemes HAETAE3 and HAETAE5 and is therefore not included for these schemes. | 22 November 2023, 16:28:54 UTC |
| fe44f74 | Marc | 22 November 2023, 16:13:43 UTC | Merge branch 'haetae_dev' into haetae | 22 November 2023, 16:13:43 UTC |
| 0bdc33e | Marc | 22 November 2023, 16:10:51 UTC | add clean implementation for HAETAE2 The clean implementation is only minimally changed from the reference implementation to conform with the PQM4 API. The clean implementation would run out of memory for HAETAE3 and HAETAE5 and is therefore not added for those modes. | 22 November 2023, 16:10:51 UTC |
| a031ee4 | Marc | 22 November 2023, 14:56:35 UTC | add STACK_STRATEGY switch to config.h This implementation offers different stack strategies: * 0: Optimized for speed. * 1: Does not buffer the polynomials of the verification key in crypto_sign_keypair() and crypto_sign_signature(), thus reducing stack usage at the cost of some speed. * 2: In addition to 1, the hyperballs are sampled in multiple passes in crypto_sign_signature(), which reduces the stack usage for temporary variables. This roughly doubles the execution time of crypto_sign_signature(). | 22 November 2023, 14:56:44 UTC |
| 7eee34e | Marc | 21 November 2023, 22:58:03 UTC | compute challenge polynomial directly and sample hyperball coin deterministically * Move challenge seed generation from crypto_sign() to poly_challenge(). * Sample the random byte b deterministically inside of polyfixveclk_sample_hyperball(). It is used to: * determine the sign in hyperball sampling (bit mask 0x01) * reject with 50% odds in the overlap region (bit mask 0x02) * M4F version corresponds to reference version of 2023-11-20. | 22 November 2023, 07:33:13 UTC |
| 564ac86 | Marc | 20 November 2023, 23:01:11 UTC | initial commit of HAETAE M4F version corresponds to reference version of 2023-10-21. | 20 November 2023, 23:01:11 UTC |
| 92f0187 | Matthias J. Kannwischer | 16 November 2023, 06:32:42 UTC | Add SNOVA | 16 November 2023, 06:32:42 UTC |
| ec5c844 | rpls | 15 November 2023, 15:56:12 UTC | Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq | 15 November 2023, 15:56:12 UTC |
| f8fdca2 | Matthias J. Kannwischer | 14 November 2023, 07:54:37 UTC | use pqm4/mupq sha2 | 14 November 2023, 07:54:37 UTC |
| 179b50b | Matthias J. Kannwischer | 14 November 2023, 07:11:47 UTC | Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} | 14 November 2023, 07:11:47 UTC |
| f638ce6 | Matthias J. Kannwischer | 13 November 2023, 09:06:08 UTC | Add ascon-sign{128,192}{s,f}-{simple,robust} | 13 November 2023, 09:06:08 UTC |
| c96e268 | Matthias J. Kannwischer | 07 November 2023, 07:22:21 UTC | Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. | 07 November 2023, 09:09:48 UTC |
| 135cca9 | Richard Petri | 07 November 2023, 07:26:49 UTC | Update mupq | 07 November 2023, 07:26:49 UTC |
| 2b7d336 | Matthias J. Kannwischer | 07 November 2023, 06:08:55 UTC | Add hawk{256,512,1024} | 07 November 2023, 06:08:55 UTC |
| 420726a | Matthias J. Kannwischer | 07 November 2023, 02:17:41 UTC | update skiplist | 07 November 2023, 02:17:41 UTC |
| 6eb3b6c | Matthias J. Kannwischer | 06 November 2023, 06:36:04 UTC | revert unnecessary change in aes-publicinputs.h | 07 November 2023, 02:13:33 UTC |
| 19418dd | Matthias J. Kannwischer | 02 November 2023, 08:30:57 UTC | remove benchmarks | 07 November 2023, 02:13:26 UTC |
| aed4973 | Matthias J. Kannwischer | 30 October 2023, 03:11:38 UTC | switch to low-RAM test for ov-Ip | 07 November 2023, 02:13:22 UTC |
| 22ea5d8 | Matthias J. Kannwischer | 27 October 2023, 09:47:59 UTC | add OV benchmarks | 07 November 2023, 02:13:12 UTC |
| f20d2b4 | Matthias J. Kannwischer | 24 October 2023, 15:06:48 UTC | add skiplist entries for OV | 07 November 2023, 02:13:03 UTC |
| 6b7b698 | Matthias J. Kannwischer | 24 October 2023, 14:58:11 UTC | add LICENSEs to OV | 07 November 2023, 02:13:02 UTC |
| c4aaa78 | Matthias J. Kannwischer | 24 October 2023, 14:42:48 UTC | add ov-Ip{,-pkc,-pkc-skc} m4f implementations | 07 November 2023, 02:12:29 UTC |
| 9c69acb | Matthias J. Kannwischer | 07 November 2023, 02:07:21 UTC | update skiplist | 07 November 2023, 02:07:21 UTC |
| d969ad4 | Matthias J. Kannwischer | 25 October 2023, 12:35:41 UTC | add reference implementation of MAYO | 07 November 2023, 02:04:04 UTC |
| 8582f47 | rpls | 07 November 2023, 02:01:45 UTC | Implement new stack measurement HAL API (#304) * Implement new stack measurement HAL API * update mupq to current master --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 07 November 2023, 02:01:45 UTC |
| d2aa0e8 | Till Eifert | 06 November 2023, 07:22:16 UTC | BIKE: use mupq/mupq with latest BIKE implementation | 06 November 2023, 07:22:16 UTC |
| d95087b | Till Eifert | 02 November 2023, 16:56:36 UTC | Merge branch 'mupq:master' into bike-round4 | 02 November 2023, 16:56:36 UTC |
| 52ff781 | Till Eifert | 02 November 2023, 15:46:02 UTC | BIKE: remove compile flag _USE_CCM_IF_STM32F4_ and related unused code. Intention was to make use of CCM (core coupled memory) to allow (specific) platforms to run schemes with more memory consumption. | 02 November 2023, 15:46:02 UTC |
| 6ea87b6 | Till Eifert | 26 October 2023, 15:22:43 UTC | BIKE remove outdated files (aes) and use symlinks for duplicate files between bike level 1 and bike level 3 | 27 October 2023, 08:37:55 UTC |
| e21677c | Matthias J. Kannwischer | 27 October 2023, 07:21:41 UTC | output something if testvectors pass | 27 October 2023, 07:21:41 UTC |
| 5642fd9 | Till Eifert | 26 October 2023, 14:20:34 UTC | BIKE: minor changes to reduce compiler warnings | 26 October 2023, 14:20:34 UTC |
| d5938b7 | Till Eifert | 26 October 2023, 13:49:10 UTC | BIKE update schemes opt and m4f to spec v5.1 verified with KATs and testvectors | 26 October 2023, 13:49:10 UTC |
| 46511c7 | rpls | 24 October 2023, 03:47:25 UTC | Small overhaul of OpenCM3 code, rework Nucleo-L4R5ZI target a bit, and add CW308T-STM32F415 target (#259) * Only compile the specific libopencm3 library needed * Add experimental support for CW308T-STM32F415 * Shut up the linker errors * Shut up unused parameter warning * Fix Keccaktest bin generation * Update libopencm3 * Adapt to renamed constants * Compile the board test with fast and slow clock * Use wrapped symbols instead of overriding * Overhaul clocking for L4R5ZI board | 24 October 2023, 03:47:25 UTC |
| d4b1f5f | Richard Petri | 22 October 2023, 14:47:38 UTC | Update mupq | 22 October 2023, 14:48:30 UTC |
| 662a62b | Matthias J. Kannwischer | 14 September 2023, 07:30:46 UTC | Merge pull request #257 from mupq/dsprenkels-patch-citing Add a notice about citing original papers | 14 September 2023, 07:30:46 UTC |
| 39df6c8 | Amber Sprenkels | 13 September 2023, 09:09:21 UTC | Update README.md | 13 September 2023, 09:09:21 UTC |
| 37cd04c | Richard Petri | 08 September 2023, 20:50:12 UTC | Add a simple Keccak test | 08 September 2023, 20:50:12 UTC |
| b816ece | Richard Petri | 08 September 2023, 20:29:13 UTC | Merge pull request #254 from aadomn/update_keccak Update Keccak-f[1600] implementation for better performance | 08 September 2023, 20:46:27 UTC |
| 5c3cb35 | rpls | 08 September 2023, 20:22:05 UTC | Merge pull request #256 from JunhaoHuang/master Solve a bug in Kyber768 m4fspeed implementation | 08 September 2023, 20:22:05 UTC |
| 18fbd5e | Richard Petri | 08 September 2023, 20:04:54 UTC | Fix problem with secondary expansion for target specifc variable | 08 September 2023, 20:04:54 UTC |
| bd950cf | Huang Junhao | 26 July 2023, 06:43:51 UTC | basemul_asm_acc_opt_32_32 add push r11 | 26 July 2023, 06:43:51 UTC |
| 91f3d88 | Alexandre Adomnicai | 26 May 2023, 19:05:28 UTC | Update Keccak-f[1600] implementation for better performance | 26 May 2023, 19:05:28 UTC |
| a525417 | Matthias J. Kannwischer | 25 May 2023, 07:38:14 UTC | add aes-publicinputs for code on the host | 25 May 2023, 07:38:14 UTC |
| 1eeb74e | Matthias J. Kannwischer | 08 November 2022, 05:17:17 UTC | skip aarch64 implementations when building all schemes via make | 08 November 2022, 05:17:17 UTC |
| 918f379 | Matthias J. Kannwischer | 07 November 2022, 09:35:49 UTC | Remove schemes that are no longer under consideration by NIST (#238) * remove schemes that are no longer under consideration by NIST * bump pqclean to r4 * update mupq * update mupq * Remove SIKE SIKE got broken by https://eprint.iacr.org/2022/975 The SIKE team acknowledged it in https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/round-4/submissions/sike-team-note-insecure.pdf * Make falcon work with namespaced randombytes * bump pqclean once more * update benchmarks with Arm GNU Toolchain 11.3.Rel1 * add correct version of the compiler * clean up excluded schemes * Update README.md | 07 November 2022, 09:35:49 UTC |
| 3743a66 | Huang Junhao | 25 October 2022, 03:18:58 UTC | Improved Plantard Arithmetic for Lattice-based Cryptography (#244) * integrate improved Plantard arithmetic into Kyber * support m4fspeed and rename m4plantard to m4fstack * remove obj file * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 25 October 2022, 03:18:58 UTC |
| f216cc2 | Amin Abdulrahman | 17 October 2022, 05:46:04 UTC | Add reductions to iNTT in stack optimized code for Kyber (#242) * Add reductions to iNTT in stack optimized code * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 17 October 2022, 05:46:04 UTC |
| b78dc00 | Matthias J. Kannwischer | 27 September 2022, 06:43:59 UTC | more extensive aes tests and benchmarks | 27 September 2022, 06:43:59 UTC |
| 37e0fef | Matthias J. Kannwischer | 27 September 2022, 06:41:23 UTC | more extensive aes tests and benchmarks | 27 September 2022, 06:41:53 UTC |
| 685fbbb | Marco Palumbi | 26 September 2022, 03:42:03 UTC | Fix function call from assembly (#240) * change floating-point registers s(0-15) in s(16-31) in kyber matacc_asm.S matacc.i s(n) -> s(n+16) * change floating-point register s31 in s16 in kyberXXX-90s m4fspeed matacc_asm.S * consider floating-point registers clobbered calling kyber matacc_asm.S functions * save r12 register before calling C function in kyber matacc_asm.S and kyber matacc.i * amend the previous commit: fix the register Co-authored-by: Marco Palumbi <Marco.Palumbi@tii.ae> | 26 September 2022, 03:42:03 UTC |
| 059e024 | Matthias J. Kannwischer | 21 September 2022, 07:24:02 UTC | Add Richard Petri to citation | 21 September 2022, 07:24:02 UTC |
| 26f810d | rugo | 07 June 2022, 08:39:12 UTC | Fix alignment issues in Kyber (#236) * Add .vscode to gitignore * Add alignment to arrays used in Kyber to address #235 | 07 June 2022, 08:39:12 UTC |
| 0b50e72 | Amin Abdulrahman | 10 May 2022, 07:45:12 UTC | Use different FP registers, fix iNTT range (#234) * different fp registers, fix iNTT range * Remove redundant packing of signature component 'z' * benchmarks Co-authored-by: Alexandre Adomnicai <alex.adomnicai@gmail.com> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 10 May 2022, 07:45:12 UTC |
| 6182ab3 | Matthias J. Kannwischer | 23 March 2022, 04:18:34 UTC | Avoid overlapping .o and .S file names (#231) Some implementations in pqm4 use the same file names for .c and .S files, .e.g., poly.[cS} in kyber. pqm4 does not have a problem with that, but it has been brought to my attention that other projects relying on pqm4 can not correctly handle that. I renamed the .S files accordingly. | 23 March 2022, 04:18:34 UTC |
| 3bfbbfd | Amin Abdulrahman | 31 January 2022, 02:01:55 UTC | Faster Kyber and Dilithium (#221) * Faster Faster Kyber and Dilithium * benchmarks for kyber and dilithium * update skiplist * more dilithium benchmarks Co-authored-by: amin <amin@abdulrahman.de> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 31 January 2022, 02:01:55 UTC |
| c37e541 | vincentvbh | 29 January 2022, 01:24:18 UTC | More readable and improved NTTs for NTRU (#219) * ntruhps2048509 * ntruhps2048677, ntruhrss701 * ntruhps4096821 * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 29 January 2022, 01:24:18 UTC |
| 2691b49 | Trista Li | 29 November 2021, 10:05:01 UTC | NTRU m4 polynomial inversion implementation for four parameter sets (#218) * NTRU m4 polynomial inversion implementation for four parameter sets * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 29 November 2021, 10:05:01 UTC |
| 82650eb | Matthias J. Kannwischer | 05 November 2021, 14:44:13 UTC | Avoid aux.S filename to please Windows. Fix #216 (#217) | 05 November 2021, 14:44:13 UTC |
| e47864b | rpls | 01 October 2021, 16:16:12 UTC | Merge pull request #213 from mupq/picnic Add Picnic implementations from https://github.com/dkales/picnic_m4 | 01 October 2021, 16:16:12 UTC |
| 0dd7285 | Richard Petri | 01 October 2021, 16:15:28 UTC | Update mupq | 01 October 2021, 16:15:28 UTC |
| 0197728 | Matthias J. Kannwischer | 29 September 2021, 02:59:35 UTC | move opt-mem implementation from mupq to pqm4/pqm3 | 29 September 2021, 05:34:06 UTC |
| 9c7be01 | Matthias J. Kannwischer | 15 September 2021, 06:20:13 UTC | Fix #161. I wish people would just submit a patch to pqm4 instead of writing another paper about a bug that is well known... Anyway, I fixed this now... | 26 September 2021, 17:35:32 UTC |
| 8970d37 | Matthias J. Kannwischer | 22 September 2021, 09:09:56 UTC | Fix two bugs in Kyber Fixes two minor bugs in matacc. They did not actually result in wrong outputs. In the uniform sampling, we use 3 bytes to sample 2 coefficients. In case the sampled coefficient is too large, we throw it away. Once we sampled 256 coefficients it is possible that we still have one coefficient left which needs to be discarded. The check if we are at the end of a polynomial already was wrongly implemented by checking for ctr < KYBER_Q/4 rather than ctr < KYBER_N/4 in two places. Luckily, it has no effect in both cases. In the first, ctr = KYBER_N/4 implies k=0 and hence the the code does nothing. In the second, an additional Keccak squeeze is triggered, but the output is never used. | 26 September 2021, 17:25:47 UTC |
| 1442c6e | Matthias J. Kannwischer | 06 September 2021, 08:23:53 UTC | update mupq | 06 September 2021, 08:23:53 UTC |
| 33de42d | Matthias J. Kannwischer | 06 September 2021, 08:10:41 UTC | add benchmarks | 06 September 2021, 08:10:41 UTC |
| bdb173a | Matthias J. Kannwischer | 03 September 2021, 06:49:00 UTC | add picnic | 03 September 2021, 06:49:00 UTC |
| 844e7ca | Matthias J. Kannwischer | 31 August 2021, 07:49:19 UTC | Use T-Table AES for public inputs in ntrulpr (again) (#212) * use publicinputs AES for ntrulpr * new benchmarks | 31 August 2021, 07:49:19 UTC |
| 34e5da0 | Richard Petri | 30 August 2021, 20:55:14 UTC | Merge branch 'rainbow' | 30 August 2021, 20:55:14 UTC |
| 0843a8e | Matthias J. Kannwischer | 12 August 2021, 10:16:34 UTC | automatically build binaries; Resolves #205 | 18 August 2021, 21:40:27 UTC |
| b2c37fd | Matthias J. Kannwischer | 18 August 2021, 09:08:18 UTC | switch to symlinks for files that are shared | 18 August 2021, 09:08:18 UTC |
| 62d8710 | Matthias J. Kannwischer | 16 August 2021, 08:36:26 UTC | add rainbow to skiplist | 16 August 2021, 08:36:26 UTC |
| 4fee0f7 | Matthias J. Kannwischer | 16 August 2021, 08:32:42 UTC | add Rainbow implementations | 16 August 2021, 08:32:42 UTC |
| b4c5d7a | vincentvbh | 13 August 2021, 08:19:16 UTC | fix Saber typings (#208) | 13 August 2021, 08:19:16 UTC |
