https://github.com/mupq/pqm4

sort by:
Revision Author Date Message Commit Date
cda61fb Kyber: Fixed secret-dependent branch in poly_fromsg (#345) * Fixed secret-dependent branch in poly_fromsg * update mupq * update Kyber benchmarks * add missing prototype * extend skiplist * add Falcon benchmarks 03 July 2024, 03:02:34 UTC
006a109 Symlinks for dilithium m4fstack (#342) 22 April 2024, 04:56:30 UTC
4584cfc Fix inlining of Kyber re-encryption (#339) * fix inlining of Kyber reencryption * update benchmarks 16 April 2024, 01:24:06 UTC
149bfc7 Dilithium/ML-DSA Stack Optimizations (#340) * Init dilithium3 stack optimized variant * Start stack optimization [Passing] * Based on ideas from https://eprint.iacr.org/2022/323.pdf, based on code by Matthias J. Kannwischer * Sample A on-the-fly * Compressed c * Schoolbook mul for ct1 * Compress w * Eliminate z, y * Eliminate cp * Eliminate s1, s2 * Eliminate second poly needed for A*y * Note: Reverts poly_uniform_pointwise_montgomery_polywadd_stack to prior state * Inline sampling uniform and uniform_gamma1 * Inline hint generation * Inline polyw subtraction * Refactor decompose to high/lowbits * Inline Keccak state * Shared buffer for polynomials * rm 257 FFT * Union for small and big poly * Eliminate some smaller buffers * Remove asym small mul * Stack friendly uniform_gamma1 w/o add * Stack optimized Dilithium{2,5} * Switch to Plantard-based 769 NTT * First batch of stack opt for Verify * On-the-fly matrix generation * Schoolbook for ct1 * Challenge compression * On-the-fly unpacking for z, h * Compress w * rm tmp poly, subtract on wcomp * Verify Stack Optimizations * Stack friendly hint decoding * Eliminate second full poly * Remove K-loop from hint unpacking * rm buffers/unionize in Verify * Stack opt key pair * Minor clean up * Overlap buffers * Stack optimized challenge generation * Match 769 Plantard to m4f code * update skiplist * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 16 April 2024, 01:00:42 UTC
9c2bc41 Revisiting Keccak and Dilithium Implementations on ARMv7-M (#338) * Use Plantard arithmetic for NTT_769 in Dilithium * rm old smallntt.S * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 15 April 2024, 07:30:22 UTC
2c48508 Merge pull request #337 from mupq/moreci More CI and add excluded schemes on all platforms 27 March 2024, 14:10:26 UTC
4f5b5ce Merge pull request #335 from mupq/duallicense Merge branch 'master' of github.com:mupq/pqm4 26 March 2024, 21:20:08 UTC
cc3481a fix build for other platforms 26 March 2024, 21:09:22 UTC
c33fab9 fix nucleo-l476rg build 26 March 2024, 13:56:42 UTC
c83565b more CI 26 March 2024, 13:45:42 UTC
0c12777 more CI 26 March 2024, 13:32:23 UTC
82c6d7a add uov to exluded schemes on nucleo_l446rg.mk 25 March 2024, 19:59:12 UTC
5d0fe86 Adds Apache-2.0 license in addition to CC0 To enable re-use in https://github.com/pq-code-package/mlkem-c-embedded. This is applied only to the sources of pqm4 itself that are to a vast degree written by the pqm4 maintainers. The scheme implementations plus symmetric primitives have other licenses. 20 March 2024, 03:24:17 UTC
4b2fc60 Merge pull request #333 from mupq/benchmarkupdate Update benchmarks and skiplist 19 March 2024, 12:35:18 UTC
527e9d6 Update benchmarks 17 March 2024, 20:38:49 UTC
470917e Update mupq 17 March 2024, 20:38:49 UTC
b15618e Update README.md to reflect the changes 27 February 2024, 20:55:55 UTC
e698764 Update skiplist.py 27 February 2024, 20:38:09 UTC
e852f55 Update mupq 27 February 2024, 20:37:53 UTC
403c694 Merge pull request #332 from mupq/nistdraftkyberdilithium NIST Draft version of Kyber and Dilithium; remove divisions by KYBER_Q 27 February 2024, 19:26:51 UTC
c4fd63c fix build on stm32f4discovery 23 February 2024, 07:51:58 UTC
619a125 include compat.h to allow SPHINCS+ to build 23 February 2024, 07:51:41 UTC
0fa8f56 Dilithium compatibility with NIST draft 23 February 2024, 07:50:49 UTC
edcf6f6 eliminate / KYBER_Q that may result in variable time division This applies the patches from upstream to poly_compress and polyvec_compress See https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ 23 February 2024, 03:29:50 UTC
f418bf6 update M4 Kyber to be compatible with NIST Draft 23 February 2024, 02:56:55 UTC
5087fd8 remove Kyber-90s; won't be standardized 23 February 2024, 02:56:33 UTC
c839498 update PQClean 23 February 2024, 02:55:57 UTC
62244ef Merge pull request #331 from mupq/haetae-fix Use fixed HAETAE reference 24 January 2024, 11:30:45 UTC
a39a172 Use fixed HAETAE reference 24 January 2024, 11:29:33 UTC
82f4e23 Merge branch 'update-PERK-m4' improve compression for PERK short levels I and II #328 20 January 2024, 22:39:05 UTC
4702ce9 improve compression for short levels I and II 20 January 2024, 09:21:05 UTC
ca8b4f3 Merge pull request #327 from mupq/tuov Add Tuov 19 January 2024, 14:03:07 UTC
1ccd61f Exclude tuov from builds 19 January 2024, 13:57:15 UTC
f514356 Add Tuov 19 January 2024, 13:36:36 UTC
bfd8248 Merge pull request #325 from mupq/mirith-fix Update for MiRitH 18 January 2024, 12:22:15 UTC
a0dec92 Use updated version of mirith, add embedded optimized version 18 January 2024, 12:20:05 UTC
54d8313 Run only on push to master, and when PR review requested 16 January 2024, 22:37:11 UTC
d2a8800 Properly wrap missing libc functions and shut up linker warning 16 January 2024, 22:37:11 UTC
dfc968a Update workflow dependencies 16 January 2024, 22:37:11 UTC
0a47489 Checkout submodules recursively 16 January 2024, 22:37:11 UTC
ee2a6ea Add a github workflow 16 January 2024, 22:37:11 UTC
b381da5 Exclude all non-building schemes for cw308t-stm32f415 16 January 2024, 21:20:31 UTC
5398081 Merge branch 'master' of https://github.com/37eex9/pqm4 into cw308t-stm32f415 16 January 2024, 20:58:48 UTC
ff6b7ab Merge remote-tracking branch 'origin/mirith' 16 January 2024, 20:57:20 UTC
cf017cd Merge remote-tracking branch 'origin/biscuit' 16 January 2024, 20:56:42 UTC
1c27aa0 Add MEDS 16 January 2024, 20:54:18 UTC
d93ba34 Merge remote-tracking branch 'origin/aimer' into master 16 January 2024, 19:41:35 UTC
de6b4d9 Merge remote-tracking branch 'origin/sphinca' into sphincsa Add SPHINCS-alpha #312 16 January 2024, 18:06:55 UTC
57bb7dc update mupq 15 January 2024, 13:19:53 UTC
a34a481 add AIMer 12 January 2024, 16:23:54 UTC
8e64b0e Merge remote-tracking branch 'origin/snova' 11 January 2024, 19:48:54 UTC
fbebf44 Remove old perk entries from skiplist Fixes #321 11 January 2024, 18:30:42 UTC
c3dbd50 add skiplist entries for mqom 11 January 2024, 18:22:33 UTC
759389b Add HAETAE to skiplist and update mupq 07 January 2024, 23:21:31 UTC
4ad3ef6 Merge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae 07 January 2024, 23:08:59 UTC
1fa2eac Add perk to skiplist and update mupq 07 January 2024, 23:04:19 UTC
f376768 Merge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m4 07 January 2024, 22:28:47 UTC
a7fe0c1 use symbolic links whenever possible 05 January 2024, 18:19:56 UTC
d98a162 Update Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable. 19 December 2023, 13:44:24 UTC
4956a30 fix ldscripts for the stm32f4discovery board 07 December 2023, 13:17:04 UTC
d581941 use fullram linker script with some version 07 December 2023, 13:10:59 UTC
8dc5cf5 add PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/ 07 December 2023, 13:06:08 UTC
8719b8e Move reference implementations to MUPQ/MUPQ The pure C reference implementations were removed from this pull request. A corresponding pull request in MUPQ/MUPQ has been initiated: https://github.com/mupq/mupq/pull/131 01 December 2023, 10:39:30 UTC
f7aedf0 Add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, haetae3 and haetae5, labeled as `ref`, with lower stack memory footprint than the original reference implementation. This enables running testvectors.py for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. 01 December 2023, 08:38:02 UTC
e122421 add low-mem ref implementation to all schemes Add slightly modified reference implementations to haetae2, Add slightly modified reference implementations to haetae2, haetae3 and haetae5 with lower stack memory footprint than the original reference implementation. This enables the test vector comparison for all schemes. CAVEAT: This commit modifies the following PQM4 core files * ldscripts/stm32f4discovery.ld * ldscripts/stm32f4discovery_fullram.ld * mk/stm32f4discovery.mk The two load scripts are modified as recommended in [issue 310](https://github.com/mupq/pqm4/issues/310#issuecomment-1810255939). The make file is modified to use full ram for the implementations m4f and ref of scheme haetae5, as they would run out of memory otherwise, similar to dilithium5. The stack memory footprint was reduced by: * Storing A1 using uint16 instead of int32, halving its footprint * Grouping some vectors inside `crypto_sign_signature()`, whose periods of liveliness do not overlap, into unions. The modification is light enough to easily verify consistency with the reference implementation. 01 December 2023, 08:18:31 UTC
258a11f add ref implementation for haetae2 stack usage (keypair/sign/verify): * haetae2: 26152 / 83128 / 29856 01 December 2023, 08:14:29 UTC
76f069c stm32f415: enable hw rng and extend clock setup update interface.py platform_memory to handle stm32f415 26 November 2023, 12:06:42 UTC
bd9b47d recompute static tables 25 November 2023, 07:24:26 UTC
c8b3456 do expensive pre-computation only once 24 November 2023, 09:11:57 UTC
dc26f54 Update mupq 24 November 2023, 08:56:49 UTC
991a5b6 Update skiplist for bike 24 November 2023, 08:54:00 UTC
c37de3c Merge branch 'bike-round4' of https://github.com/37eex9/pqm4 into 37eex9-bike-round4 24 November 2023, 08:36:28 UTC
8821d31 Add MiRitH 24 November 2023, 08:05:20 UTC
71f0daa Add biscuit 24 November 2023, 08:02:41 UTC
d436546 Merge remote-tracking branch 'origin/cross' 24 November 2023, 07:54:08 UTC
694a4a8 eliminate static memory 24 November 2023, 07:52:07 UTC
968fbef Merge remote-tracking branch 'origin/asconsign' 24 November 2023, 07:51:35 UTC
f955de1 Merge remote-tracking branch 'origin/perk' 24 November 2023, 07:49:22 UTC
111ea35 Merge remote-tracking branch 'origin/hawk' 24 November 2023, 07:48:02 UTC
a35e15b Merge remote-tracking branch 'origin/mayo' 24 November 2023, 07:45:36 UTC
c2438e0 turn into symlinks 24 November 2023, 07:41:59 UTC
3bac106 Adds HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be selected in config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" after the change). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). 23 November 2023, 09:44:59 UTC
8e19ad7 add SPHINCS-alpha 23 November 2023, 09:07:07 UTC
b48968e Update HAETAE This commit implements the post-quantum signature scheme HAETAE from https://eprint.iacr.org/2023/624 https://kpqc.cryptolab.co.kr/haetae The stack strategy can be chosen config.h by setting STACK_STRATEGY to the appropriate value (run "make clean" when changing it). * 0 or undefined: Optimized for speed (default). * 1: Disable buffers for the polynomials of the verification key in crypto_sign_keypair() and crypto_sign(). This reduces speed, as the key needs to be recomputed after each rejection. * 2: In addition to 1, sample the hyperball in multiple passes, such that some intermediate values are computed on demand, rather than being buffered. This roughly doubles the runtime of crypto_sign(). The scheme HAETAE2 contains a reference implementation, which has been renamed from "clean" in previous commits to "ref". The reference implementation would run out of memory for schemes HAETAE3 and HAETAE5 and is therefore not included for these schemes. 22 November 2023, 16:28:54 UTC
fe44f74 Merge branch 'haetae_dev' into haetae 22 November 2023, 16:13:43 UTC
0bdc33e add clean implementation for HAETAE2 The clean implementation is only minimally changed from the reference implementation to conform with the PQM4 API. The clean implementation would run out of memory for HAETAE3 and HAETAE5 and is therefore not added for those modes. 22 November 2023, 16:10:51 UTC
a031ee4 add STACK_STRATEGY switch to config.h This implementation offers different stack strategies: * 0: Optimized for speed. * 1: Does not buffer the polynomials of the verification key in crypto_sign_keypair() and crypto_sign_signature(), thus reducing stack usage at the cost of some speed. * 2: In addition to 1, the hyperballs are sampled in multiple passes in crypto_sign_signature(), which reduces the stack usage for temporary variables. This roughly doubles the execution time of crypto_sign_signature(). 22 November 2023, 14:56:44 UTC
7eee34e compute challenge polynomial directly and sample hyperball coin deterministically * Move challenge seed generation from crypto_sign() to poly_challenge(). * Sample the random byte b deterministically inside of polyfixveclk_sample_hyperball(). It is used to: * determine the sign in hyperball sampling (bit mask 0x01) * reject with 50% odds in the overlap region (bit mask 0x02) * M4F version corresponds to reference version of 2023-11-20. 22 November 2023, 07:33:13 UTC
564ac86 initial commit of HAETAE M4F version corresponds to reference version of 2023-10-21. 20 November 2023, 23:01:11 UTC
92f0187 Add SNOVA 16 November 2023, 06:32:42 UTC
ec5c844 Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq 15 November 2023, 15:56:12 UTC
f8fdca2 use pqm4/mupq sha2 14 November 2023, 07:54:37 UTC
179b50b Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} 14 November 2023, 07:11:47 UTC
f638ce6 Add ascon-sign{128,192}{s,f}-{simple,robust} 13 November 2023, 09:06:08 UTC
c96e268 Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. 07 November 2023, 09:09:48 UTC
135cca9 Update mupq 07 November 2023, 07:26:49 UTC
2b7d336 Add hawk{256,512,1024} 07 November 2023, 06:08:55 UTC
420726a update skiplist 07 November 2023, 02:17:41 UTC
6eb3b6c revert unnecessary change in aes-publicinputs.h 07 November 2023, 02:13:33 UTC
19418dd remove benchmarks 07 November 2023, 02:13:26 UTC
back to top