| ec874b7 | Matthias J. Kannwischer | 18 February 2025, 03:22:04 UTC | bump pqclean | 18 February 2025, 03:22:04 UTC |
| f275f06 | Matthias J. Kannwischer | 17 February 2025, 06:39:52 UTC | bump pqclean | 17 February 2025, 06:39:52 UTC |
| a959691 | Matthias J. Kannwischer | 14 February 2025, 11:11:02 UTC | gcc14 errors: unsigned -> uint32_t | 14 February 2025, 11:12:21 UTC |
| 68dff40 | Richard Petri | 09 January 2025, 18:48:21 UTC | Update libopencm3 | 14 February 2025, 07:26:23 UTC |
| 677673d | Richard Petri | 09 January 2025, 18:47:48 UTC | Update to latest GNU ARM toolchain | 14 February 2025, 07:26:23 UTC |
| 1a04a91 | Matthias J. Kannwischer | 14 February 2025, 06:52:20 UTC | Merge pull request #380 from mupq/faster-ml-dsa ML-DSA-44/87: Switch to mod 769 NTT instead of mod 257 FTT | 14 February 2025, 06:52:20 UTC |
| 356c6f8 | Matthias J. Kannwischer | 10 February 2025, 06:03:55 UTC | update ML-DSA benchmarks | 10 February 2025, 06:03:55 UTC |
| 147d170 | Matthias J. Kannwischer | 10 February 2025, 05:02:53 UTC | update skiplist | 10 February 2025, 05:02:53 UTC |
| 271ca71 | Matthias J. Kannwischer | 10 February 2025, 04:56:46 UTC | ML-DSA-44/87: Switch to mod 769 NTT instead of mod 257 FTT In https://tches.iacr.org/index.php/TCHES/article/view/11419 it was shown that Plantard-based NTTs mod 769 are faster than the 257 Fermat Number Transforms that we are currently using for ML-DSA-44+87. This commit switches to the mod 769 arthmetic for all parameter sets instead of only using it for ML-DSA-65. Files are in ML-DSA-44 and symlinked from 65 + 87. Stack-optimized implementations remain unaffected (they were using 769 before). | 10 February 2025, 04:56:46 UTC |
| 5ef2ba7 | Matthias J. Kannwischer | 04 February 2025, 07:30:35 UTC | Merge pull request #378 from mupq/fndsa-hashing FN-DSA: Fix hash profiling | 04 February 2025, 07:30:35 UTC |
| e0e58e0 | Matthias J. Kannwischer | 04 February 2025, 06:57:43 UTC | Remove outdated falcon implementations from excluded_schemes on various target Got removed in https://github.com/mupq/pqm4/pull/377 | 04 February 2025, 06:59:27 UTC |
| 5a1586f | Matthias J. Kannwischer | 04 February 2025, 06:57:01 UTC | FN-DSA: Fix hash profiling | 04 February 2025, 06:59:27 UTC |
| 34d92e5 | Matthias J. Kannwischer | 03 February 2025, 04:30:55 UTC | Merge pull request #377 from pornin/fndsa | 03 February 2025, 04:30:55 UTC |
| dfc3a75 | Matthias J. Kannwischer | 03 February 2025, 03:45:23 UTC | Remove outdated Falcon implementations Superseded by provisional FN-DSA https://github.com/mupq/pqm4/pull/377 | 03 February 2025, 03:45:23 UTC |
| 9443518 | Matthias J. Kannwischer | 03 February 2025, 03:39:56 UTC | update FN-DSA benchmarks | 03 February 2025, 03:39:56 UTC |
| cc60d10 | Matthias J. Kannwischer | 03 February 2025, 03:14:01 UTC | update skiplist | 03 February 2025, 03:14:01 UTC |
| 75e3669 | Matthias J. Kannwischer | 03 February 2025, 03:10:49 UTC | update mupq | 03 February 2025, 03:10:49 UTC |
| fe2c0dc | Thomas Pornin | 01 February 2025, 16:42:43 UTC | Added provisional FN-DSA implementation (2025-02-01, with ARM Cortex-M4F optimizations). | 01 February 2025, 16:42:43 UTC |
| 393720d | Matthias J. Kannwischer | 31 January 2025, 09:43:33 UTC | Merge pull request #376 from dgazzoni/check-signature-verification-in-benchmarks Update mupq due to mupq PR #161 | 31 January 2025, 09:43:33 UTC |
| 48f2ffc | Décio Luiz Gazzoni Filho | 31 January 2025, 07:15:02 UTC | Update mupq | 31 January 2025, 07:15:02 UTC |
| 49ce5be | Matthias J. Kannwischer | 19 December 2024, 01:54:05 UTC | fix typo in readme. | 19 December 2024, 01:54:05 UTC |
| fdf2b8b | Matthias J. Kannwischer | 28 November 2024, 07:18:50 UTC | Merge pull request #372 from mupq/remove-broken-symlinks Remove broken symlinks | 28 November 2024, 07:18:50 UTC |
| d702a74 | Matthias J. Kannwischer | 28 November 2024, 05:21:42 UTC | remove broken symlinks Fixes #370. Found with `find . -xtype l` | 28 November 2024, 05:51:50 UTC |
| f1a3a03 | Matthias J. Kannwischer | 28 November 2024, 05:50:34 UTC | Merge pull request #371 from mupq/fix-ml-kem Continuation of 'map to canonical' #369 | 28 November 2024, 05:50:34 UTC |
| 4af91da | Matthias J. Kannwischer | 28 November 2024, 05:14:17 UTC | add ml-kem benchmarks | 28 November 2024, 05:19:20 UTC |
| 4a98037 | vincentvbh | 22 November 2024, 11:25:01 UTC | map to canonical | 28 November 2024, 05:16:35 UTC |
| 40f33ea | Amin Abdulrahman | 12 November 2024, 08:54:06 UTC | Full ram for ml-dsa-87 on stm32f4discovery (#368) | 12 November 2024, 08:54:06 UTC |
| 3200c9e | Matthias J. Kannwischer | 31 October 2024, 08:26:08 UTC | Remove eliminated schemes from NIST PQC digital signature competition (#365) * Remove eliminated schemes from NIST PQC digital signature competition NIST announced the second round candidates on October 24, 2024: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/khAfIZPktRE/m/bBZWmET-AAAJ Eliminated schemes (with implementations in mupq): - ascon-sign - biscuit - meds - sphinca-a - tuov None of those have dedicated implementations in pqm4. aimer and haetae also got eliminated, but remain candidates of KPQC (https://www.kpqc.or.kr/competition.html). Let's keep them around. * adjust README * update mupq * fix aimer skiplist | 31 October 2024, 08:26:08 UTC |
| 229b36b | Matthias J. Kannwischer | 31 October 2024, 06:45:47 UTC | Add AIMer benchmarks (#366) * Add AIMer implementations(m4speed, m4stack) for all NIST security levels * change aimer128f to symlinks * Symlinks updates for AIMer * update benchmarks * update skiplist --------- Co-authored-by: Sangyub Lee <kykypyza3724@gmail.com> | 31 October 2024, 06:45:47 UTC |
| 47fd997 | Sangyub Lee | 31 October 2024, 06:00:50 UTC | Add AIMer implementations(m4speed, m4stack) for all NIST security levels (#361) * Add AIMer implementations(m4speed, m4stack) for all NIST security levels * change aimer128f to symlinks * Symlinks updates for AIMer --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 31 October 2024, 06:00:50 UTC |
| 68e1ca7 | Matthias J. Kannwischer | 22 October 2024, 09:15:12 UTC | Update to FIPS204 and rename Dilithium to ML-DSA (#363) * update Dilithium to final FIPS204 and rename * Dilithium: update and rename m4f+m4fstack implementations * switch to mupq master after merging * ML-DSA: update benchmarks * update skiplist * fix compiler warnings | 22 October 2024, 09:15:12 UTC |
| 7664995 | Matthias J. Kannwischer | 15 October 2024, 02:53:08 UTC | move PR template in right place | 15 October 2024, 02:53:08 UTC |
| 024f636 | Matthias J. Kannwischer | 15 October 2024, 02:50:52 UTC | Create pull_request_template.md | 15 October 2024, 02:50:52 UTC |
| 79a0ddf | Matthias J. Kannwischer | 14 October 2024, 10:16:32 UTC | Update Kyber to final FIPS203 and rename to ML-KEM (#362) | 14 October 2024, 10:16:32 UTC |
| 8d44b72 | Matthias J. Kannwischer | 13 August 2024, 00:06:44 UTC | init msg buffer in {speed,hashing}.c (#351) | 13 August 2024, 00:06:44 UTC |
| 6554684 | Matthias J. Kannwischer | 12 August 2024, 13:38:20 UTC | Update AIMer implementations (#350) * add skiplist entries for new aimer implementations * remove old aimer benchmarks * add AIMer benchmarks * add missing aimer-128f benchmarks * track correct version of mupq | 12 August 2024, 13:38:20 UTC |
| 7cead3c | Matthias J. Kannwischer | 06 August 2024, 07:27:24 UTC | Add dependabot | 06 August 2024, 07:27:24 UTC |
| f2b698a | Matthias J. Kannwischer | 06 August 2024, 07:21:58 UTC | Improve Dilithium (speed) verification stack usage (#346) * Improve Dilithium (speed) verification stack usage Once upon a time, we wrote a paper on memory-efficient Dilithium [1] which included a speed-optimized version of verification that still included some memory optimizations that don't come at a performance penalty. Unfortunately with the update of the reference code to round 3 that version did not get migrated leading to some complaints about verification memory consumption. I finally found some time to port these. Verficication speed is essentially unchanged, but stack consumption is much better. [1] https://eprint.iacr.org/2020/1278.pdf * update benchmarks | 06 August 2024, 07:21:58 UTC |
| cda61fb | Matthias J. Kannwischer | 03 July 2024, 03:02:34 UTC | Kyber: Fixed secret-dependent branch in poly_fromsg (#345) * Fixed secret-dependent branch in poly_fromsg * update mupq * update Kyber benchmarks * add missing prototype * extend skiplist * add Falcon benchmarks | 03 July 2024, 03:02:34 UTC |
| 006a109 | Amin Abdulrahman | 22 April 2024, 04:56:30 UTC | Symlinks for dilithium m4fstack (#342) | 22 April 2024, 04:56:30 UTC |
| 4584cfc | Matthias J. Kannwischer | 16 April 2024, 01:24:06 UTC | Fix inlining of Kyber re-encryption (#339) * fix inlining of Kyber reencryption * update benchmarks | 16 April 2024, 01:24:06 UTC |
| 149bfc7 | Amin Abdulrahman | 16 April 2024, 01:00:42 UTC | Dilithium/ML-DSA Stack Optimizations (#340) * Init dilithium3 stack optimized variant * Start stack optimization [Passing] * Based on ideas from https://eprint.iacr.org/2022/323.pdf, based on code by Matthias J. Kannwischer * Sample A on-the-fly * Compressed c * Schoolbook mul for ct1 * Compress w * Eliminate z, y * Eliminate cp * Eliminate s1, s2 * Eliminate second poly needed for A*y * Note: Reverts poly_uniform_pointwise_montgomery_polywadd_stack to prior state * Inline sampling uniform and uniform_gamma1 * Inline hint generation * Inline polyw subtraction * Refactor decompose to high/lowbits * Inline Keccak state * Shared buffer for polynomials * rm 257 FFT * Union for small and big poly * Eliminate some smaller buffers * Remove asym small mul * Stack friendly uniform_gamma1 w/o add * Stack optimized Dilithium{2,5} * Switch to Plantard-based 769 NTT * First batch of stack opt for Verify * On-the-fly matrix generation * Schoolbook for ct1 * Challenge compression * On-the-fly unpacking for z, h * Compress w * rm tmp poly, subtract on wcomp * Verify Stack Optimizations * Stack friendly hint decoding * Eliminate second full poly * Remove K-loop from hint unpacking * rm buffers/unionize in Verify * Stack opt key pair * Minor clean up * Overlap buffers * Stack optimized challenge generation * Match 769 Plantard to m4f code * update skiplist * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 16 April 2024, 01:00:42 UTC |
| 9c2bc41 | Huang Junhao | 15 April 2024, 07:30:22 UTC | Revisiting Keccak and Dilithium Implementations on ARMv7-M (#338) * Use Plantard arithmetic for NTT_769 in Dilithium * rm old smallntt.S * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 15 April 2024, 07:30:22 UTC |
| 2c48508 | Richard Petri | 27 March 2024, 14:10:26 UTC | Merge pull request #337 from mupq/moreci More CI and add excluded schemes on all platforms | 27 March 2024, 14:10:26 UTC |
| 4f5b5ce | Richard Petri | 26 March 2024, 21:19:31 UTC | Merge pull request #335 from mupq/duallicense Merge branch 'master' of github.com:mupq/pqm4 | 26 March 2024, 21:20:08 UTC |
| cc3481a | Matthias J. Kannwischer | 26 March 2024, 21:09:22 UTC | fix build for other platforms | 26 March 2024, 21:09:22 UTC |
| c33fab9 | Matthias J. Kannwischer | 26 March 2024, 13:56:42 UTC | fix nucleo-l476rg build | 26 March 2024, 13:56:42 UTC |
| c83565b | Matthias J. Kannwischer | 26 March 2024, 13:42:01 UTC | more CI | 26 March 2024, 13:45:42 UTC |
| 0c12777 | Matthias J. Kannwischer | 26 March 2024, 13:32:23 UTC | more CI | 26 March 2024, 13:32:23 UTC |
| 82c6d7a | Matthias J. Kannwischer | 25 March 2024, 19:59:12 UTC | add uov to exluded schemes on nucleo_l446rg.mk | 25 March 2024, 19:59:12 UTC |
| 5d0fe86 | Matthias J. Kannwischer | 20 March 2024, 03:13:23 UTC | Adds Apache-2.0 license in addition to CC0 To enable re-use in https://github.com/pq-code-package/mlkem-c-embedded. This is applied only to the sources of pqm4 itself that are to a vast degree written by the pqm4 maintainers. The scheme implementations plus symmetric primitives have other licenses. | 20 March 2024, 03:24:17 UTC |
| 4b2fc60 | Richard Petri | 19 March 2024, 12:35:18 UTC | Merge pull request #333 from mupq/benchmarkupdate Update benchmarks and skiplist | 19 March 2024, 12:35:18 UTC |
| 527e9d6 | Richard Petri | 17 March 2024, 20:36:16 UTC | Update benchmarks | 17 March 2024, 20:38:49 UTC |
| 470917e | Richard Petri | 17 March 2024, 20:38:08 UTC | Update mupq | 17 March 2024, 20:38:49 UTC |
| b15618e | Richard Petri | 27 February 2024, 20:55:55 UTC | Update README.md to reflect the changes | 27 February 2024, 20:55:55 UTC |
| e698764 | Richard Petri | 27 February 2024, 20:38:09 UTC | Update skiplist.py | 27 February 2024, 20:38:09 UTC |
| e852f55 | Richard Petri | 27 February 2024, 20:37:53 UTC | Update mupq | 27 February 2024, 20:37:53 UTC |
| 403c694 | Richard Petri | 27 February 2024, 19:26:51 UTC | Merge pull request #332 from mupq/nistdraftkyberdilithium NIST Draft version of Kyber and Dilithium; remove divisions by KYBER_Q | 27 February 2024, 19:26:51 UTC |
| c4fd63c | Matthias J. Kannwischer | 23 February 2024, 07:51:58 UTC | fix build on stm32f4discovery | 23 February 2024, 07:51:58 UTC |
| 619a125 | Matthias J. Kannwischer | 23 February 2024, 07:51:41 UTC | include compat.h to allow SPHINCS+ to build | 23 February 2024, 07:51:41 UTC |
| 0fa8f56 | Matthias J. Kannwischer | 23 February 2024, 05:14:13 UTC | Dilithium compatibility with NIST draft | 23 February 2024, 07:50:49 UTC |
| edcf6f6 | Matthias J. Kannwischer | 23 February 2024, 03:11:58 UTC | eliminate / KYBER_Q that may result in variable time division This applies the patches from upstream to poly_compress and polyvec_compress See https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ | 23 February 2024, 03:29:50 UTC |
| f418bf6 | Matthias J. Kannwischer | 23 February 2024, 02:56:55 UTC | update M4 Kyber to be compatible with NIST Draft | 23 February 2024, 02:56:55 UTC |
| 5087fd8 | Matthias J. Kannwischer | 23 February 2024, 02:56:33 UTC | remove Kyber-90s; won't be standardized | 23 February 2024, 02:56:33 UTC |
| c839498 | Matthias J. Kannwischer | 23 February 2024, 02:55:57 UTC | update PQClean | 23 February 2024, 02:55:57 UTC |
| 62244ef | rpls | 24 January 2024, 11:30:45 UTC | Merge pull request #331 from mupq/haetae-fix Use fixed HAETAE reference | 24 January 2024, 11:30:45 UTC |
| a39a172 | Richard Petri | 24 January 2024, 11:29:33 UTC | Use fixed HAETAE reference | 24 January 2024, 11:29:33 UTC |
| 82f4e23 | Richard Petri | 20 January 2024, 22:39:05 UTC | Merge branch 'update-PERK-m4' improve compression for PERK short levels I and II #328 | 20 January 2024, 22:39:05 UTC |
| 4702ce9 | Marco Palumbi | 20 January 2024, 09:21:05 UTC | improve compression for short levels I and II | 20 January 2024, 09:21:05 UTC |
| ca8b4f3 | rpls | 19 January 2024, 14:03:07 UTC | Merge pull request #327 from mupq/tuov Add Tuov | 19 January 2024, 14:03:07 UTC |
| 1ccd61f | Richard Petri | 19 January 2024, 13:42:57 UTC | Exclude tuov from builds | 19 January 2024, 13:57:15 UTC |
| f514356 | Richard Petri | 19 January 2024, 13:36:36 UTC | Add Tuov | 19 January 2024, 13:36:36 UTC |
| bfd8248 | rpls | 18 January 2024, 12:22:15 UTC | Merge pull request #325 from mupq/mirith-fix Update for MiRitH | 18 January 2024, 12:22:15 UTC |
| a0dec92 | Richard Petri | 18 January 2024, 12:20:05 UTC | Use updated version of mirith, add embedded optimized version | 18 January 2024, 12:20:05 UTC |
| 54d8313 | Richard Petri | 16 January 2024, 22:34:10 UTC | Run only on push to master, and when PR review requested | 16 January 2024, 22:37:11 UTC |
| d2a8800 | Richard Petri | 16 January 2024, 21:36:40 UTC | Properly wrap missing libc functions and shut up linker warning | 16 January 2024, 22:37:11 UTC |
| dfc968a | rpls | 24 November 2023, 12:21:04 UTC | Update workflow dependencies | 16 January 2024, 22:37:11 UTC |
| 0a47489 | rpls | 03 November 2022, 22:00:33 UTC | Checkout submodules recursively | 16 January 2024, 22:37:11 UTC |
| ee2a6ea | rpls | 03 November 2022, 21:55:10 UTC | Add a github workflow | 16 January 2024, 22:37:11 UTC |
| b381da5 | Richard Petri | 16 January 2024, 21:06:29 UTC | Exclude all non-building schemes for cw308t-stm32f415 | 16 January 2024, 21:20:31 UTC |
| 5398081 | Richard Petri | 16 January 2024, 20:58:48 UTC | Merge branch 'master' of https://github.com/37eex9/pqm4 into cw308t-stm32f415 | 16 January 2024, 20:58:48 UTC |
| ff6b7ab | Richard Petri | 16 January 2024, 20:57:20 UTC | Merge remote-tracking branch 'origin/mirith' | 16 January 2024, 20:57:20 UTC |
| cf017cd | Richard Petri | 16 January 2024, 20:56:42 UTC | Merge remote-tracking branch 'origin/biscuit' | 16 January 2024, 20:56:42 UTC |
| 1c27aa0 | Richard Petri | 16 January 2024, 20:54:18 UTC | Add MEDS | 16 January 2024, 20:54:18 UTC |
| d93ba34 | Richard Petri | 16 January 2024, 19:41:35 UTC | Merge remote-tracking branch 'origin/aimer' into master | 16 January 2024, 19:41:35 UTC |
| de6b4d9 | Richard Petri | 16 January 2024, 18:06:55 UTC | Merge remote-tracking branch 'origin/sphinca' into sphincsa Add SPHINCS-alpha #312 | 16 January 2024, 18:06:55 UTC |
| 57bb7dc | Matthias J. Kannwischer | 15 January 2024, 13:19:53 UTC | update mupq | 15 January 2024, 13:19:53 UTC |
| a34a481 | Matthias J. Kannwischer | 12 January 2024, 14:46:55 UTC | add AIMer | 12 January 2024, 16:23:54 UTC |
| 8e64b0e | Richard Petri | 11 January 2024, 19:48:54 UTC | Merge remote-tracking branch 'origin/snova' | 11 January 2024, 19:48:54 UTC |
| fbebf44 | Richard Petri | 11 January 2024, 18:30:42 UTC | Remove old perk entries from skiplist Fixes #321 | 11 January 2024, 18:30:42 UTC |
| c3dbd50 | Matthias J. Kannwischer | 11 January 2024, 10:14:04 UTC | add skiplist entries for mqom | 11 January 2024, 18:22:33 UTC |
| 759389b | Richard Petri | 07 January 2024, 23:21:31 UTC | Add HAETAE to skiplist and update mupq | 07 January 2024, 23:21:31 UTC |
| 4ad3ef6 | Richard Petri | 07 January 2024, 23:08:59 UTC | Merge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae | 07 January 2024, 23:08:59 UTC |
| 1fa2eac | Richard Petri | 07 January 2024, 23:04:19 UTC | Add perk to skiplist and update mupq | 07 January 2024, 23:04:19 UTC |
| f376768 | Richard Petri | 07 January 2024, 22:28:47 UTC | Merge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m4 | 07 January 2024, 22:28:47 UTC |
| a7fe0c1 | Marco Palumbi | 05 January 2024, 18:19:56 UTC | use symbolic links whenever possible | 05 January 2024, 18:19:56 UTC |
| d98a162 | Matthias J. Kannwischer | 18 December 2023, 02:07:27 UTC | Update Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable. | 19 December 2023, 13:44:24 UTC |
| 4956a30 | Marco Palumbi | 07 December 2023, 13:17:04 UTC | fix ldscripts for the stm32f4discovery board | 07 December 2023, 13:17:04 UTC |
| d581941 | Marco Palumbi | 07 December 2023, 13:10:59 UTC | use fullram linker script with some version | 07 December 2023, 13:10:59 UTC |
| 8dc5cf5 | Marco Palumbi | 07 December 2023, 12:59:00 UTC | add PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/ | 07 December 2023, 13:06:08 UTC |
