71f0daa | Richard Petri | 24 November 2023, 07:58:50 UTC | Add biscuit | 24 November 2023, 08:02:41 UTC |
d436546 | Richard Petri | 24 November 2023, 07:54:08 UTC | Merge remote-tracking branch 'origin/cross' | 24 November 2023, 07:54:08 UTC |
968fbef | Richard Petri | 24 November 2023, 07:51:35 UTC | Merge remote-tracking branch 'origin/asconsign' | 24 November 2023, 07:51:35 UTC |
f955de1 | Richard Petri | 24 November 2023, 07:49:22 UTC | Merge remote-tracking branch 'origin/perk' | 24 November 2023, 07:49:22 UTC |
111ea35 | Richard Petri | 24 November 2023, 07:48:02 UTC | Merge remote-tracking branch 'origin/hawk' | 24 November 2023, 07:48:02 UTC |
a35e15b | Richard Petri | 24 November 2023, 07:45:36 UTC | Merge remote-tracking branch 'origin/mayo' | 24 November 2023, 07:45:36 UTC |
ec5c844 | rpls | 15 November 2023, 15:56:12 UTC | Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq | 15 November 2023, 15:56:12 UTC |
f8fdca2 | Matthias J. Kannwischer | 14 November 2023, 07:54:37 UTC | use pqm4/mupq sha2 | 14 November 2023, 07:54:37 UTC |
179b50b | Matthias J. Kannwischer | 14 November 2023, 07:11:47 UTC | Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} | 14 November 2023, 07:11:47 UTC |
f638ce6 | Matthias J. Kannwischer | 13 November 2023, 09:06:08 UTC | Add ascon-sign{128,192}{s,f}-{simple,robust} | 13 November 2023, 09:06:08 UTC |
c96e268 | Matthias J. Kannwischer | 07 November 2023, 07:22:21 UTC | Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. | 07 November 2023, 09:09:48 UTC |
135cca9 | Richard Petri | 07 November 2023, 07:26:49 UTC | Update mupq | 07 November 2023, 07:26:49 UTC |
2b7d336 | Matthias J. Kannwischer | 07 November 2023, 06:08:55 UTC | Add hawk{256,512,1024} | 07 November 2023, 06:08:55 UTC |
420726a | Matthias J. Kannwischer | 07 November 2023, 02:17:41 UTC | update skiplist | 07 November 2023, 02:17:41 UTC |
6eb3b6c | Matthias J. Kannwischer | 06 November 2023, 06:36:04 UTC | revert unnecessary change in aes-publicinputs.h | 07 November 2023, 02:13:33 UTC |
19418dd | Matthias J. Kannwischer | 02 November 2023, 08:30:57 UTC | remove benchmarks | 07 November 2023, 02:13:26 UTC |
aed4973 | Matthias J. Kannwischer | 30 October 2023, 03:11:38 UTC | switch to low-RAM test for ov-Ip | 07 November 2023, 02:13:22 UTC |
22ea5d8 | Matthias J. Kannwischer | 27 October 2023, 09:47:59 UTC | add OV benchmarks | 07 November 2023, 02:13:12 UTC |
f20d2b4 | Matthias J. Kannwischer | 24 October 2023, 15:06:48 UTC | add skiplist entries for OV | 07 November 2023, 02:13:03 UTC |
6b7b698 | Matthias J. Kannwischer | 24 October 2023, 14:58:11 UTC | add LICENSEs to OV | 07 November 2023, 02:13:02 UTC |
c4aaa78 | Matthias J. Kannwischer | 24 October 2023, 14:42:48 UTC | add ov-Ip{,-pkc,-pkc-skc} m4f implementations | 07 November 2023, 02:12:29 UTC |
9c69acb | Matthias J. Kannwischer | 07 November 2023, 02:07:21 UTC | update skiplist | 07 November 2023, 02:07:21 UTC |
d969ad4 | Matthias J. Kannwischer | 25 October 2023, 12:35:41 UTC | add reference implementation of MAYO | 07 November 2023, 02:04:04 UTC |
8582f47 | rpls | 07 November 2023, 02:01:45 UTC | Implement new stack measurement HAL API (#304) * Implement new stack measurement HAL API * update mupq to current master --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 07 November 2023, 02:01:45 UTC |
e21677c | Matthias J. Kannwischer | 27 October 2023, 07:21:41 UTC | output something if testvectors pass | 27 October 2023, 07:21:41 UTC |
46511c7 | rpls | 24 October 2023, 03:47:25 UTC | Small overhaul of OpenCM3 code, rework Nucleo-L4R5ZI target a bit, and add CW308T-STM32F415 target (#259) * Only compile the specific libopencm3 library needed * Add experimental support for CW308T-STM32F415 * Shut up the linker errors * Shut up unused parameter warning * Fix Keccaktest bin generation * Update libopencm3 * Adapt to renamed constants * Compile the board test with fast and slow clock * Use wrapped symbols instead of overriding * Overhaul clocking for L4R5ZI board | 24 October 2023, 03:47:25 UTC |
d4b1f5f | Richard Petri | 22 October 2023, 14:47:38 UTC | Update mupq | 22 October 2023, 14:48:30 UTC |
662a62b | Matthias J. Kannwischer | 14 September 2023, 07:30:46 UTC | Merge pull request #257 from mupq/dsprenkels-patch-citing Add a notice about citing original papers | 14 September 2023, 07:30:46 UTC |
39df6c8 | Amber Sprenkels | 13 September 2023, 09:09:21 UTC | Update README.md | 13 September 2023, 09:09:21 UTC |
37cd04c | Richard Petri | 08 September 2023, 20:50:12 UTC | Add a simple Keccak test | 08 September 2023, 20:50:12 UTC |
b816ece | Richard Petri | 08 September 2023, 20:29:13 UTC | Merge pull request #254 from aadomn/update_keccak Update Keccak-f[1600] implementation for better performance | 08 September 2023, 20:46:27 UTC |
5c3cb35 | rpls | 08 September 2023, 20:22:05 UTC | Merge pull request #256 from JunhaoHuang/master Solve a bug in Kyber768 m4fspeed implementation | 08 September 2023, 20:22:05 UTC |
18fbd5e | Richard Petri | 08 September 2023, 20:04:54 UTC | Fix problem with secondary expansion for target specifc variable | 08 September 2023, 20:04:54 UTC |
bd950cf | Huang Junhao | 26 July 2023, 06:43:51 UTC | basemul_asm_acc_opt_32_32 add push r11 | 26 July 2023, 06:43:51 UTC |
91f3d88 | Alexandre Adomnicai | 26 May 2023, 19:05:28 UTC | Update Keccak-f[1600] implementation for better performance | 26 May 2023, 19:05:28 UTC |
a525417 | Matthias J. Kannwischer | 25 May 2023, 07:38:14 UTC | add aes-publicinputs for code on the host | 25 May 2023, 07:38:14 UTC |
1eeb74e | Matthias J. Kannwischer | 08 November 2022, 05:17:17 UTC | skip aarch64 implementations when building all schemes via make | 08 November 2022, 05:17:17 UTC |
918f379 | Matthias J. Kannwischer | 07 November 2022, 09:35:49 UTC | Remove schemes that are no longer under consideration by NIST (#238) * remove schemes that are no longer under consideration by NIST * bump pqclean to r4 * update mupq * update mupq * Remove SIKE SIKE got broken by https://eprint.iacr.org/2022/975 The SIKE team acknowledged it in https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/round-4/submissions/sike-team-note-insecure.pdf * Make falcon work with namespaced randombytes * bump pqclean once more * update benchmarks with Arm GNU Toolchain 11.3.Rel1 * add correct version of the compiler * clean up excluded schemes * Update README.md | 07 November 2022, 09:35:49 UTC |
3743a66 | Huang Junhao | 25 October 2022, 03:18:58 UTC | Improved Plantard Arithmetic for Lattice-based Cryptography (#244) * integrate improved Plantard arithmetic into Kyber * support m4fspeed and rename m4plantard to m4fstack * remove obj file * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 25 October 2022, 03:18:58 UTC |
f216cc2 | Amin Abdulrahman | 17 October 2022, 05:46:04 UTC | Add reductions to iNTT in stack optimized code for Kyber (#242) * Add reductions to iNTT in stack optimized code * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 17 October 2022, 05:46:04 UTC |
b78dc00 | Matthias J. Kannwischer | 27 September 2022, 06:43:59 UTC | more extensive aes tests and benchmarks | 27 September 2022, 06:43:59 UTC |
37e0fef | Matthias J. Kannwischer | 27 September 2022, 06:41:23 UTC | more extensive aes tests and benchmarks | 27 September 2022, 06:41:53 UTC |
685fbbb | Marco Palumbi | 26 September 2022, 03:42:03 UTC | Fix function call from assembly (#240) * change floating-point registers s(0-15) in s(16-31) in kyber matacc_asm.S matacc.i s(n) -> s(n+16) * change floating-point register s31 in s16 in kyberXXX-90s m4fspeed matacc_asm.S * consider floating-point registers clobbered calling kyber matacc_asm.S functions * save r12 register before calling C function in kyber matacc_asm.S and kyber matacc.i * amend the previous commit: fix the register Co-authored-by: Marco Palumbi <Marco.Palumbi@tii.ae> | 26 September 2022, 03:42:03 UTC |
059e024 | Matthias J. Kannwischer | 21 September 2022, 07:24:02 UTC | Add Richard Petri to citation | 21 September 2022, 07:24:02 UTC |
26f810d | rugo | 07 June 2022, 08:39:12 UTC | Fix alignment issues in Kyber (#236) * Add .vscode to gitignore * Add alignment to arrays used in Kyber to address #235 | 07 June 2022, 08:39:12 UTC |
0b50e72 | Amin Abdulrahman | 10 May 2022, 07:45:12 UTC | Use different FP registers, fix iNTT range (#234) * different fp registers, fix iNTT range * Remove redundant packing of signature component 'z' * benchmarks Co-authored-by: Alexandre Adomnicai <alex.adomnicai@gmail.com> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 10 May 2022, 07:45:12 UTC |
6182ab3 | Matthias J. Kannwischer | 23 March 2022, 04:18:34 UTC | Avoid overlapping .o and .S file names (#231) Some implementations in pqm4 use the same file names for .c and .S files, .e.g., poly.[cS} in kyber. pqm4 does not have a problem with that, but it has been brought to my attention that other projects relying on pqm4 can not correctly handle that. I renamed the .S files accordingly. | 23 March 2022, 04:18:34 UTC |
3bfbbfd | Amin Abdulrahman | 31 January 2022, 02:01:55 UTC | Faster Kyber and Dilithium (#221) * Faster Faster Kyber and Dilithium * benchmarks for kyber and dilithium * update skiplist * more dilithium benchmarks Co-authored-by: amin <amin@abdulrahman.de> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 31 January 2022, 02:01:55 UTC |
c37e541 | vincentvbh | 29 January 2022, 01:24:18 UTC | More readable and improved NTTs for NTRU (#219) * ntruhps2048509 * ntruhps2048677, ntruhrss701 * ntruhps4096821 * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 29 January 2022, 01:24:18 UTC |
2691b49 | Trista Li | 29 November 2021, 10:05:01 UTC | NTRU m4 polynomial inversion implementation for four parameter sets (#218) * NTRU m4 polynomial inversion implementation for four parameter sets * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 29 November 2021, 10:05:01 UTC |
82650eb | Matthias J. Kannwischer | 05 November 2021, 14:44:13 UTC | Avoid aux.S filename to please Windows. Fix #216 (#217) | 05 November 2021, 14:44:13 UTC |
e47864b | rpls | 01 October 2021, 16:16:12 UTC | Merge pull request #213 from mupq/picnic Add Picnic implementations from https://github.com/dkales/picnic_m4 | 01 October 2021, 16:16:12 UTC |
0dd7285 | Richard Petri | 01 October 2021, 16:15:28 UTC | Update mupq | 01 October 2021, 16:15:28 UTC |
0197728 | Matthias J. Kannwischer | 29 September 2021, 02:59:35 UTC | move opt-mem implementation from mupq to pqm4/pqm3 | 29 September 2021, 05:34:06 UTC |
9c7be01 | Matthias J. Kannwischer | 15 September 2021, 06:20:13 UTC | Fix #161. I wish people would just submit a patch to pqm4 instead of writing another paper about a bug that is well known... Anyway, I fixed this now... | 26 September 2021, 17:35:32 UTC |
8970d37 | Matthias J. Kannwischer | 22 September 2021, 09:09:56 UTC | Fix two bugs in Kyber Fixes two minor bugs in matacc. They did not actually result in wrong outputs. In the uniform sampling, we use 3 bytes to sample 2 coefficients. In case the sampled coefficient is too large, we throw it away. Once we sampled 256 coefficients it is possible that we still have one coefficient left which needs to be discarded. The check if we are at the end of a polynomial already was wrongly implemented by checking for ctr < KYBER_Q/4 rather than ctr < KYBER_N/4 in two places. Luckily, it has no effect in both cases. In the first, ctr = KYBER_N/4 implies k=0 and hence the the code does nothing. In the second, an additional Keccak squeeze is triggered, but the output is never used. | 26 September 2021, 17:25:47 UTC |
1442c6e | Matthias J. Kannwischer | 06 September 2021, 08:23:53 UTC | update mupq | 06 September 2021, 08:23:53 UTC |
33de42d | Matthias J. Kannwischer | 06 September 2021, 08:10:41 UTC | add benchmarks | 06 September 2021, 08:10:41 UTC |
bdb173a | Matthias J. Kannwischer | 03 September 2021, 06:49:00 UTC | add picnic | 03 September 2021, 06:49:00 UTC |
844e7ca | Matthias J. Kannwischer | 31 August 2021, 07:49:19 UTC | Use T-Table AES for public inputs in ntrulpr (again) (#212) * use publicinputs AES for ntrulpr * new benchmarks | 31 August 2021, 07:49:19 UTC |
34e5da0 | Richard Petri | 30 August 2021, 20:55:14 UTC | Merge branch 'rainbow' | 30 August 2021, 20:55:14 UTC |
0843a8e | Matthias J. Kannwischer | 12 August 2021, 10:16:34 UTC | automatically build binaries; Resolves #205 | 18 August 2021, 21:40:27 UTC |
b2c37fd | Matthias J. Kannwischer | 18 August 2021, 09:08:18 UTC | switch to symlinks for files that are shared | 18 August 2021, 09:08:18 UTC |
62d8710 | Matthias J. Kannwischer | 16 August 2021, 08:36:26 UTC | add rainbow to skiplist | 16 August 2021, 08:36:26 UTC |
4fee0f7 | Matthias J. Kannwischer | 16 August 2021, 08:32:42 UTC | add Rainbow implementations | 16 August 2021, 08:32:42 UTC |
b4c5d7a | vincentvbh | 13 August 2021, 08:19:16 UTC | fix Saber typings (#208) | 13 August 2021, 08:19:16 UTC |
a0e520d | vincentvbh | 13 August 2021, 02:14:47 UTC | Inclusion of speed optimized and stack optimized Saber from https://eprint.iacr.org/2021/995 (#206) * add saber * rm unused * update all * add all * saber * soft links * link all * benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 13 August 2021, 02:14:47 UTC |
9ff685e | dean3154 | 12 August 2021, 08:50:15 UTC | NTRU Prime m4 implementation for six parameter sets (#203) * NTRU Prime m4 implementation for six parameter sets * NTRU Prime m4 implementation for six parameter sets * delete .DS_Store * delete useless files & change to asm function [jump753divsteps.c] * update mupq to include ntruprime round 3 parameter sets * modified arith.h * delete useless comment * using stack memory instead of static memory * update mupq * fix buffer size * add basemul_8x8_156 * update skiplist * add benchmarks * eliminate more bss * update benchmarks for sntrup761 Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Co-authored-by: Trista Li <trista5658321@gmail.com> | 12 August 2021, 08:50:15 UTC |
0b3519d | rpls | 03 August 2021, 07:27:59 UTC | Add support for Nucleo-L4R5ZI board (#193) * Add an optional memory timing test to the boardtest.elf * Add support for the Nucleo-L4R5ZI board * Add a PQM4 preprocessor definition flag * Properly detect PQM4/MUPQ in bikel{1,3} sources * Include the nucleo-l4r5zi in the README * Update mupq | 03 August 2021, 07:27:59 UTC |
cf6f358 | Matthias J. Kannwischer | 30 July 2021, 06:14:50 UTC | Improve reliability of benchmarking scripts. (#190) On my Raspberry Pi I often ran into the problem that the Pi would miss the beginning of the serial output and then get stuck in an infinite loop trying to reflash again and again. By waiting a couple of hundred ms when starting up, this can be prevented. For me this heavily improved reliability. | 30 July 2021, 06:14:50 UTC |
bf8a921 | Matthias J. Kannwischer | 23 July 2021, 07:33:41 UTC | Update README.md Resolve #199 | 23 July 2021, 07:33:41 UTC |
dd629a2 | Matthias J. Kannwischer | 23 July 2021, 07:21:21 UTC | change licensing for Dilithium NTT (#201) Closes #198 | 23 July 2021, 07:21:21 UTC |
b4c013e | Matthias J. Kannwischer | 23 July 2021, 05:47:09 UTC | Fixes #195: Bug in ntrup761/ntrulpr761 decaps. (#200) | 23 July 2021, 05:47:09 UTC |
834a03d | Matthias J. Kannwischer | 24 June 2021, 11:25:18 UTC | Restore build_everything.py and add default uart (#194) The previous version of pqm4 had a build everything script that would spit out all the binaries. With the multiplatform pqm4, this is no longer needed. One can simply make -j4 PLATFORM=stm32f4discovery However, we currently still have a non-functional build_everything.py script sitting around. I've fixed it, but we could also remove it. Additionally, to allow users to simply run ./test.py, I added a default uart device "/dev/ttyUSB0". The old pqm4 also assumed that serial device. Right now pqm4 miserably fails without a --uart argument and a reasonable error message. | 24 June 2021, 11:25:18 UTC |
725badd | Matthias J. Kannwischer | 14 June 2021, 08:03:06 UTC | fix baudrate in manual hostside script | 14 June 2021, 08:03:06 UTC |
9075f55 | Matthias J. Kannwischer | 08 June 2021, 16:04:36 UTC | set default extraargs for stlink platform | 08 June 2021, 16:04:36 UTC |
12d5e56 | rpls | 06 June 2021, 20:12:45 UTC | Multiplatform support (#174) * Adapt the PQM3 Multiplatform & Scheme Discovery to PQM4 * Add HAL support for CW308T-STM32F3 * Adapt platform interfaces * Implement simplified platform running interface * Simplify chipwhisperer interface * Fix for systems without the GNU findutils * Add the mps2-an386 platform, which is also supported by QEMU * Speed up scheme search * Skip scheme list generation if IMPLEMENTATION_PATH is given * Optionally push all data/bss into the "flash" portion of the MPS2 The flash is actually just a RAM. The main purpose of the board here is stack testing and this will allow us to use all 4MB of the "ram" memory region for stack/heap. * Implement stack size querying * Don't capture stdin for QEMU platforms * Fix argument parsing for benchmarks * Add possibility to run QEMU benchmarks directly from make * Fix scheme list generation * Remove automatic call to git * Add some comments for the scheme finding mechanism * Add the possibility for scheme specific makefiles * Clean up makefiles * Generate a skiplist for each platform * Move reusable buildsystem and interface code to mupq * Move randombytes implementation to hal for testvector test * Make all-in-one compilation the default * Document the new platforms in the README.md * Update mupq * Add _sbrk wrapping to opencm3 * Update mupq * adjust pqm4 to run multiple iterations in a single binary * Always add LTO flag * Update mupq * Reorganize symmetric crypto sources * Include HAL and crypto sources in AIO compilation * Fix LTO compilation * Use existing linker script if present * Update mupq * Don't use the nano libc (worse performance) * Fix compilation for self-tests * Quick-fix build error for bikel1 on mps2-an386 platform * Update benchmarks * Use full ram for some frodokem schemes * Fix compilation on mps2-an386 platform * Update skip_list.py * switch to mupq master Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 06 June 2021, 20:12:45 UTC |
8274c41 | Matthias J. Kannwischer | 04 June 2021, 08:24:25 UTC | SPHINCS+ benchmarks (#192) | 04 June 2021, 08:24:25 UTC |
5ebac3b | Matthias J. Kannwischer | 30 May 2021, 02:05:04 UTC | Fix benchmarks.md | 30 May 2021, 02:05:04 UTC |
8f5b115 | Matthias J. Kannwischer | 25 May 2021, 08:20:13 UTC | Remove static buffers in NTRU (#191) * remove static from NTT buffers in NTRU * ntru benchmarks | 25 May 2021, 08:20:13 UTC |
65f12c6 | devillegna | 25 May 2021, 02:47:22 UTC | update bikel1/m4f and bikel3/m4f to ches2021 (#188) * update bikel[1,3]/m4f to ches2021 * updated bike in mupq * new bike benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 25 May 2021, 02:47:22 UTC |
175903d | Matthias J. Kannwischer | 24 May 2021, 03:45:55 UTC | Stack-optimized fips202 (#189) * stack-optimized fips202 * fips202stack benchmarks * switch to mupq master | 24 May 2021, 03:45:55 UTC |
bc2ecc9 | Matthias J. Kannwischer | 08 April 2021, 02:09:08 UTC | Update PQClean to include new SPHINCS+ parameter sets (#187) * update pqclean to include new SPHINCS+ parameter sets * add SPHINCS+ benchmarks * switch mupq to master | 08 April 2021, 02:09:08 UTC |
438ab82 | Matthias J. Kannwischer | 23 March 2021, 07:26:35 UTC | Update README to not reference obsolete schemes | 23 March 2021, 07:26:35 UTC |
17e43e5 | vincentvbh | 08 March 2021, 09:09:53 UTC | fix a bug with very low prabability (#185) | 08 March 2021, 09:09:53 UTC |
27c7089 | vincentvbh | 03 March 2021, 07:48:06 UTC | Merge implementation of Rader's trick of sntrup761 and ntrulpr761 from https://tches.iacr.org/index.php/TCHES/article/view/8733 (#184) * add Darwin option to host_unidirectional * rm everything about sntrup761 * sntrup761 success; ntrulpr failed * rm ntrulpr files from sntrup * add missing files for sntrup * add missing sntrup file * ntrulpr compilable but ERROR KEYS * we start with rm everything in ntrulpr * all files tested * rm unsued files * add soft liks * more soft links * more soft links * add NTRUPrime benchmarks * updated kem.c from NTRUPrime-PolyMul * another attempt at the ntrulpr benchmarks * slightly tweak the check for MacOS Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 03 March 2021, 07:48:06 UTC |
8a6fcf6 | Matthias J. Kannwischer | 18 February 2021, 06:55:29 UTC | Port Dilithium 3.1 changes to M4 implementation (#183) | 18 February 2021, 06:55:29 UTC |
992f0f2 | Michiel Van Beirendonck | 18 February 2021, 05:57:25 UTC | Stack optimizations and refactoring of NTT-based Saber (#181) * This is a large commit, grouping two types of changes on top of the NTT-based Saber. Firstly, this commit merges improvements between different Saber implementations. 1) For round 3, the Saber reference code was thoroughly refactored and the codebase reduced [https://github.com/KULeuven-COSIC/SABER]. These changes are now integrated into the m4 code. 2) All unnecessary modular reductions have been removed. The only modular reductions are now in the packing functions. 3) Packing/unpacking functions are simplified [PQClean, commit f8503cb]. 4) The secret-key is stored in compressed format [ia.cr/2020/268, Section 4.1]. This reduces the secret-key size, and the packing/unpacking functions are faster. (This requires a fix in pqm4’s testvectors.c, as the secret-key is checked against the one produced by PQclean). 5) During re-encryption, the verification of the ciphertext is performed in place [ia.cr/2020/268, Section 4.2]. 6) Use symlinks for Light/FireSaber to make (minimal) differences with Saber more clear. Secondly, this commit implements some optimizations and reduces the memory footprint of the NTT-based multiplication. 1) Saber does not require any modular reduction apart from bitstream packing. Elements can be kept in int16_t (central-reduced) format. 1.a) The secret-key is sign-extended from 4-bit to 16-bit when unpacked. 1.b) The vectors b and b' are sign-extended from 10-bit to 16-bit when unpacked. 1.c) 1.a and 1.b allow to remove NTT_pk (with central reduction) and use NTT (without central reduction) uniformly. 1.d) NTT_inv and NTT_inv_inner include a final step that converts from int16_t back to mod_p or mod_q. This is not necessary and removed. 2) During encryption, the NTT of s' is only computed once and reused between A*s' and b*s'. 3) Some just-in-time memory optimizations of [ia.cr/2018/682, Section 2.2] are implemented for the NTT-based multiplication. Polynomial vectors are generated from their seed just-in-time, converted to NTT domain, and pointwise multiplied. The next polynomial vectors can reuse all the buffers. The idea is to extend this from polynomial vectors to individual polynomials. This still requires a new my_mul function. For {Fire,Light}Saber (keygen/encaps/decaps) the resulting implementation is approximately (2.3-2.6%/4.7-5.5%/7.4-9.5%) faster and uses (27-36%/47-61%/49-62%) less dynamic memory than the current version in pqm4. * Add central reduction for matrix A * Add benchmarks * WIP : more memory-efficient NTT implementation * Make secret key compression optional and comment out non-stack-optimized (very slightly faster) functions * Reclaim ~1kB more stack space shake_out was SABER_POLYVECBYTES instead of only SABER_POLYBYTES. Introduced a few unions to overlap memory. * rm redundant files * clean ups; add soft links * Reclaim ~1kB more stack space shake_out was SABER_POLYVECBYTES instead of only SABER_POLYBYTES. Introduced a few unions to overlap memory. * typo * Noinline no longer needed without fast funcs * add benchmarks Co-authored-by: vincentvbh <b05902122@ntu.edu.tw> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 18 February 2021, 05:57:25 UTC |
5fb6938 | devillegna | 18 February 2021, 05:11:19 UTC | BIKE submission for PQM4 (#175) * submission for PQM4 * re-org implementations * use C version cshift() temporarily * 1. fix incorrect key-gen for arm-none-eabi-gcc ver.10.2.1 2. remove usage of CCM for bikel1 * rip out openssl; always default to sha and aes shipped in mupq * remove usage of CCM in all implementations * move BIKE reference implementations to mupq * skip bikel3 for now * add BIKE benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 18 February 2021, 05:11:19 UTC |
4fc31d7 | Victor | 01 February 2021, 07:14:30 UTC | Udpated dilithium round2 to dilithium round 3 from NIST PQC Standariz… (#178) * Udpated dilithium round2 to dilithium round 3 from NIST PQC Standarization process. * update dilithium in pqclean * redo Dilithium benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> | 01 February 2021, 09:31:36 UTC |
20bcf68 | Matthias J. Kannwischer | 22 January 2021, 03:17:01 UTC | remove debugging artifact | 22 January 2021, 03:17:01 UTC |
6841a6b | Matthias J. Kannwischer | 04 January 2021, 02:41:56 UTC | Constant-time AES (https://eprint.iacr.org/2020/1123) (#173) * switch to fixsliced AES * tweak kyber-90s to use t-table AES for public inputs * update kyber-90s benchmarks with fixsliced AES * use t-tabe AES in Frodo for public matrix A * make ntrulpr work with fixsliced AES * update fixsliced AES from upstream * update performance of kyber-90s, ntrulpr, and hqc with new fixsliced AES * update AES information in README * rename _leaktime to _publicinputs * switch to mupq master; simply change include order | 04 January 2021, 02:41:56 UTC |
157e271 | Matthias J. Kannwischer | 09 December 2020, 20:02:30 UTC | Update PQClean (#172) * Updated sampling of uniform matrix of Kyber to round-3 tweaked approach * Integrated changes to noise sampling in Kyber512 * Updated links in kyber512-90s/m4 to use round-3 noise generation of kyber512/m4 * source ntruprime from pqclean * https://github.com/PQClean/PQClean/pull/324 * add HQC benchmarks. Closes #57 * Port https://github.com/PQClean/PQClean/pull/337 This ports a fix from upstream. This does not change performance by more than a few cycles. For details see https://github.com/jschanck/ntru/commit/e0ab9525f1797dcff875c67f08f56db03f3c7deb * Port https://github.com/PQClean/PQClean/pull/341 Fixes a typo in sample.c in PQClean which was also present in the pqm4 implementations. This changes testvectors, but not performance. * https://github.com/PQClean/PQClean/pull/348 * https://github.com/PQClean/PQClean/pull/340 * https://github.com/PQClean/PQClean/pull/350 * https://github.com/PQClean/PQClean/pull/361 * https://github.com/PQClean/PQClean/pull/349 Co-authored-by: Peter Schwabe <peter@cryptojedi.org> | 09 December 2020, 20:02:30 UTC |
3fd51a9 | Matthias J. Kannwischer | 08 December 2020, 16:16:49 UTC | Save memory space on stack measurement for signatures (#171) | 08 December 2020, 16:16:49 UTC |
34d6ed0 | Ko- | 20 November 2020, 19:51:38 UTC | Clarify pyserial installation instructions (#169) Fixes #168 | 20 November 2020, 19:51:38 UTC |
68007db | Matthias J. Kannwischer | 18 November 2020, 11:34:45 UTC | NTT-based multiplication for Saber and NTRU (#167) * add new Saber and NTRU code * add benchmarks | 18 November 2020, 11:34:45 UTC |
f7a99d8 | Matthias J. Kannwischer | 27 October 2020, 13:01:44 UTC | fix ntruprime implementation for old gcc versions (#165) Some older gcc versions complain about mov.w with constants being too large. changing those to movw fixes this. | 27 October 2020, 13:01:44 UTC |
a912d1c | Daan Sprenkels | 19 October 2020, 10:56:53 UTC | Merge pull request #163 from mupq/dilithiumm4 Faster and smaller Dilithium | 19 October 2020, 10:56:53 UTC |
4178be9 | Matthias J. Kannwischer | 19 October 2020, 10:42:30 UTC | dilithium benchmarks | 19 October 2020, 10:42:30 UTC |
8c23cf3 | Matthias J. Kannwischer | 19 October 2020, 08:28:14 UTC | Add speed and stack optimized implementations from https://eprint.iacr.org/2020/1278.pdf See https://github.com/dilithium-cortexm/dilithium-cortexm | 19 October 2020, 08:28:14 UTC |