https://github.com/mupq/pqm4

sort by:
Revision Author Date Message Commit Date
71f0daa Add biscuit 24 November 2023, 08:02:41 UTC
d436546 Merge remote-tracking branch 'origin/cross' 24 November 2023, 07:54:08 UTC
968fbef Merge remote-tracking branch 'origin/asconsign' 24 November 2023, 07:51:35 UTC
f955de1 Merge remote-tracking branch 'origin/perk' 24 November 2023, 07:49:22 UTC
111ea35 Merge remote-tracking branch 'origin/hawk' 24 November 2023, 07:48:02 UTC
a35e15b Merge remote-tracking branch 'origin/mayo' 24 November 2023, 07:45:36 UTC
ec5c844 Add progress bar support (#307) * Add progress bar support * Raise exit-code if tests fail * Update mupq * Add forgotten import * Update mupq 15 November 2023, 15:56:12 UTC
f8fdca2 use pqm4/mupq sha2 14 November 2023, 07:54:37 UTC
179b50b Add cross-{sha2,sha3}-r-sdp{,g}-{1,3,5}-{small,fast} 14 November 2023, 07:11:47 UTC
f638ce6 Add ascon-sign{128,192}{s,f}-{simple,robust} 13 November 2023, 09:06:08 UTC
c96e268 Add perk perk-128-fast-{3,5} should be able to run on the 640 KB RAM board. The perk-{192,256}-short-* are out of reach even with 4 MB RAM in qemu, so I did not include those. The remaining ones run in 4 MB RAM, but won't run on the board. 07 November 2023, 09:09:48 UTC
135cca9 Update mupq 07 November 2023, 07:26:49 UTC
2b7d336 Add hawk{256,512,1024} 07 November 2023, 06:08:55 UTC
420726a update skiplist 07 November 2023, 02:17:41 UTC
6eb3b6c revert unnecessary change in aes-publicinputs.h 07 November 2023, 02:13:33 UTC
19418dd remove benchmarks 07 November 2023, 02:13:26 UTC
aed4973 switch to low-RAM test for ov-Ip 07 November 2023, 02:13:22 UTC
22ea5d8 add OV benchmarks 07 November 2023, 02:13:12 UTC
f20d2b4 add skiplist entries for OV 07 November 2023, 02:13:03 UTC
6b7b698 add LICENSEs to OV 07 November 2023, 02:13:02 UTC
c4aaa78 add ov-Ip{,-pkc,-pkc-skc} m4f implementations 07 November 2023, 02:12:29 UTC
9c69acb update skiplist 07 November 2023, 02:07:21 UTC
d969ad4 add reference implementation of MAYO 07 November 2023, 02:04:04 UTC
8582f47 Implement new stack measurement HAL API (#304) * Implement new stack measurement HAL API * update mupq to current master --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 07 November 2023, 02:01:45 UTC
e21677c output something if testvectors pass 27 October 2023, 07:21:41 UTC
46511c7 Small overhaul of OpenCM3 code, rework Nucleo-L4R5ZI target a bit, and add CW308T-STM32F415 target (#259) * Only compile the specific libopencm3 library needed * Add experimental support for CW308T-STM32F415 * Shut up the linker errors * Shut up unused parameter warning * Fix Keccaktest bin generation * Update libopencm3 * Adapt to renamed constants * Compile the board test with fast and slow clock * Use wrapped symbols instead of overriding * Overhaul clocking for L4R5ZI board 24 October 2023, 03:47:25 UTC
d4b1f5f Update mupq 22 October 2023, 14:48:30 UTC
662a62b Merge pull request #257 from mupq/dsprenkels-patch-citing Add a notice about citing original papers 14 September 2023, 07:30:46 UTC
39df6c8 Update README.md 13 September 2023, 09:09:21 UTC
37cd04c Add a simple Keccak test 08 September 2023, 20:50:12 UTC
b816ece Merge pull request #254 from aadomn/update_keccak Update Keccak-f[1600] implementation for better performance 08 September 2023, 20:46:27 UTC
5c3cb35 Merge pull request #256 from JunhaoHuang/master Solve a bug in Kyber768 m4fspeed implementation 08 September 2023, 20:22:05 UTC
18fbd5e Fix problem with secondary expansion for target specifc variable 08 September 2023, 20:04:54 UTC
bd950cf basemul_asm_acc_opt_32_32 add push r11 26 July 2023, 06:43:51 UTC
91f3d88 Update Keccak-f[1600] implementation for better performance 26 May 2023, 19:05:28 UTC
a525417 add aes-publicinputs for code on the host 25 May 2023, 07:38:14 UTC
1eeb74e skip aarch64 implementations when building all schemes via make 08 November 2022, 05:17:17 UTC
918f379 Remove schemes that are no longer under consideration by NIST (#238) * remove schemes that are no longer under consideration by NIST * bump pqclean to r4 * update mupq * update mupq * Remove SIKE SIKE got broken by https://eprint.iacr.org/2022/975 The SIKE team acknowledged it in https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/round-4/submissions/sike-team-note-insecure.pdf * Make falcon work with namespaced randombytes * bump pqclean once more * update benchmarks with Arm GNU Toolchain 11.3.Rel1 * add correct version of the compiler * clean up excluded schemes * Update README.md 07 November 2022, 09:35:49 UTC
3743a66 Improved Plantard Arithmetic for Lattice-based Cryptography (#244) * integrate improved Plantard arithmetic into Kyber * support m4fspeed and rename m4plantard to m4fstack * remove obj file * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 25 October 2022, 03:18:58 UTC
f216cc2 Add reductions to iNTT in stack optimized code for Kyber (#242) * Add reductions to iNTT in stack optimized code * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 17 October 2022, 05:46:04 UTC
b78dc00 more extensive aes tests and benchmarks 27 September 2022, 06:43:59 UTC
37e0fef more extensive aes tests and benchmarks 27 September 2022, 06:41:53 UTC
685fbbb Fix function call from assembly (#240) * change floating-point registers s(0-15) in s(16-31) in kyber matacc_asm.S matacc.i s(n) -> s(n+16) * change floating-point register s31 in s16 in kyberXXX-90s m4fspeed matacc_asm.S * consider floating-point registers clobbered calling kyber matacc_asm.S functions * save r12 register before calling C function in kyber matacc_asm.S and kyber matacc.i * amend the previous commit: fix the register Co-authored-by: Marco Palumbi <Marco.Palumbi@tii.ae> 26 September 2022, 03:42:03 UTC
059e024 Add Richard Petri to citation 21 September 2022, 07:24:02 UTC
26f810d Fix alignment issues in Kyber (#236) * Add .vscode to gitignore * Add alignment to arrays used in Kyber to address #235 07 June 2022, 08:39:12 UTC
0b50e72 Use different FP registers, fix iNTT range (#234) * different fp registers, fix iNTT range * Remove redundant packing of signature component 'z' * benchmarks Co-authored-by: Alexandre Adomnicai <alex.adomnicai@gmail.com> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 10 May 2022, 07:45:12 UTC
6182ab3 Avoid overlapping .o and .S file names (#231) Some implementations in pqm4 use the same file names for .c and .S files, .e.g., poly.[cS} in kyber. pqm4 does not have a problem with that, but it has been brought to my attention that other projects relying on pqm4 can not correctly handle that. I renamed the .S files accordingly. 23 March 2022, 04:18:34 UTC
3bfbbfd Faster Kyber and Dilithium (#221) * Faster Faster Kyber and Dilithium * benchmarks for kyber and dilithium * update skiplist * more dilithium benchmarks Co-authored-by: amin <amin@abdulrahman.de> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 31 January 2022, 02:01:55 UTC
c37e541 More readable and improved NTTs for NTRU (#219) * ntruhps2048509 * ntruhps2048677, ntruhrss701 * ntruhps4096821 * update benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 29 January 2022, 01:24:18 UTC
2691b49 NTRU m4 polynomial inversion implementation for four parameter sets (#218) * NTRU m4 polynomial inversion implementation for four parameter sets * add benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 29 November 2021, 10:05:01 UTC
82650eb Avoid aux.S filename to please Windows. Fix #216 (#217) 05 November 2021, 14:44:13 UTC
e47864b Merge pull request #213 from mupq/picnic Add Picnic implementations from https://github.com/dkales/picnic_m4 01 October 2021, 16:16:12 UTC
0dd7285 Update mupq 01 October 2021, 16:15:28 UTC
0197728 move opt-mem implementation from mupq to pqm4/pqm3 29 September 2021, 05:34:06 UTC
9c7be01 Fix #161. I wish people would just submit a patch to pqm4 instead of writing another paper about a bug that is well known... Anyway, I fixed this now... 26 September 2021, 17:35:32 UTC
8970d37 Fix two bugs in Kyber Fixes two minor bugs in matacc. They did not actually result in wrong outputs. In the uniform sampling, we use 3 bytes to sample 2 coefficients. In case the sampled coefficient is too large, we throw it away. Once we sampled 256 coefficients it is possible that we still have one coefficient left which needs to be discarded. The check if we are at the end of a polynomial already was wrongly implemented by checking for ctr < KYBER_Q/4 rather than ctr < KYBER_N/4 in two places. Luckily, it has no effect in both cases. In the first, ctr = KYBER_N/4 implies k=0 and hence the the code does nothing. In the second, an additional Keccak squeeze is triggered, but the output is never used. 26 September 2021, 17:25:47 UTC
1442c6e update mupq 06 September 2021, 08:23:53 UTC
33de42d add benchmarks 06 September 2021, 08:10:41 UTC
bdb173a add picnic 03 September 2021, 06:49:00 UTC
844e7ca Use T-Table AES for public inputs in ntrulpr (again) (#212) * use publicinputs AES for ntrulpr * new benchmarks 31 August 2021, 07:49:19 UTC
34e5da0 Merge branch 'rainbow' 30 August 2021, 20:55:14 UTC
0843a8e automatically build binaries; Resolves #205 18 August 2021, 21:40:27 UTC
b2c37fd switch to symlinks for files that are shared 18 August 2021, 09:08:18 UTC
62d8710 add rainbow to skiplist 16 August 2021, 08:36:26 UTC
4fee0f7 add Rainbow implementations 16 August 2021, 08:32:42 UTC
b4c5d7a fix Saber typings (#208) 13 August 2021, 08:19:16 UTC
a0e520d Inclusion of speed optimized and stack optimized Saber from https://eprint.iacr.org/2021/995 (#206) * add saber * rm unused * update all * add all * saber * soft links * link all * benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 13 August 2021, 02:14:47 UTC
9ff685e NTRU Prime m4 implementation for six parameter sets (#203) * NTRU Prime m4 implementation for six parameter sets * NTRU Prime m4 implementation for six parameter sets * delete .DS_Store * delete useless files & change to asm function [jump753divsteps.c] * update mupq to include ntruprime round 3 parameter sets * modified arith.h * delete useless comment * using stack memory instead of static memory * update mupq * fix buffer size * add basemul_8x8_156 * update skiplist * add benchmarks * eliminate more bss * update benchmarks for sntrup761 Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> Co-authored-by: Trista Li <trista5658321@gmail.com> 12 August 2021, 08:50:15 UTC
0b3519d Add support for Nucleo-L4R5ZI board (#193) * Add an optional memory timing test to the boardtest.elf * Add support for the Nucleo-L4R5ZI board * Add a PQM4 preprocessor definition flag * Properly detect PQM4/MUPQ in bikel{1,3} sources * Include the nucleo-l4r5zi in the README * Update mupq 03 August 2021, 07:27:59 UTC
cf6f358 Improve reliability of benchmarking scripts. (#190) On my Raspberry Pi I often ran into the problem that the Pi would miss the beginning of the serial output and then get stuck in an infinite loop trying to reflash again and again. By waiting a couple of hundred ms when starting up, this can be prevented. For me this heavily improved reliability. 30 July 2021, 06:14:50 UTC
bf8a921 Update README.md Resolve #199 23 July 2021, 07:33:41 UTC
dd629a2 change licensing for Dilithium NTT (#201) Closes #198 23 July 2021, 07:21:21 UTC
b4c013e Fixes #195: Bug in ntrup761/ntrulpr761 decaps. (#200) 23 July 2021, 05:47:09 UTC
834a03d Restore build_everything.py and add default uart (#194) The previous version of pqm4 had a build everything script that would spit out all the binaries. With the multiplatform pqm4, this is no longer needed. One can simply make -j4 PLATFORM=stm32f4discovery However, we currently still have a non-functional build_everything.py script sitting around. I've fixed it, but we could also remove it. Additionally, to allow users to simply run ./test.py, I added a default uart device "/dev/ttyUSB0". The old pqm4 also assumed that serial device. Right now pqm4 miserably fails without a --uart argument and a reasonable error message. 24 June 2021, 11:25:18 UTC
725badd fix baudrate in manual hostside script 14 June 2021, 08:03:06 UTC
9075f55 set default extraargs for stlink platform 08 June 2021, 16:04:36 UTC
12d5e56 Multiplatform support (#174) * Adapt the PQM3 Multiplatform & Scheme Discovery to PQM4 * Add HAL support for CW308T-STM32F3 * Adapt platform interfaces * Implement simplified platform running interface * Simplify chipwhisperer interface * Fix for systems without the GNU findutils * Add the mps2-an386 platform, which is also supported by QEMU * Speed up scheme search * Skip scheme list generation if IMPLEMENTATION_PATH is given * Optionally push all data/bss into the "flash" portion of the MPS2 The flash is actually just a RAM. The main purpose of the board here is stack testing and this will allow us to use all 4MB of the "ram" memory region for stack/heap. * Implement stack size querying * Don't capture stdin for QEMU platforms * Fix argument parsing for benchmarks * Add possibility to run QEMU benchmarks directly from make * Fix scheme list generation * Remove automatic call to git * Add some comments for the scheme finding mechanism * Add the possibility for scheme specific makefiles * Clean up makefiles * Generate a skiplist for each platform * Move reusable buildsystem and interface code to mupq * Move randombytes implementation to hal for testvector test * Make all-in-one compilation the default * Document the new platforms in the README.md * Update mupq * Add _sbrk wrapping to opencm3 * Update mupq * adjust pqm4 to run multiple iterations in a single binary * Always add LTO flag * Update mupq * Reorganize symmetric crypto sources * Include HAL and crypto sources in AIO compilation * Fix LTO compilation * Use existing linker script if present * Update mupq * Don't use the nano libc (worse performance) * Fix compilation for self-tests * Quick-fix build error for bikel1 on mps2-an386 platform * Update benchmarks * Use full ram for some frodokem schemes * Fix compilation on mps2-an386 platform * Update skip_list.py * switch to mupq master Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 06 June 2021, 20:12:45 UTC
8274c41 SPHINCS+ benchmarks (#192) 04 June 2021, 08:24:25 UTC
5ebac3b Fix benchmarks.md 30 May 2021, 02:05:04 UTC
8f5b115 Remove static buffers in NTRU (#191) * remove static from NTT buffers in NTRU * ntru benchmarks 25 May 2021, 08:20:13 UTC
65f12c6 update bikel1/m4f and bikel3/m4f to ches2021 (#188) * update bikel[1,3]/m4f to ches2021 * updated bike in mupq * new bike benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 25 May 2021, 02:47:22 UTC
175903d Stack-optimized fips202 (#189) * stack-optimized fips202 * fips202stack benchmarks * switch to mupq master 24 May 2021, 03:45:55 UTC
bc2ecc9 Update PQClean to include new SPHINCS+ parameter sets (#187) * update pqclean to include new SPHINCS+ parameter sets * add SPHINCS+ benchmarks * switch mupq to master 08 April 2021, 02:09:08 UTC
438ab82 Update README to not reference obsolete schemes 23 March 2021, 07:26:35 UTC
17e43e5 fix a bug with very low prabability (#185) 08 March 2021, 09:09:53 UTC
27c7089 Merge implementation of Rader's trick of sntrup761 and ntrulpr761 from https://tches.iacr.org/index.php/TCHES/article/view/8733 (#184) * add Darwin option to host_unidirectional * rm everything about sntrup761 * sntrup761 success; ntrulpr failed * rm ntrulpr files from sntrup * add missing files for sntrup * add missing sntrup file * ntrulpr compilable but ERROR KEYS * we start with rm everything in ntrulpr * all files tested * rm unsued files * add soft liks * more soft links * more soft links * add NTRUPrime benchmarks * updated kem.c from NTRUPrime-PolyMul * another attempt at the ntrulpr benchmarks * slightly tweak the check for MacOS Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 03 March 2021, 07:48:06 UTC
8a6fcf6 Port Dilithium 3.1 changes to M4 implementation (#183) 18 February 2021, 06:55:29 UTC
992f0f2 Stack optimizations and refactoring of NTT-based Saber (#181) * This is a large commit, grouping two types of changes on top of the NTT-based Saber. Firstly, this commit merges improvements between different Saber implementations. 1) For round 3, the Saber reference code was thoroughly refactored and the codebase reduced [https://github.com/KULeuven-COSIC/SABER]. These changes are now integrated into the m4 code. 2) All unnecessary modular reductions have been removed. The only modular reductions are now in the packing functions. 3) Packing/unpacking functions are simplified [PQClean, commit f8503cb]. 4) The secret-key is stored in compressed format [ia.cr/2020/268, Section 4.1]. This reduces the secret-key size, and the packing/unpacking functions are faster. (This requires a fix in pqm4’s testvectors.c, as the secret-key is checked against the one produced by PQclean). 5) During re-encryption, the verification of the ciphertext is performed in place [ia.cr/2020/268, Section 4.2]. 6) Use symlinks for Light/FireSaber to make (minimal) differences with Saber more clear. Secondly, this commit implements some optimizations and reduces the memory footprint of the NTT-based multiplication. 1) Saber does not require any modular reduction apart from bitstream packing. Elements can be kept in int16_t (central-reduced) format. 1.a) The secret-key is sign-extended from 4-bit to 16-bit when unpacked. 1.b) The vectors b and b' are sign-extended from 10-bit to 16-bit when unpacked. 1.c) 1.a and 1.b allow to remove NTT_pk (with central reduction) and use NTT (without central reduction) uniformly. 1.d) NTT_inv and NTT_inv_inner include a final step that converts from int16_t back to mod_p or mod_q. This is not necessary and removed. 2) During encryption, the NTT of s' is only computed once and reused between A*s' and b*s'. 3) Some just-in-time memory optimizations of [ia.cr/2018/682, Section 2.2] are implemented for the NTT-based multiplication. Polynomial vectors are generated from their seed just-in-time, converted to NTT domain, and pointwise multiplied. The next polynomial vectors can reuse all the buffers. The idea is to extend this from polynomial vectors to individual polynomials. This still requires a new my_mul function. For {Fire,Light}Saber (keygen/encaps/decaps) the resulting implementation is approximately (2.3-2.6%/4.7-5.5%/7.4-9.5%) faster and uses (27-36%/47-61%/49-62%) less dynamic memory than the current version in pqm4. * Add central reduction for matrix A * Add benchmarks * WIP : more memory-efficient NTT implementation * Make secret key compression optional and comment out non-stack-optimized (very slightly faster) functions * Reclaim ~1kB more stack space shake_out was SABER_POLYVECBYTES instead of only SABER_POLYBYTES. Introduced a few unions to overlap memory. * rm redundant files * clean ups; add soft links * Reclaim ~1kB more stack space shake_out was SABER_POLYVECBYTES instead of only SABER_POLYBYTES. Introduced a few unions to overlap memory. * typo * Noinline no longer needed without fast funcs * add benchmarks Co-authored-by: vincentvbh <b05902122@ntu.edu.tw> Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 18 February 2021, 05:57:25 UTC
5fb6938 BIKE submission for PQM4 (#175) * submission for PQM4 * re-org implementations * use C version cshift() temporarily * 1. fix incorrect key-gen for arm-none-eabi-gcc ver.10.2.1 2. remove usage of CCM for bikel1 * rip out openssl; always default to sha and aes shipped in mupq * remove usage of CCM in all implementations * move BIKE reference implementations to mupq * skip bikel3 for now * add BIKE benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 18 February 2021, 05:11:19 UTC
4fc31d7 Udpated dilithium round2 to dilithium round 3 from NIST PQC Standariz… (#178) * Udpated dilithium round2 to dilithium round 3 from NIST PQC Standarization process. * update dilithium in pqclean * redo Dilithium benchmarks Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu> 01 February 2021, 09:31:36 UTC
20bcf68 remove debugging artifact 22 January 2021, 03:17:01 UTC
6841a6b Constant-time AES (https://eprint.iacr.org/2020/1123) (#173) * switch to fixsliced AES * tweak kyber-90s to use t-table AES for public inputs * update kyber-90s benchmarks with fixsliced AES * use t-tabe AES in Frodo for public matrix A * make ntrulpr work with fixsliced AES * update fixsliced AES from upstream * update performance of kyber-90s, ntrulpr, and hqc with new fixsliced AES * update AES information in README * rename _leaktime to _publicinputs * switch to mupq master; simply change include order 04 January 2021, 02:41:56 UTC
157e271 Update PQClean (#172) * Updated sampling of uniform matrix of Kyber to round-3 tweaked approach * Integrated changes to noise sampling in Kyber512 * Updated links in kyber512-90s/m4 to use round-3 noise generation of kyber512/m4 * source ntruprime from pqclean * https://github.com/PQClean/PQClean/pull/324 * add HQC benchmarks. Closes #57 * Port https://github.com/PQClean/PQClean/pull/337 This ports a fix from upstream. This does not change performance by more than a few cycles. For details see https://github.com/jschanck/ntru/commit/e0ab9525f1797dcff875c67f08f56db03f3c7deb * Port https://github.com/PQClean/PQClean/pull/341 Fixes a typo in sample.c in PQClean which was also present in the pqm4 implementations. This changes testvectors, but not performance. * https://github.com/PQClean/PQClean/pull/348 * https://github.com/PQClean/PQClean/pull/340 * https://github.com/PQClean/PQClean/pull/350 * https://github.com/PQClean/PQClean/pull/361 * https://github.com/PQClean/PQClean/pull/349 Co-authored-by: Peter Schwabe <peter@cryptojedi.org> 09 December 2020, 20:02:30 UTC
3fd51a9 Save memory space on stack measurement for signatures (#171) 08 December 2020, 16:16:49 UTC
34d6ed0 Clarify pyserial installation instructions (#169) Fixes #168 20 November 2020, 19:51:38 UTC
68007db NTT-based multiplication for Saber and NTRU (#167) * add new Saber and NTRU code * add benchmarks 18 November 2020, 11:34:45 UTC
f7a99d8 fix ntruprime implementation for old gcc versions (#165) Some older gcc versions complain about mov.w with constants being too large. changing those to movw fixes this. 27 October 2020, 13:01:44 UTC
a912d1c Merge pull request #163 from mupq/dilithiumm4 Faster and smaller Dilithium 19 October 2020, 10:56:53 UTC
4178be9 dilithium benchmarks 19 October 2020, 10:42:30 UTC
8c23cf3 Add speed and stack optimized implementations from https://eprint.iacr.org/2020/1278.pdf See https://github.com/dilithium-cortexm/dilithium-cortexm 19 October 2020, 08:28:14 UTC
back to top