Skip to main content
https://github.com/mupq/pqm4
02 March 2025, 02:48:28 UTC
sort by:
RevisionAuthorDateMessageCommit Date
ec874b7 Matthias J. Kannwischer18 February 2025, 03:22:04 UTCbump pqclean18 February 2025, 03:22:04 UTC
f275f06 Matthias J. Kannwischer17 February 2025, 06:39:52 UTCbump pqclean17 February 2025, 06:39:52 UTC
a959691 Matthias J. Kannwischer14 February 2025, 11:11:02 UTCgcc14 errors: unsigned -> uint32_t14 February 2025, 11:12:21 UTC
68dff40 Richard Petri09 January 2025, 18:48:21 UTCUpdate libopencm314 February 2025, 07:26:23 UTC
677673d Richard Petri09 January 2025, 18:47:48 UTCUpdate to latest GNU ARM toolchain14 February 2025, 07:26:23 UTC
1a04a91 Matthias J. Kannwischer14 February 2025, 06:52:20 UTCMerge pull request #380 from mupq/faster-ml-dsa ML-DSA-44/87: Switch to mod 769 NTT instead of mod 257 FTT14 February 2025, 06:52:20 UTC
356c6f8 Matthias J. Kannwischer10 February 2025, 06:03:55 UTCupdate ML-DSA benchmarks10 February 2025, 06:03:55 UTC
147d170 Matthias J. Kannwischer10 February 2025, 05:02:53 UTCupdate skiplist10 February 2025, 05:02:53 UTC
271ca71 Matthias J. Kannwischer10 February 2025, 04:56:46 UTCML-DSA-44/87: Switch to mod 769 NTT instead of mod 257 FTT In https://tches.iacr.org/index.php/TCHES/article/view/11419 it was shown that Plantard-based NTTs mod 769 are faster than the 257 Fermat Number Transforms that we are currently using for ML-DSA-44+87. This commit switches to the mod 769 arthmetic for all parameter sets instead of only using it for ML-DSA-65. Files are in ML-DSA-44 and symlinked from 65 + 87. Stack-optimized implementations remain unaffected (they were using 769 before).10 February 2025, 04:56:46 UTC
5ef2ba7 Matthias J. Kannwischer04 February 2025, 07:30:35 UTCMerge pull request #378 from mupq/fndsa-hashing FN-DSA: Fix hash profiling04 February 2025, 07:30:35 UTC
e0e58e0 Matthias J. Kannwischer04 February 2025, 06:57:43 UTCRemove outdated falcon implementations from excluded_schemes on various target Got removed in https://github.com/mupq/pqm4/pull/37704 February 2025, 06:59:27 UTC
5a1586f Matthias J. Kannwischer04 February 2025, 06:57:01 UTCFN-DSA: Fix hash profiling04 February 2025, 06:59:27 UTC
34d92e5 Matthias J. Kannwischer03 February 2025, 04:30:55 UTCMerge pull request #377 from pornin/fndsa03 February 2025, 04:30:55 UTC
dfc3a75 Matthias J. Kannwischer03 February 2025, 03:45:23 UTCRemove outdated Falcon implementations Superseded by provisional FN-DSA https://github.com/mupq/pqm4/pull/37703 February 2025, 03:45:23 UTC
9443518 Matthias J. Kannwischer03 February 2025, 03:39:56 UTCupdate FN-DSA benchmarks03 February 2025, 03:39:56 UTC
cc60d10 Matthias J. Kannwischer03 February 2025, 03:14:01 UTCupdate skiplist03 February 2025, 03:14:01 UTC
75e3669 Matthias J. Kannwischer03 February 2025, 03:10:49 UTCupdate mupq03 February 2025, 03:10:49 UTC
fe2c0dc Thomas Pornin01 February 2025, 16:42:43 UTCAdded provisional FN-DSA implementation (2025-02-01, with ARM Cortex-M4F optimizations).01 February 2025, 16:42:43 UTC
393720d Matthias J. Kannwischer31 January 2025, 09:43:33 UTCMerge pull request #376 from dgazzoni/check-signature-verification-in-benchmarks Update mupq due to mupq PR #16131 January 2025, 09:43:33 UTC
48f2ffc Décio Luiz Gazzoni Filho31 January 2025, 07:15:02 UTCUpdate mupq31 January 2025, 07:15:02 UTC
49ce5be Matthias J. Kannwischer19 December 2024, 01:54:05 UTCfix typo in readme.19 December 2024, 01:54:05 UTC
fdf2b8b Matthias J. Kannwischer28 November 2024, 07:18:50 UTCMerge pull request #372 from mupq/remove-broken-symlinks Remove broken symlinks28 November 2024, 07:18:50 UTC
d702a74 Matthias J. Kannwischer28 November 2024, 05:21:42 UTCremove broken symlinks Fixes #370. Found with `find . -xtype l`28 November 2024, 05:51:50 UTC
f1a3a03 Matthias J. Kannwischer28 November 2024, 05:50:34 UTCMerge pull request #371 from mupq/fix-ml-kem Continuation of 'map to canonical' #36928 November 2024, 05:50:34 UTC
4af91da Matthias J. Kannwischer28 November 2024, 05:14:17 UTCadd ml-kem benchmarks28 November 2024, 05:19:20 UTC
4a98037 vincentvbh22 November 2024, 11:25:01 UTCmap to canonical28 November 2024, 05:16:35 UTC
40f33ea Amin Abdulrahman12 November 2024, 08:54:06 UTCFull ram for ml-dsa-87 on stm32f4discovery (#368)12 November 2024, 08:54:06 UTC
3200c9e Matthias J. Kannwischer31 October 2024, 08:26:08 UTCRemove eliminated schemes from NIST PQC digital signature competition (#365) * Remove eliminated schemes from NIST PQC digital signature competition NIST announced the second round candidates on October 24, 2024: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/khAfIZPktRE/m/bBZWmET-AAAJ Eliminated schemes (with implementations in mupq): - ascon-sign - biscuit - meds - sphinca-a - tuov None of those have dedicated implementations in pqm4. aimer and haetae also got eliminated, but remain candidates of KPQC (https://www.kpqc.or.kr/competition.html). Let's keep them around. * adjust README * update mupq * fix aimer skiplist31 October 2024, 08:26:08 UTC
229b36b Matthias J. Kannwischer31 October 2024, 06:45:47 UTCAdd AIMer benchmarks (#366) * Add AIMer implementations(m4speed, m4stack) for all NIST security levels * change aimer128f to symlinks * Symlinks updates for AIMer * update benchmarks * update skiplist --------- Co-authored-by: Sangyub Lee <kykypyza3724@gmail.com>31 October 2024, 06:45:47 UTC
47fd997 Sangyub Lee31 October 2024, 06:00:50 UTCAdd AIMer implementations(m4speed, m4stack) for all NIST security levels (#361) * Add AIMer implementations(m4speed, m4stack) for all NIST security levels * change aimer128f to symlinks * Symlinks updates for AIMer --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu>31 October 2024, 06:00:50 UTC
68e1ca7 Matthias J. Kannwischer22 October 2024, 09:15:12 UTCUpdate to FIPS204 and rename Dilithium to ML-DSA (#363) * update Dilithium to final FIPS204 and rename * Dilithium: update and rename m4f+m4fstack implementations * switch to mupq master after merging * ML-DSA: update benchmarks * update skiplist * fix compiler warnings22 October 2024, 09:15:12 UTC
7664995 Matthias J. Kannwischer15 October 2024, 02:53:08 UTCmove PR template in right place15 October 2024, 02:53:08 UTC
024f636 Matthias J. Kannwischer15 October 2024, 02:50:52 UTCCreate pull_request_template.md15 October 2024, 02:50:52 UTC
79a0ddf Matthias J. Kannwischer14 October 2024, 10:16:32 UTCUpdate Kyber to final FIPS203 and rename to ML-KEM (#362)14 October 2024, 10:16:32 UTC
8d44b72 Matthias J. Kannwischer13 August 2024, 00:06:44 UTCinit msg buffer in {speed,hashing}.c (#351)13 August 2024, 00:06:44 UTC
6554684 Matthias J. Kannwischer12 August 2024, 13:38:20 UTCUpdate AIMer implementations (#350) * add skiplist entries for new aimer implementations * remove old aimer benchmarks * add AIMer benchmarks * add missing aimer-128f benchmarks * track correct version of mupq12 August 2024, 13:38:20 UTC
7cead3c Matthias J. Kannwischer06 August 2024, 07:27:24 UTCAdd dependabot06 August 2024, 07:27:24 UTC
f2b698a Matthias J. Kannwischer06 August 2024, 07:21:58 UTCImprove Dilithium (speed) verification stack usage (#346) * Improve Dilithium (speed) verification stack usage Once upon a time, we wrote a paper on memory-efficient Dilithium [1] which included a speed-optimized version of verification that still included some memory optimizations that don't come at a performance penalty. Unfortunately with the update of the reference code to round 3 that version did not get migrated leading to some complaints about verification memory consumption. I finally found some time to port these. Verficication speed is essentially unchanged, but stack consumption is much better. [1] https://eprint.iacr.org/2020/1278.pdf * update benchmarks06 August 2024, 07:21:58 UTC
cda61fb Matthias J. Kannwischer03 July 2024, 03:02:34 UTCKyber: Fixed secret-dependent branch in poly_fromsg (#345) * Fixed secret-dependent branch in poly_fromsg * update mupq * update Kyber benchmarks * add missing prototype * extend skiplist * add Falcon benchmarks03 July 2024, 03:02:34 UTC
006a109 Amin Abdulrahman22 April 2024, 04:56:30 UTCSymlinks for dilithium m4fstack (#342)22 April 2024, 04:56:30 UTC
4584cfc Matthias J. Kannwischer16 April 2024, 01:24:06 UTCFix inlining of Kyber re-encryption (#339) * fix inlining of Kyber reencryption * update benchmarks16 April 2024, 01:24:06 UTC
149bfc7 Amin Abdulrahman16 April 2024, 01:00:42 UTCDilithium/ML-DSA Stack Optimizations (#340) * Init dilithium3 stack optimized variant * Start stack optimization [Passing] * Based on ideas from https://eprint.iacr.org/2022/323.pdf, based on code by Matthias J. Kannwischer * Sample A on-the-fly * Compressed c * Schoolbook mul for ct1 * Compress w * Eliminate z, y * Eliminate cp * Eliminate s1, s2 * Eliminate second poly needed for A*y * Note: Reverts poly_uniform_pointwise_montgomery_polywadd_stack to prior state * Inline sampling uniform and uniform_gamma1 * Inline hint generation * Inline polyw subtraction * Refactor decompose to high/lowbits * Inline Keccak state * Shared buffer for polynomials * rm 257 FFT * Union for small and big poly * Eliminate some smaller buffers * Remove asym small mul * Stack friendly uniform_gamma1 w/o add * Stack optimized Dilithium{2,5} * Switch to Plantard-based 769 NTT * First batch of stack opt for Verify * On-the-fly matrix generation * Schoolbook for ct1 * Challenge compression * On-the-fly unpacking for z, h * Compress w * rm tmp poly, subtract on wcomp * Verify Stack Optimizations * Stack friendly hint decoding * Eliminate second full poly * Remove K-loop from hint unpacking * rm buffers/unionize in Verify * Stack opt key pair * Minor clean up * Overlap buffers * Stack optimized challenge generation * Match 769 Plantard to m4f code * update skiplist * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu>16 April 2024, 01:00:42 UTC
9c2bc41 Huang Junhao15 April 2024, 07:30:22 UTCRevisiting Keccak and Dilithium Implementations on ARMv7-M (#338) * Use Plantard arithmetic for NTT_769 in Dilithium * rm old smallntt.S * update benchmarks --------- Co-authored-by: Matthias J. Kannwischer <matthias@kannwischer.eu>15 April 2024, 07:30:22 UTC
2c48508 Richard Petri27 March 2024, 14:10:26 UTCMerge pull request #337 from mupq/moreci More CI and add excluded schemes on all platforms27 March 2024, 14:10:26 UTC
4f5b5ce Richard Petri26 March 2024, 21:19:31 UTCMerge pull request #335 from mupq/duallicense Merge branch 'master' of github.com:mupq/pqm426 March 2024, 21:20:08 UTC
cc3481a Matthias J. Kannwischer26 March 2024, 21:09:22 UTCfix build for other platforms26 March 2024, 21:09:22 UTC
c33fab9 Matthias J. Kannwischer26 March 2024, 13:56:42 UTCfix nucleo-l476rg build26 March 2024, 13:56:42 UTC
c83565b Matthias J. Kannwischer26 March 2024, 13:42:01 UTCmore CI26 March 2024, 13:45:42 UTC
0c12777 Matthias J. Kannwischer26 March 2024, 13:32:23 UTCmore CI26 March 2024, 13:32:23 UTC
82c6d7a Matthias J. Kannwischer25 March 2024, 19:59:12 UTCadd uov to exluded schemes on nucleo_l446rg.mk25 March 2024, 19:59:12 UTC
5d0fe86 Matthias J. Kannwischer20 March 2024, 03:13:23 UTCAdds Apache-2.0 license in addition to CC0 To enable re-use in https://github.com/pq-code-package/mlkem-c-embedded. This is applied only to the sources of pqm4 itself that are to a vast degree written by the pqm4 maintainers. The scheme implementations plus symmetric primitives have other licenses.20 March 2024, 03:24:17 UTC
4b2fc60 Richard Petri19 March 2024, 12:35:18 UTCMerge pull request #333 from mupq/benchmarkupdate Update benchmarks and skiplist19 March 2024, 12:35:18 UTC
527e9d6 Richard Petri17 March 2024, 20:36:16 UTCUpdate benchmarks17 March 2024, 20:38:49 UTC
470917e Richard Petri17 March 2024, 20:38:08 UTCUpdate mupq17 March 2024, 20:38:49 UTC
b15618e Richard Petri27 February 2024, 20:55:55 UTCUpdate README.md to reflect the changes27 February 2024, 20:55:55 UTC
e698764 Richard Petri27 February 2024, 20:38:09 UTCUpdate skiplist.py27 February 2024, 20:38:09 UTC
e852f55 Richard Petri27 February 2024, 20:37:53 UTCUpdate mupq27 February 2024, 20:37:53 UTC
403c694 Richard Petri27 February 2024, 19:26:51 UTCMerge pull request #332 from mupq/nistdraftkyberdilithium NIST Draft version of Kyber and Dilithium; remove divisions by KYBER_Q27 February 2024, 19:26:51 UTC
c4fd63c Matthias J. Kannwischer23 February 2024, 07:51:58 UTCfix build on stm32f4discovery23 February 2024, 07:51:58 UTC
619a125 Matthias J. Kannwischer23 February 2024, 07:51:41 UTCinclude compat.h to allow SPHINCS+ to build23 February 2024, 07:51:41 UTC
0fa8f56 Matthias J. Kannwischer23 February 2024, 05:14:13 UTCDilithium compatibility with NIST draft23 February 2024, 07:50:49 UTC
edcf6f6 Matthias J. Kannwischer23 February 2024, 03:11:58 UTCeliminate / KYBER_Q that may result in variable time division This applies the patches from upstream to poly_compress and polyvec_compress See https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196 https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ23 February 2024, 03:29:50 UTC
f418bf6 Matthias J. Kannwischer23 February 2024, 02:56:55 UTCupdate M4 Kyber to be compatible with NIST Draft23 February 2024, 02:56:55 UTC
5087fd8 Matthias J. Kannwischer23 February 2024, 02:56:33 UTCremove Kyber-90s; won't be standardized23 February 2024, 02:56:33 UTC
c839498 Matthias J. Kannwischer23 February 2024, 02:55:57 UTCupdate PQClean23 February 2024, 02:55:57 UTC
62244ef rpls24 January 2024, 11:30:45 UTCMerge pull request #331 from mupq/haetae-fix Use fixed HAETAE reference24 January 2024, 11:30:45 UTC
a39a172 Richard Petri24 January 2024, 11:29:33 UTCUse fixed HAETAE reference24 January 2024, 11:29:33 UTC
82f4e23 Richard Petri20 January 2024, 22:39:05 UTCMerge branch 'update-PERK-m4' improve compression for PERK short levels I and II #32820 January 2024, 22:39:05 UTC
4702ce9 Marco Palumbi20 January 2024, 09:21:05 UTCimprove compression for short levels I and II20 January 2024, 09:21:05 UTC
ca8b4f3 rpls19 January 2024, 14:03:07 UTCMerge pull request #327 from mupq/tuov Add Tuov19 January 2024, 14:03:07 UTC
1ccd61f Richard Petri19 January 2024, 13:42:57 UTCExclude tuov from builds19 January 2024, 13:57:15 UTC
f514356 Richard Petri19 January 2024, 13:36:36 UTCAdd Tuov19 January 2024, 13:36:36 UTC
bfd8248 rpls18 January 2024, 12:22:15 UTCMerge pull request #325 from mupq/mirith-fix Update for MiRitH18 January 2024, 12:22:15 UTC
a0dec92 Richard Petri18 January 2024, 12:20:05 UTCUse updated version of mirith, add embedded optimized version18 January 2024, 12:20:05 UTC
54d8313 Richard Petri16 January 2024, 22:34:10 UTCRun only on push to master, and when PR review requested16 January 2024, 22:37:11 UTC
d2a8800 Richard Petri16 January 2024, 21:36:40 UTCProperly wrap missing libc functions and shut up linker warning16 January 2024, 22:37:11 UTC
dfc968a rpls24 November 2023, 12:21:04 UTCUpdate workflow dependencies16 January 2024, 22:37:11 UTC
0a47489 rpls03 November 2022, 22:00:33 UTCCheckout submodules recursively16 January 2024, 22:37:11 UTC
ee2a6ea rpls03 November 2022, 21:55:10 UTCAdd a github workflow16 January 2024, 22:37:11 UTC
b381da5 Richard Petri16 January 2024, 21:06:29 UTCExclude all non-building schemes for cw308t-stm32f41516 January 2024, 21:20:31 UTC
5398081 Richard Petri16 January 2024, 20:58:48 UTCMerge branch 'master' of https://github.com/37eex9/pqm4 into cw308t-stm32f41516 January 2024, 20:58:48 UTC
ff6b7ab Richard Petri16 January 2024, 20:57:20 UTCMerge remote-tracking branch 'origin/mirith'16 January 2024, 20:57:20 UTC
cf017cd Richard Petri16 January 2024, 20:56:42 UTCMerge remote-tracking branch 'origin/biscuit'16 January 2024, 20:56:42 UTC
1c27aa0 Richard Petri16 January 2024, 20:54:18 UTCAdd MEDS16 January 2024, 20:54:18 UTC
d93ba34 Richard Petri16 January 2024, 19:41:35 UTCMerge remote-tracking branch 'origin/aimer' into master16 January 2024, 19:41:35 UTC
de6b4d9 Richard Petri16 January 2024, 18:06:55 UTCMerge remote-tracking branch 'origin/sphinca' into sphincsa Add SPHINCS-alpha #31216 January 2024, 18:06:55 UTC
57bb7dc Matthias J. Kannwischer15 January 2024, 13:19:53 UTCupdate mupq15 January 2024, 13:19:53 UTC
a34a481 Matthias J. Kannwischer12 January 2024, 14:46:55 UTCadd AIMer12 January 2024, 16:23:54 UTC
8e64b0e Richard Petri11 January 2024, 19:48:54 UTCMerge remote-tracking branch 'origin/snova'11 January 2024, 19:48:54 UTC
fbebf44 Richard Petri11 January 2024, 18:30:42 UTCRemove old perk entries from skiplist Fixes #32111 January 2024, 18:30:42 UTC
c3dbd50 Matthias J. Kannwischer11 January 2024, 10:14:04 UTCadd skiplist entries for mqom11 January 2024, 18:22:33 UTC
759389b Richard Petri07 January 2024, 23:21:31 UTCAdd HAETAE to skiplist and update mupq07 January 2024, 23:21:31 UTC
4ad3ef6 Richard Petri07 January 2024, 23:08:59 UTCMerge branch 'haetae' of https://github.com/mmoeller23/pqm4 into mmoeller23-haetae07 January 2024, 23:08:59 UTC
1fa2eac Richard Petri07 January 2024, 23:04:19 UTCAdd perk to skiplist and update mupq07 January 2024, 23:04:19 UTC
f376768 Richard Petri07 January 2024, 22:28:47 UTCMerge branch 'add-PERK-m4' of https://github.com/marco-palumbi/pqm4 into marco-palumbi-add-PERK-m407 January 2024, 22:28:47 UTC
a7fe0c1 Marco Palumbi05 January 2024, 18:19:56 UTCuse symbolic links whenever possible05 January 2024, 18:19:56 UTC
d98a162 Matthias J. Kannwischer18 December 2023, 02:07:27 UTCUpdate Kyber poly_tomsg to fix timing leak (w/ -Os) This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable.19 December 2023, 13:44:24 UTC
4956a30 Marco Palumbi07 December 2023, 13:17:04 UTCfix ldscripts for the stm32f4discovery board07 December 2023, 13:17:04 UTC
d581941 Marco Palumbi07 December 2023, 13:10:59 UTCuse fullram linker script with some version07 December 2023, 13:10:59 UTC
8dc5cf5 Marco Palumbi07 December 2023, 12:59:00 UTCadd PERK for all NIST levels Implementation compliant with version v1.1 of 2023/10/16 https://pqc-perk.org/07 December 2023, 13:06:08 UTC
back to top