Skip to content

Commit 142be6c

Browse files
mkannwischerhanno-becker
mkannwischer
authored and
hanno-becker
committed
Refactor stream256 code to using xof256 naming
The poly_uniform_gamma1 function is the last one using the stream256 instead of the standard keccak APIs. This commit refactors it to be in-line with the batched implementation as well as the xof128 function. The initialization function is removed and inlined into poly_uniform_gamma1. The CBMC proof is adjusted accordingly. Signed-off-by: Matthias J. Kannwischer <[email protected]>
1 parent 52b12df commit 142be6c

File tree

6 files changed

+21
-100
lines changed

6 files changed

+21
-100
lines changed

mldsa/poly.c

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -554,10 +554,17 @@ void poly_uniform_gamma1(poly *a, const uint8_t seed[MLDSA_CRHBYTES],
554554
uint16_t nonce)
555555
{
556556
MLD_ALIGN uint8_t buf[POLY_UNIFORM_GAMMA1_NBLOCKS * STREAM256_BLOCKBYTES];
557-
stream256_state state;
557+
MLD_ALIGN uint8_t extseed[MLDSA_CRHBYTES + 2];
558+
mld_xof256_ctx state;
558559

559-
stream256_init(&state, seed, nonce);
560-
stream256_squeezeblocks(buf, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
560+
memcpy(extseed, seed, MLDSA_CRHBYTES);
561+
extseed[MLDSA_CRHBYTES] = nonce & 0xFF;
562+
extseed[MLDSA_CRHBYTES + 1] = nonce >> 8;
563+
564+
mld_xof256_init(&state);
565+
mld_xof256_absorb(&state, extseed, MLDSA_CRHBYTES + 2);
566+
567+
mld_xof256_squeezeblocks(buf, POLY_UNIFORM_GAMMA1_NBLOCKS, &state);
561568
polyz_unpack(a, buf);
562569
}
563570

mldsa/symmetric-shake.c

Lines changed: 0 additions & 23 deletions
This file was deleted.

mldsa/symmetric.h

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,16 @@ __contract__(
2727
#define STREAM128_BLOCKBYTES SHAKE128_RATE
2828
#define STREAM256_BLOCKBYTES SHAKE256_RATE
2929

30-
#define stream256_init(STATE, SEED, NONCE) \
31-
mldsa_shake256_stream_init(STATE, SEED, NONCE)
32-
#define stream256_squeezeblocks(OUT, OUTBLOCKS, STATE) \
30+
#define mld_xof256_ctx keccak_state
31+
#define mld_xof256_init(CTX) shake256_init(CTX)
32+
#define mld_xof256_absorb(CTX, IN, INBYTES) \
33+
do \
34+
{ \
35+
shake256_absorb(CTX, IN, INBYTES); \
36+
shake256_finalize(CTX); \
37+
} while (0)
38+
39+
#define mld_xof256_squeezeblocks(OUT, OUTBLOCKS, STATE) \
3340
shake256_squeezeblocks(OUT, OUTBLOCKS, STATE)
3441

3542
#define mld_xof128_ctx keccak_state

proofs/cbmc/mldsa_shake256_stream_init/Makefile

Lines changed: 0 additions & 56 deletions
This file was deleted.

proofs/cbmc/mldsa_shake256_stream_init/mldsa_shake256_stream_init_harness.c

Lines changed: 0 additions & 14 deletions
This file was deleted.

proofs/cbmc/poly_uniform_gamma1/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
2020
PROJECT_SOURCES += $(SRCDIR)/mldsa/poly.c
2121

2222
CHECK_FUNCTION_CONTRACTS=$(MLD_NAMESPACE)poly_uniform_gamma1
23-
USE_FUNCTION_CONTRACTS=$(MLD_NAMESPACE)mldsa_shake256_stream_init $(FIPS202_NAMESPACE)shake256_squeezeblocks $(MLD_NAMESPACE)polyz_unpack
23+
USE_FUNCTION_CONTRACTS=$(FIPS202_NAMESPACE)shake256_init $(FIPS202_NAMESPACE)shake256_absorb $(FIPS202_NAMESPACE)shake256_finalize $(FIPS202_NAMESPACE)shake256_squeezeblocks $(MLD_NAMESPACE)polyz_unpack
2424
APPLY_LOOP_CONTRACTS=on
2525
USE_DYNAMIC_FRAMES=1
2626

0 commit comments

Comments
 (0)