Add fast, layer-merged forward and inverse NTT code.

Adjust and move proof files accordingly.

Signed-off-by: Rod Chapman <[email protected]>

Add support for NO_INLINE attribute and its
use with CBMC.

Signed-off-by: Rod Chapman <[email protected]>

Make top-level ntt_layer*() functions NO_INLINE
to improve comprehension and review of auto-vectorization
of this code.

Signed-off-by: Rod Chapman <[email protected]>

Add first two fast Invert NTT functions

Adds
  invntt_layer7_invert_inner()
  invntt_layer7_invert()

and their proof files.

Signed-off-by: Rod Chapman <[email protected]>

Remove dummy call to invntt_layer7_invert()

Signed-off-by: Rod Chapman <[email protected]>

Add Invert NTT Layer 6 functions.

Adds
  invntt_layer6_inner()
  invntt_layer6()
functions and their proof files.

Signed-off-by: Rod Chapman <[email protected]>

Simplify Zeta tables for layers 4 and 5.

Signed-off-by: Rod Chapman <[email protected]>

Adds Inverse NTT Layer54 (marged)

Adds functions
  invntt_layer54_inner()
  invntt_layer54()

and their proof files.

Signed-off-by: Rod Chapman <[email protected]>

Use new zeta constants in ntt_layer123()

Signed-off-by: Rod Chapman <[email protected]>

Adds first full implemenation of Inverse NTT with layer merging.

Adds function invntt_layer321() and its proof.

Updates top-level poly_invntt_tomont() to call new layer-merged implementation.

Renames existing implementation as poly_invntt_tomont_ref() for now.

Signed-off-by: Rod Chapman <[email protected]>

Update proof of poly_invntt_tomont()

Signed-off-by: Rod Chapman <[email protected]>

Remove reference implementation of poly_invntt_tomont()

Also removes local function invntt_layer()
and its proof.

Signed-off-by: Rod Chapman <[email protected]>

Switch to Z3 for these proofs, which is much faster than Bitwuzla.

Signed-off-by: Rod Chapman <[email protected]>

Switch back to Z3 for proof of ntt_layer123()

Signed-off-by: Rod Chapman <[email protected]>

Rename ntt_layer45_slice() to ntt_inner45_inner()

Signed-off-by: Rod Chapman <[email protected]>

Rename proof files

Signed-off-by: Rod Chapman <[email protected]>

Further renaming of ntt_layer45_slice() to ntt_layer45_inner()

Signed-off-by: Rod Chapman <[email protected]>

Rename *_slice() to *_inner() functions - phase 1

Signed-off-by: Rod Chapman <[email protected]>

Rename *_slice() functions to *_inner() - phase 2

Signed-off-by: Rod Chapman <[email protected]>

renaming *slioce() to *inner() - phase 3

Signed-off-by: Rod Chapman <[email protected]>

Display final 4 lines of logs/result.txt after make result

Signed-off-by: Rod Chapman <[email protected]>

Rename inner to butterfly for all internal ntt functions

Signed-off-by: Rod Chapman <[email protected]>

Rename harness function source files

Signed-off-by: Rod Chapman <[email protected]>

Adjust proof Makefiles and harnesses for renaming inner to butterfly

Signed-off-by: Rod Chapman <[email protected]>

Update Makefiles for function renaming

Signed-off-by: Rod Chapman <[email protected]>

Rename all inner functions to butterfly

Signed-off-by: Rod Chapman <[email protected]>

Replace literal 255 with (MLKEM_N - 1) throughout

Signed-off-by: Rod Chapman <[email protected]>

Move declaration of Zeta tables to be as close to their
point of first use as possible.

Add and adjust comments.

Signed-off-by: Rod Chapman <[email protected]>

Align and rename Zetas tables.

Signed-off-by: Rod Chapman <[email protected]>

Zetas tables are all declared with static scope

Signed-off-by: Rod Chapman <[email protected]>

Auto-generate Zeta tables for new layer-merged NTT

Signed-off-by: Rod Chapman <[email protected]>

This proof no longer needs zetas.c as a source file

Signed-off-by: Rod Chapman <[email protected]>

Move basemul_cached() function from ntt.[hc] to poly.c

It is now local, and static within poly.c, so is amenable
to inlining and auto-vectorization within that unit.

Signed-off-by: Rod Chapman <[email protected]>

Make basemul_cached() inline-able

Signed-off-by: Rod Chapman <[email protected]>

Add top-level explanatory comments

Signed-off-by: Rod Chapman <[email protected]>

Clarify and correct 1 typo in comment only.

Signed-off-by: Rod Chapman <[email protected]>

Move symlink from zetas.c to zetas.i

Signed-off-by: Rod Chapman <[email protected]>

Correct INVNTT_BOUND_REF for new implementation of Inverse NTT

Signed-off-by: Rod Chapman <[email protected]>

Add MLKEM_NAMESPACE to mlkem_layer7_zetas, since it is a global symbol

Signed-off-by: Rod Chapman <[email protected]>

Remove boilerplate comments from proof harness sources.

Signed-off-by: Rod Chapman <[email protected]>

Updates for namespacing of all static functions.

Signed-off-by: Rod Chapman <[email protected]>

Update this file following changes to other files

Signed-off-by: Rod Chapman <[email protected]>

Remove pc typedef and use int16_t r[MLKEM_N] instead throughout

Signed-off-by: Rod Chapman <[email protected]>

Adds namespacing to all static constant lookup tables.

In support of the monolithic build.

Signed-off-by: Rod Chapman <[email protected]>

Update auto-generates files following name-spacing of Zeta tables

Signed-off-by: Rod Chapman <[email protected]>

Remove declaration of basmul_cached() from ntt.h following rebase against PR 623

Signed-off-by: Rod Chapman <[email protected]>

Correct declaration of basemul_cached() to be static

Signed-off-by: Rod Chapman <[email protected]>

basemul_cached() is explicitly static, so does not also need MLKEM_NATIVE_INTERNAL_API

Signed-off-by: Rod Chapman <[email protected]>

remove sym link to zetas.c

Signed-off-by: Rod Chapman <[email protected]>

Add new symlink for zetas.i

Signed-off-by: Rod Chapman <[email protected]>

Add internal ct_butterfly() function and use it in ntt_layer123()

Same for other NTT layers and InvNTT is TBD.

Signed-off-by: Rod Chapman <[email protected]>

Update autogenerated file

Signed-off-by: Rod Chapman <[email protected]>

Update invariant and constants for exclusive array bounds checks.

Updates only ntt_layer123() for now to confirm effectiveness
of updates. Other functions will be updated once all is well.

Signed-off-by: Rod Chapman <[email protected]>

Update proofs for exclusive upper bound.

1. Upper bound of quantitied ranges is now exclusive
2. Upper bound of array element range constraint is now exclusive.

Signed-off-by: Rod Chapman <[email protected]>

Re-generate all auto-generated files after rebase

Signed-off-by: Rod Chapman <[email protected]>

Use inner ct_butterfly() function in all forward NTT functions.

Signed-off-by: Rod Chapman <[email protected]>

Updates for readability following review.

Introduces local gs_butterfly_reduce() and
gs_butterfly_defer() functions, which are inlined
for both compilation and proof, but significantly
simplify and improve readability of the calling
functions.

Signed-off-by: Rod Chapman <[email protected]>

Update auto-generated files after rebase

Signed-off-by: Rod Chapman <[email protected]>

Remove final STATIC_ASSERT() macro use

Signed-off-by: Rod Chapman <[email protected]>

Switch to unsigned type for loop index variables.

Signed-off-by: Rod Chapman <[email protected]>

Clarify comment on vectorization strategy

Signed-off-by: Rod Chapman <[email protected]>

Remove redundant proof files no longer needed on this branch.

Signed-off-by: Rod Chapman <[email protected]>

Correct use of BOUND() macro to debug_assert_abs_bound()

Signed-off-by: Rod Chapman <[email protected]>

Use "unsigned" where possible for zeta_index, start formal
parameters and loop index variables.

Drop redundant lower-bound for these objects in pre-conditions
and loop invariants.

Signed-off-by: Rod Chapman <[email protected]>

Correct bound pre-condition on basemul_cached()

Signed-off-by: Rod Chapman <[email protected]>

Update auto-generated files after rebase

Signed-off-by: Rod Chapman <[email protected]>

Correct new CPP directives following rebase

Signed-off-by: Rod Chapman <[email protected]>

Restore basemul_cached() in poly.c following rebase.

Signed-off-by: Rod Chapman <[email protected]>

Switches to use "unsigned" not "int" for all coefficient indexes.

Consistent with a similar change to the reference code on main branch.

Signed-off-by: Rod Chapman <[email protected]>

Author: rod-chapman

examples/bring_your_own_fips202/mlkem_native/zetas.c

@@ -0,0 +1 @@
+../../../mlkem/zetas.i

examples/bring_your_own_fips202/mlkem_native/zetas.i

@@ -0,0 +1 @@
+../../../../mlkem/zetas.i

examples/custom_backend/mlkem_native/mlkem/zetas.c

@@ -25,7 +25,6 @@
 #include "mlkem/polyvec.c"
 #include "mlkem/rej_uniform.c"
 #include "mlkem/verify.c"
-#include "mlkem/zetas.c"
 
 
 /*
@@ -1144,24 +1143,129 @@
 #undef KeccakF1600x4_StateXORBytes
 #endif
 
+/* mlkem/ntt.c */
+#if defined(MONT_F)
+#undef MONT_F
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND1)
+#undef NTT_BOUND1
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND2)
+#undef NTT_BOUND2
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND4)
+#undef NTT_BOUND4
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND6)
+#undef NTT_BOUND6
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND7)
+#undef NTT_BOUND7
+#endif
+
+/* mlkem/ntt.c */
+#if defined(NTT_BOUND8)
+#undef NTT_BOUND8
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ct_butterfly)
+#undef ct_butterfly
+#endif
+
 /* mlkem/ntt.c */
 #if defined(empty_cu_ntt)
 #undef empty_cu_ntt
 #endif
 
 /* mlkem/ntt.c */
-#if defined(invntt_layer)
-#undef invntt_layer
+#if defined(gs_butterfly_defer)
+#undef gs_butterfly_defer
+#endif
+
+/* mlkem/ntt.c */
+#if defined(gs_butterfly_reduce)
+#undef gs_butterfly_reduce
+#endif
+
+/* mlkem/ntt.c */
+#if defined(invntt_layer321)
+#undef invntt_layer321
+#endif
+
+/* mlkem/ntt.c */
+#if defined(invntt_layer54)
+#undef invntt_layer54
+#endif
+
+/* mlkem/ntt.c */
+#if defined(invntt_layer54_butterfly)
+#undef invntt_layer54_butterfly
+#endif
+
+/* mlkem/ntt.c */
+#if defined(invntt_layer6)
+#undef invntt_layer6
+#endif
+
+/* mlkem/ntt.c */
+#if defined(invntt_layer6_butterfly)
+#undef invntt_layer6_butterfly
 #endif
 
 /* mlkem/ntt.c */
-#if defined(ntt_butterfly_block)
-#undef ntt_butterfly_block
+#if defined(invntt_layer7_invert)
+#undef invntt_layer7_invert
 #endif
 
 /* mlkem/ntt.c */
-#if defined(ntt_layer)
-#undef ntt_layer
+#if defined(invntt_layer7_invert_butterfly)
+#undef invntt_layer7_invert_butterfly
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer123)
+#undef ntt_layer123
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer45)
+#undef ntt_layer45
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer45_butterfly)
+#undef ntt_layer45_butterfly
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer6)
+#undef ntt_layer6
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer6_butterfly)
+#undef ntt_layer6_butterfly
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer7)
+#undef ntt_layer7
+#endif
+
+/* mlkem/ntt.c */
+#if defined(ntt_layer7_butterfly)
+#undef ntt_layer7_butterfly
 #endif
 
 /* mlkem/ntt.h */
@@ -1170,8 +1274,8 @@
 #endif
 
 /* mlkem/ntt.h */
-#if defined(basemul_cached)
-#undef basemul_cached
+#if defined(layer7_zetas)
+#undef layer7_zetas
 #endif
 
 /* mlkem/ntt.h */
@@ -1184,9 +1288,9 @@
 #undef poly_ntt
 #endif
 
-/* mlkem/ntt.h */
-#if defined(zetas)
-#undef zetas
+/* mlkem/poly.c */
+#if defined(basemul_cached)
+#undef basemul_cached
 #endif
 
 /* mlkem/poly.c */
@@ -1544,6 +1648,11 @@
 #undef MLKEM_NATIVE_SYS_H
 #endif
 
+/* mlkem/sys.h */
+#if defined(NO_INLINE)
+#undef NO_INLINE
+#endif
+
 /* mlkem/sys.h */
 #if defined(RESTRICT)
 #undef RESTRICT
@@ -1654,9 +1763,4 @@
 #undef value_barrier_u8
 #endif
 
-/* mlkem/zetas.c */
-#if defined(empty_cu_zetas)
-#undef empty_cu_zetas
-#endif
-
 #endif /* MLKEM_NATIVE_MONOBUILD_KEEP_SHARED_HEADERS */