Skip to content

Commit 8ec11a9

Browse files
mbbarbosa-lecturesmbbarbosa-lectures
committed
lane
1 parent 7e8ea02 commit 8ec11a9

File tree

1 file changed

+47
-7
lines changed

1 file changed

+47
-7
lines changed

proof/correctness/avx2/MLKEM_InnerPKE_avx2.ec

Lines changed: 47 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ import WArray512 WArray256.
3030

3131
(* shake assumptions *)
3232

33-
33+
(*
3434
op SHAKE256_ABSORB4x_33 : W8.t Array33.t -> W8.t Array33.t -> W8.t Array33.t -> W8.t Array33.t -> W256.t Array25.t.
3535
op SHAKE256_SQUEEZENBLOCKS4x : W256.t Array25.t -> W256.t Array25.t * W8.t Array136.t * W8.t Array136.t * W8.t Array136.t * W8.t Array136.t.
3636

@@ -1266,7 +1266,7 @@ by smt(unpackvK).
12661266
qed.
12671267

12681268
(***************************************************)
1269-
1269+
*)
12701270

12711271
import WArray960 WArray1536 Array4.
12721272

@@ -1562,7 +1562,7 @@ proc __poly_reduce(rp : W16.t Array256.t) : W16.t Array256.t = {
15621562

15631563

15641564
}.
1565-
1565+
(*
15661566
lemma compress10_equiv_avx2mem _ctp _mem :
15671567
equiv [ AuxPolyVecCompress10.avx2_orig ~ AuxPolyVecCompress10.avx2 :
15681568
={bp} /\ ctp{1} = _ctp /\ Glob.mem{1} = _mem /\ valid_ptr (to_uint ctp{1}) (128 + 3 * 320) ==>
@@ -1746,7 +1746,7 @@ qed.
17461746

17471747
(*****************************************************************)
17481748

1749-
1749+
*)
17501750
require import Bindings.
17511751
(* BINDINGS *)
17521752

@@ -1836,9 +1836,50 @@ op sliceset960_8_32 (arr: W8.t Array960.t) (i: int) (bv: W32.t) : W8.t Array960.
18361836
bind op [W8.t & W32.t & Array960.t] sliceset960_8_32 "asliceset".
18371837
realize bvaslicesetP by admit.
18381838

1839-
op lane (w: W16.t) = w.
1839+
(*
1840+
1841+
op compress_alt_large (c : coeff) : int =
1842+
(asint c * 2 ^ 10 + (q + 1) %/ 2) * (W32.modulus %/ q) %/ W32.modulus %% 2 ^ 10.
1843+
1844+
op BREDC(a bits : int) =
1845+
let t = smod (a * (2^bits %/ q + 1)) (R^2) %/ 2^bits * q in
1846+
smod (a %% R + (-t) %% R) R. *)
1847+
1848+
theory W10.
1849+
abbrev [-printing] size = 10.
1850+
clone include BitWordSH with op size <- size
1851+
rename "_XX" as "_10"
1852+
proof gt0_size by done,
1853+
size_le_256 by done.
1854+
1855+
end W10. export W10 W10.ALU W10.SHIFT.
1856+
1857+
bind bitstring W10.w2bits W10.bits2w W10.to_uint W10.to_sint W10.of_int W10.t 10.
1858+
realize size_tolist by auto.
1859+
realize tolistP by auto.
1860+
realize oflistP by admit.
1861+
realize ofintP by admit.
1862+
realize touintP by admit.
1863+
realize tosintP by admit.
1864+
1865+
op sliceget_10_64 (bw: W64.t) (i: int) : W10.t = W10.bits2w (W64.w2bits bw).
1866+
1867+
op lane_func_compress10(x : W16.t) : W10.t = sliceget_10_64 (
1868+
(((W4u16.zeroextu64 x) `<<` W8.of_int 10) + W64.of_int 1665) * (W64.of_int 1290167) `>>` W8.of_int 32) 0.
1869+
1870+
op lane_func_reduce(c : W16.t) : W16.t =
1871+
let c32 = sigextu32 c in
1872+
let u = c32 * W32.of_int 4076929024 (* (62209 `<<` 16) *) in
1873+
let u = u `|>>` W8.of_int 16 in
1874+
let t = u * W32.of_int 4294963967 (* (-3329) *) in
1875+
let t = t + c32 in
1876+
let t = t `|>>` W8.of_int 16 in
1877+
truncateu16 t.
1878+
1879+
op lane_polyvec_redcomp10(w : W16.t) : W10.t = lane_func_compress10 (lane_func_reduce w).
18401880
op pcond (w: W16.t) = true.
18411881

1882+
18421883
lemma blah (_bp : W16.t Array768.t) : hoare [ AuxPolyVecCompress10.avx2 : true ==> false].
18431884
proof.
18441885
proc.
@@ -1874,8 +1915,7 @@ cfold 38.
18741915
unroll for 39.
18751916
cfold 38. unroll for 24. cfold 23.
18761917
unroll for 16. cfold 15. unroll for 8. cfold 7.
1877-
admit. (*
1878-
bdep 16 16 [_bp] [bp] [ap] lane pcond.
1918+
bdep 16 10 [_bp] [bp] [ap] lane_polyvec_redcomp10 pcond.
18791919

18801920
print get256_direct.
18811921
*)

0 commit comments

Comments
 (0)