From 9f8e772fdd30a5efa757a0262b36bb8f40409515 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Thu, 30 Jan 2025 15:28:56 +0100 Subject: [PATCH] Update F* output with latest hax (after merging new naming). --- .../extraction/Libcrux_ml_dsa.Arithmetic.fst | 4 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Constants.fst | 4 +- .../extraction/Libcrux_ml_dsa.Constants.fsti | 4 +- .../extraction/Libcrux_ml_dsa.Encoding.T1.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T1.fsti | 4 +- ...generic.Instantiations.Avx2.Ml_dsa_44_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_44_.fsti | 12 +- ...generic.Instantiations.Avx2.Ml_dsa_65_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_65_.fsti | 12 +- ...generic.Instantiations.Avx2.Ml_dsa_87_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_87_.fsti | 12 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst | 4 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst | 4 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst | 4 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 8 +- .../Libcrux_ml_dsa.Samplex4.Avx2.fst | 4 +- .../Libcrux_ml_dsa.Samplex4.Avx2.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst | 6 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti | 2 +- ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst | 8 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti | 8 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 12 +- ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti | 16 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti | 24 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst | 64 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti | 24 +- ...md.Avx2.Rejection_sample.Less_than_eta.fst | 4 +- ...jection_sample.Less_than_field_modulus.fst | 6 +- ...ection_sample.Less_than_field_modulus.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst | 16 +- ...ibcrux_ml_dsa.Simd.Portable.Arithmetic.fst | 19 +- ...bcrux_ml_dsa.Simd.Portable.Arithmetic.fsti | 6 +- ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst | 51 +- ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti | 8 +- ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst | 34 +- ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti | 16 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T0.fst | 16 +- ...crux_ml_dsa.Simd.Portable.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fsti | 20 +- .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti | 20 +- .../Libcrux_ml_dsa.Simd.Portable.fst | 16 +- .../Libcrux_ml_dsa.Simd.Traits.fsti | 24 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 14 +- .../Libcrux_ml_kem.Hash_functions.fsti | 4 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 22 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 58 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 36 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 10 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 12 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 4 +- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 6 +- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 6 +- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fsti | 20 +- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 6 +- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 6 +- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem512.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem512.Rand.fsti | 20 +- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 6 +- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 6 +- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem768.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem768.Rand.fsti | 20 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 22 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 8 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 4 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 4 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 6 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 12 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 28 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 12 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 234 ++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 64 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 56 +- .../Libcrux_ml_kem.Vector.Neon.Arithmetic.fst | 79 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fst | 99 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 205 +++-- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 144 +-- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 12 +- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 56 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 63 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 22 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 866 +++++++++--------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 118 +-- .../Libcrux_ml_kem.Vector.Portable.fst | 56 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 98 +- 100 files changed, 1628 insertions(+), 1620 deletions(-) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst index 7f5e53e48..ab9aeae13 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst @@ -435,7 +435,7 @@ let make_hint let hax_temp_output:usize = true_hints in hint, hax_temp_output <: (t_Slice (t_Array i32 (mk_usize 256)) & usize) -let use_hint +let uuse_hint (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -493,7 +493,7 @@ let use_hint Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp .Libcrux_ml_dsa.Polynomial.f_simd_units j - (Libcrux_ml_dsa.Simd.Traits.f_use_hint #v_SIMDUnit + (Libcrux_ml_dsa.Simd.Traits.f_uuse_hint #v_SIMDUnit #FStar.Tactics.Typeclasses.solve gamma2 ((re_vector.[ i ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti index b3a6bbd17..549389404 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti @@ -55,7 +55,7 @@ val make_hint (hint: t_Slice (t_Array i32 (mk_usize 256))) : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) -val use_hint +val uuse_hint (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (gamma2: i32) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst index afd911f5b..7614b3bc7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst @@ -5,8 +5,8 @@ open FStar.Mul let t_Eta_cast_to_repr (x: t_Eta) = match x <: t_Eta with - | Eta_Two -> discriminant_Eta_Two - | Eta_Four -> discriminant_Eta_Four + | Eta_Two -> anon_const_Eta_Two__anon_const_0 + | Eta_Four -> anon_const_Eta_Four__anon_const_0 [@@ FStar.Tactics.Typeclasses.tcinstance] assume diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti index ecad79cfa..f2dae7aaa 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti @@ -48,9 +48,9 @@ type t_Eta = | Eta_Two : t_Eta | Eta_Four : t_Eta -let discriminant_Eta_Two: isize = mk_isize 2 +let anon_const_Eta_Two__anon_const_0: isize = mk_isize 2 -let discriminant_Eta_Four: isize = mk_isize 4 +let anon_const_Eta_Four__anon_const_0: isize = mk_isize 4 val t_Eta_cast_to_repr (x: t_Eta) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst index e157d9c43..4c68a6edf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst @@ -31,10 +31,10 @@ let serialize let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_start = i *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -42,10 +42,10 @@ let serialize #FStar.Tactics.Typeclasses.solve simd_unit (serialized.[ { - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_start = i *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -90,10 +90,10 @@ let deserialize (Libcrux_ml_dsa.Simd.Traits.f_t1_deserialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = i *! deserialize__WINDOW <: usize; + Core.Ops.Range.f_start = i *! deserialize__v_WINDOW <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! deserialize__WINDOW <: usize + (i +! mk_usize 1 <: usize) *! deserialize__v_WINDOW <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti index a7147ff3b..242d7ce5d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 +let serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 val serialize (#v_SIMDUnit: Type0) @@ -18,7 +18,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__WINDOW: usize = mk_usize 10 +let deserialize__v_WINDOW: usize = mk_usize 10 val deserialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst index cb9afcb00..b8ef9f0be 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti index cfeaf068f..4570122ac 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst index 79e93f4d6..f832213b3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti index d9f007b05..8b009c73a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst index 87019dfe9..eb38f0f1a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti index 330b40dca..44a9e3b94 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst index 7d85c0b7d..c9487a205 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst index e6ac00e9f..cd6ec9f14 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst index e1d512805..52308bce9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index 0e2c1f538..33a30d3f7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -236,7 +236,7 @@ let sample_up_to_four_ring_elements_flat usize & v_Shake128 & t_Slice (t_Array i32 (mk_usize 263))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & bool & @@ -689,7 +689,7 @@ let sample_four_error_ring_elements usize & usize & v_Shake256) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state:(bool & bool & bool & @@ -1199,7 +1199,7 @@ let sample_challenge_ring_element let state:v_Shake256 = tmp0 in let randomness:t_Array u8 (mk_usize 136) = out in let signs:u64 = - Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) + Core.Num.impl_u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 (mk_usize 8)) @@ -1237,7 +1237,7 @@ let sample_challenge_ring_element let done:bool = out in let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst index acdc5dacc..900a055a6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst @@ -11,7 +11,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let matrix_flat__inner +let f_matrix_flat__inner (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -69,7 +69,7 @@ let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler = (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) -> let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - matrix_flat__inner #v_SIMDUnit columns seed matrix + f_matrix_flat__inner #v_SIMDUnit columns seed matrix in matrix } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti index d13a7340b..fe5c98390 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti @@ -13,7 +13,7 @@ let _ = type t_AVX2Sampler = | AVX2Sampler : t_AVX2Sampler -val matrix_flat__inner +val f_matrix_flat__inner (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (columns: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst index 9d41081b7..81e2c55c3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst @@ -308,7 +308,7 @@ let compute_hint (hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let minus_gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Core.Ops.Arith.Neg.neg gamma2 <: i32) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Core.Ops.Arith.f_neg gamma2 <: i32) in let gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 gamma2 @@ -342,10 +342,10 @@ let compute_hint <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let hax_temp_output:usize = cast (Core.Num.impl__i32__count_ones hints_mask <: u32) <: usize in + let hax_temp_output:usize = cast (Core.Num.impl_i32__count_ones hints_mask <: u32) <: usize in hint, hax_temp_output <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & usize) -let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +let uuse_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let r0, r1:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 (), Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti index 65e34cad0..eb8e72ec9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti @@ -47,5 +47,5 @@ val compute_hint Prims.l_True (fun _ -> Prims.l_True) -val use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) +val uuse_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst index 570034fde..1e9b636bf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst @@ -7,7 +7,7 @@ let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 - serialize_when_eta_is_2___ETA + serialize_when_eta_is_2___v_ETA <: Libcrux_intrinsics.Avx2_extract.t_Vec256) simd_unit @@ -104,7 +104,7 @@ let serialize_when_eta_is_4_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 - serialize_when_eta_is_4___ETA + serialize_when_eta_is_4___v_ETA <: Libcrux_intrinsics.Avx2_extract.t_Vec256) simd_unit @@ -228,7 +228,7 @@ let deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_2___v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -266,7 +266,7 @@ let deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_4___v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti index 78eee7f4d..8da7febe5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti @@ -3,12 +3,12 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let serialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let serialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -19,13 +19,13 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK: i32 = +let deserialize_to_unsigned_when_eta_is_2___v_COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) -let deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK: i32 = +let deserialize_to_unsigned_when_eta_is_4___v_COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst index 31b3de391..0db4b386d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst @@ -171,7 +171,7 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 in let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti index 85afbf850..1b4efdd4b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti @@ -6,7 +6,7 @@ open FStar.Mul val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst index 6775d3204..85e93122c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst @@ -726,7 +726,7 @@ let invert_ntt_montgomery__inv_inner <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - invert_ntt_montgomery__inv_inner__FACTOR + invert_ntt_montgomery__inv_inner__v_FACTOR <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti index c3139588e..9cd18f258 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Invntt open Core open FStar.Mul -let invert_ntt_montgomery__inv_inner__FACTOR: i32 = mk_i32 41978 +let invert_ntt_montgomery__inv_inner__v_FACTOR: i32 = mk_i32 41978 val simd_unit_invert_ntt_at_layer_0_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -12,7 +12,7 @@ val simd_unit_invert_ntt_at_layer_0_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 ) Prims.l_True (fun _ -> Prims.l_True) -let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = mk_i32 216 +let simd_unit_invert_ntt_at_layer_0___v_SHUFFLE: i32 = mk_i32 216 val simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -80,36 +80,36 @@ val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_V Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 +let invert_ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let invert_ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 +let invert_ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let invert_ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 +let invert_ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let invert_ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 +let invert_ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let invert_ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) @@ -127,6 +127,6 @@ val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 +let invert_ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let invert_ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst index e6843e2d6..e0b14d6c5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst @@ -584,7 +584,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -592,7 +592,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -600,7 +600,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -608,7 +608,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -617,7 +617,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -625,7 +625,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -633,7 +633,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -641,7 +641,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -650,7 +650,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -658,7 +658,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 1 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -666,7 +666,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 2 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -674,7 +674,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 3 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -683,7 +683,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -691,7 +691,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 1 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -699,7 +699,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 2 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -707,7 +707,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 3 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -716,7 +716,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -724,7 +724,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -732,7 +732,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -740,7 +740,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -749,7 +749,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -757,7 +757,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -765,7 +765,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -773,7 +773,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -782,7 +782,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -790,7 +790,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 1 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -798,7 +798,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 2 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -806,7 +806,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 3 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -815,7 +815,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -823,7 +823,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 1 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -831,7 +831,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 2 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -839,7 +839,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 3 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti index 86b26611a..49c717707 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti @@ -11,7 +11,7 @@ val butterfly_2_ Prims.l_True (fun _ -> Prims.l_True) -let butterfly_2___SHUFFLE: i32 = mk_i32 216 +let butterfly_2___v_SHUFFLE: i32 = mk_i32 216 val butterfly_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) @@ -54,10 +54,10 @@ val ntt_at_layer_7_and_6___mul Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_7_and_6___STEP_BY_7_: usize = +let ntt_at_layer_7_and_6___v_STEP_BY_7_: usize = mk_usize 2 *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT -let ntt_at_layer_7_and_6___STEP_BY_6_: usize = +let ntt_at_layer_7_and_6___v_STEP_BY_6_: usize = (mk_usize 1 < Prims.l_True) -let ntt_at_layer_5_to_3___STEP: usize = mk_usize 1 < true); - f_use_hint_post + f_uuse_hint_post = (fun (gamma2: i32) @@ -345,7 +345,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) -> true); - f_use_hint + f_uuse_hint = (fun (gamma2: i32) @@ -357,7 +357,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto hint with Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_ml_dsa.Simd.Avx2.Arithmetic.use_hint gamma2 + Libcrux_ml_dsa.Simd.Avx2.Arithmetic.uuse_hint gamma2 simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value hint.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value } @@ -380,10 +380,10 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_2_pre + f_rejection_sample_less_than_eta_equals_2__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_2_post + f_rejection_sample_less_than_eta_equals_2__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_2_ @@ -395,10 +395,10 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_4_pre + f_rejection_sample_less_than_eta_equals_4__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_4_post + f_rejection_sample_less_than_eta_equals_4__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_4_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst index 493bdf16a..f6b75df26 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst @@ -183,7 +183,7 @@ let power2round_element (t: i32) = then let _:Prims.unit = Hax_lib.v_assert ((t >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (t <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -294,7 +294,7 @@ let infinity_norm_exceeds then let _:Prims.unit = Hax_lib.v_assert ((coefficient >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (coefficient <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -355,8 +355,8 @@ let shift_left_then_reduce let compute_one_hint (low high gamma2: i32) = if - low >. gamma2 || low <. (Core.Ops.Arith.Neg.neg gamma2 <: i32) || - low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. mk_i32 0 + low >. gamma2 || low <. (Core.Ops.Arith.f_neg gamma2 <: i32) || + low =. (Core.Ops.Arith.f_neg gamma2 <: i32) && high <>. mk_i32 0 then mk_i32 1 else mk_i32 0 @@ -421,7 +421,7 @@ let decompose_element (gamma2 r: i32) = then let _:Prims.unit = Hax_lib.v_assert ((r >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (r <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -468,7 +468,7 @@ let decompose_element (gamma2 r: i32) = in r0, r1 <: (i32 & i32) -let use_one_hint (gamma2 r hint: i32) = +let uuse_one_hint (gamma2 r hint: i32) = let r0, r1:(i32 & i32) = decompose_element gamma2 r in if hint =. mk_i32 0 then r1 @@ -554,7 +554,10 @@ let decompose (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = +let uuse_hint + (gamma2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) + = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 @@ -576,7 +579,7 @@ let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values i - (use_one_hint gamma2 + (uuse_one_hint gamma2 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ i ] <: i32) (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ i ] <: i32) <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti index b33255c91..beeafe049 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti @@ -70,7 +70,7 @@ val compute_hint val decompose_element (gamma2 r: i32) : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -val use_one_hint (gamma2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) +val uuse_one_hint (gamma2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) val decompose (gamma2: i32) @@ -81,7 +81,9 @@ val decompose Prims.l_True (fun _ -> Prims.l_True) -val use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) +val uuse_hint + (gamma2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst index fe2618f47..50ea9b747 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst @@ -16,7 +16,7 @@ let serialize_when_eta_is_2_ () in let coefficient0:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) <: i32) @@ -24,7 +24,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) <: i32) @@ -32,7 +32,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient2:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) <: i32) @@ -40,7 +40,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient3:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) @@ -48,7 +48,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient4:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) <: i32) @@ -56,7 +56,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient5:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) @@ -64,7 +64,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient6:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) @@ -72,7 +72,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient7:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) @@ -124,12 +124,12 @@ let serialize_when_eta_is_4_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) + cast (serialize_when_eta_is_4___v_ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) <: u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) + cast (serialize_when_eta_is_4___v_ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) <: u8 in @@ -177,7 +177,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 0) - (deserialize_when_eta_is_2___ETA -! (byte0 &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! (byte0 &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -190,7 +190,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 1) - (deserialize_when_eta_is_2___ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -203,7 +205,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2) - (deserialize_when_eta_is_2___ETA -! + (deserialize_when_eta_is_2___v_ETA -! (((byte0 >>! mk_i32 6 <: i32) |. (byte1 <>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte1 >>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -232,7 +236,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 4) - (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -245,7 +251,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 5) - (deserialize_when_eta_is_2___ETA -! + (deserialize_when_eta_is_2___v_ETA -! (((byte1 >>! mk_i32 7 <: i32) |. (byte2 <>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte2 >>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -274,7 +282,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 7) - (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -311,7 +321,7 @@ let deserialize_when_eta_is_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2 *! i <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) + (deserialize_when_eta_is_4___v_ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -324,7 +334,8 @@ let deserialize_when_eta_is_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32) + (deserialize_when_eta_is_4___v_ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32 + ) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti index ae3d16c4c..95da975e3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let serialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let serialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -23,7 +23,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let deserialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val deserialize_when_eta_is_2_ (serialized: t_Slice u8) @@ -32,7 +32,7 @@ val deserialize_when_eta_is_2_ Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let deserialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val deserialize_when_eta_is_4_ (serialized: t_Slice u8) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst index 096f1d980..7fdd50c6c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst @@ -19,16 +19,16 @@ let serialize_when_gamma1_is_2_pow_17_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let coefficient2:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) in let coefficient3:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized @@ -119,10 +119,10 @@ let serialize_when_gamma1_is_2_pow_19_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) + serialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) + serialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized @@ -205,7 +205,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient0 |. ((cast (bytes.[ mk_usize 2 ] <: u8) <: i32) <>! mk_i32 2 in let coefficient1:i32 = @@ -215,7 +215,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient1 |. ((cast (bytes.[ mk_usize 4 ] <: u8) <: i32) <>! mk_i32 4 in let coefficient2:i32 = @@ -225,7 +225,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient2 |. ((cast (bytes.[ mk_usize 6 ] <: u8) <: i32) <>! mk_i32 6 in let coefficient3:i32 = @@ -235,7 +235,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient3 |. ((cast (bytes.[ mk_usize 8 ] <: u8) <: i32) <>! mk_i32 4 in let coefficient1:i32 = @@ -341,7 +341,7 @@ let deserialize_when_gamma1_is_2_pow_19_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2 *! i <: usize) - (deserialize_when_gamma1_is_2_pow_19___GAMMA1 -! coefficient0 <: i32) + (deserialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! coefficient0 <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -354,7 +354,7 @@ let deserialize_when_gamma1_is_2_pow_19_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) - (deserialize_when_gamma1_is_2_pow_19___GAMMA1 -! coefficient1 <: i32) + (deserialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! coefficient1 <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti index a747b6d7d..8043ee0b3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 open Core open FStar.Mul -let serialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 <>! mk_i32 5 in let coefficient1:i32 = coefficient1 |. (byte2 <>! mk_i32 2 in let coefficient2:i32 = coefficient2 |. (byte4 <>! mk_i32 7 in let coefficient3:i32 = coefficient3 |. (byte5 <>! mk_i32 4 in let coefficient4:i32 = coefficient4 |. (byte7 <>! mk_i32 1 in let coefficient5:i32 = coefficient5 |. (byte9 <>! mk_i32 6 in let coefficient6:i32 = coefficient6 |. (byte10 <>! mk_i32 3 in let coefficient7:i32 = coefficient7 |. (byte12 < Prims.l_True) -let deserialize__BITS_IN_LOWER_PART_OF_T_MASK: i32 = +let deserialize__v_BITS_IN_LOWER_PART_OF_T_MASK: i32 = (mk_i32 1 < Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 +let invert_ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let invert_ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -96,9 +96,9 @@ val invert_ntt_at_layer_4_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 +let invert_ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let invert_ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -106,9 +106,9 @@ val invert_ntt_at_layer_5_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 +let invert_ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let invert_ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -116,9 +116,9 @@ val invert_ntt_at_layer_6_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 +let invert_ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let invert_ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -126,9 +126,9 @@ val invert_ntt_at_layer_7_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 +let invert_ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let invert_ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti index b785cd915..560bb21d0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti @@ -80,9 +80,9 @@ val ntt_at_layer_3_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_3___STEP: usize = mk_usize 8 +let ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -90,9 +90,9 @@ val ntt_at_layer_4_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_4___STEP: usize = mk_usize 16 +let ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -100,9 +100,9 @@ val ntt_at_layer_5_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_5___STEP: usize = mk_usize 32 +let ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -110,9 +110,9 @@ val ntt_at_layer_6_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_6___STEP: usize = mk_usize 64 +let ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -120,9 +120,9 @@ val ntt_at_layer_7_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_7___STEP: usize = mk_usize 128 +let ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst index c58120ff8..17c23fffe 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst @@ -274,7 +274,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = tmp0 in let hax_temp_output:usize = out1 in hint, hax_temp_output <: (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & usize)); - f_use_hint_pre + f_uuse_hint_pre = (fun (gamma2: i32) @@ -282,7 +282,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> true); - f_use_hint_post + f_uuse_hint_post = (fun (gamma2: i32) @@ -291,7 +291,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> true); - f_use_hint + f_uuse_hint = (fun (gamma2: i32) @@ -299,7 +299,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint gamma2 simd_unit hint + Libcrux_ml_dsa.Simd.Portable.Arithmetic.uuse_hint gamma2 simd_unit hint in hint); f_rejection_sample_less_than_field_modulus_pre @@ -318,10 +318,10 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_2_pre + f_rejection_sample_less_than_eta_equals_2__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_2_post + f_rejection_sample_less_than_eta_equals_2__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_2_ @@ -334,10 +334,10 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_4_pre + f_rejection_sample_less_than_eta_equals_4__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_4_post + f_rejection_sample_less_than_eta_equals_4__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_4_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti index 0257fe6e4..160d904f4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti @@ -56,10 +56,10 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (v_Self & usize) (f_compute_hint_pre x0 x1 x2 x3) (fun result -> f_compute_hint_post x0 x1 x2 x3 result); - f_use_hint_pre:i32 -> v_Self -> v_Self -> Type0; - f_use_hint_post:i32 -> v_Self -> v_Self -> v_Self -> Type0; - f_use_hint:x0: i32 -> x1: v_Self -> x2: v_Self - -> Prims.Pure v_Self (f_use_hint_pre x0 x1 x2) (fun result -> f_use_hint_post x0 x1 x2 result); + f_uuse_hint_pre:i32 -> v_Self -> v_Self -> Type0; + f_uuse_hint_post:i32 -> v_Self -> v_Self -> v_Self -> Type0; + f_uuse_hint:x0: i32 -> x1: v_Self -> x2: v_Self + -> Prims.Pure v_Self (f_uuse_hint_pre x0 x1 x2) (fun result -> f_uuse_hint_post x0 x1 x2 result); f_montgomery_multiply_pre:v_Self -> v_Self -> Type0; f_montgomery_multiply_post:v_Self -> v_Self -> v_Self -> Type0; f_montgomery_multiply:x0: v_Self -> x1: v_Self @@ -85,20 +85,20 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (t_Slice i32 & usize) (f_rejection_sample_less_than_field_modulus_pre x0 x1) (fun result -> f_rejection_sample_less_than_field_modulus_post x0 x1 result); - f_rejection_sample_less_than_eta_equals_2_pre:t_Slice u8 -> t_Slice i32 -> Type0; - f_rejection_sample_less_than_eta_equals_2_post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) + f_rejection_sample_less_than_eta_equals_2__pre:t_Slice u8 -> t_Slice i32 -> Type0; + f_rejection_sample_less_than_eta_equals_2__post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) -> Type0; f_rejection_sample_less_than_eta_equals_2_:x0: t_Slice u8 -> x1: t_Slice i32 -> Prims.Pure (t_Slice i32 & usize) - (f_rejection_sample_less_than_eta_equals_2_pre x0 x1) - (fun result -> f_rejection_sample_less_than_eta_equals_2_post x0 x1 result); - f_rejection_sample_less_than_eta_equals_4_pre:t_Slice u8 -> t_Slice i32 -> Type0; - f_rejection_sample_less_than_eta_equals_4_post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) + (f_rejection_sample_less_than_eta_equals_2__pre x0 x1) + (fun result -> f_rejection_sample_less_than_eta_equals_2__post x0 x1 result); + f_rejection_sample_less_than_eta_equals_4__pre:t_Slice u8 -> t_Slice i32 -> Type0; + f_rejection_sample_less_than_eta_equals_4__post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) -> Type0; f_rejection_sample_less_than_eta_equals_4_:x0: t_Slice u8 -> x1: t_Slice i32 -> Prims.Pure (t_Slice i32 & usize) - (f_rejection_sample_less_than_eta_equals_4_pre x0 x1) - (fun result -> f_rejection_sample_less_than_eta_equals_4_post x0 x1 result); + (f_rejection_sample_less_than_eta_equals_4__pre x0 x1) + (fun result -> f_rejection_sample_less_than_eta_equals_4__post x0 x1 result); f_gamma1_serialize_pre:v_Self -> t_Slice u8 -> usize -> Type0; f_gamma1_serialize_post:v_Self -> t_Slice u8 -> usize -> t_Slice u8 -> Type0; f_gamma1_serialize:x0: v_Self -> x1: t_Slice u8 -> x2: usize diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 68f209579..0add3819f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -4,23 +4,23 @@ open Core open FStar.Mul let inz (value: u8) = - let v__orig_value:u8 = value in + let e_orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in let result:u8 = - cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) + cast ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) <: u8 in let res:u8 = result &. mk_u8 1 in let _:Prims.unit = - if v v__orig_value = 0 + if v e_orig_value = 0 then (assert (value == zero); lognot_lemma value; assert ((~.value +. (mk_u16 1)) == zero); - assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) == zero); + assert ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) == zero); logor_lemma value zero; - assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) + assert ((value |. (Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) <: u16) == value); @@ -38,7 +38,7 @@ let inz (value: u8) = assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); assert ((v (~.value) + 1) / pow2 8 = (pow2 8 - 1)); - assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! + assert (v ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! (mk_i32 8)) = pow2 8 - 1); assert (result = ones); @@ -107,7 +107,7 @@ let compare (lhs rhs: t_Slice u8) = #push-options "--ifuel 0 --z3rlimit 50" let select_ct (lhs rhs: t_Slice u8) (selector: u8) = - let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in + let mask:u8 = Core.Num.impl_u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in let _:Prims.unit = assert (if selector = (mk_u8 0) then mask = ones else mask = zero); lognot_lemma mask; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index f2ec96f20..c3d727876 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -53,7 +53,7 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> Prims.Pure v_Self (f_shake128_init_absorb_final_pre x0) (fun result -> f_shake128_init_absorb_final_post x0 result); - f_shake128_squeeze_first_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_first_three_blocks_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_first_three_blocks_post: v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) @@ -62,7 +62,7 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) (f_shake128_squeeze_first_three_blocks_pre x0) (fun result -> f_shake128_squeeze_first_three_blocks_post x0 result); - f_shake128_squeeze_next_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_next_block_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) -> Type0; f_shake128_squeeze_next_block:x0: v_Self diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 9408ab305..c1a4a9e3a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -52,7 +52,7 @@ let unpack_public_key = { unpacked_public_key.f_ind_cpa_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector @@ -63,7 +63,7 @@ let unpack_public_key Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) - unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector @@ -168,7 +168,7 @@ let impl_3__serialized_mut v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) serialized.Libcrux_ml_kem.Types.f_value } @@ -193,7 +193,7 @@ let impl_3__serialized v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -575,12 +575,12 @@ let transpose_a let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__j -> - let v__j:usize = v__j in + (fun e_j -> + let e_j:usize = e_j in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -607,7 +607,7 @@ let transpose_a v_A in let i:usize = i in - let v__a_i:t_Array + let e_a_i:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A in @@ -619,7 +619,7 @@ let transpose_a v_A in let j:usize = j in - (forall (k: nat). k < v i ==> Seq.index v_A k == Seq.index v__a_i k) /\ + (forall (k: nat). k < v i ==> Seq.index v_A k == Seq.index e_a_i k) /\ (forall (k: nat). k < v j ==> Seq.index (Seq.index v_A (v i)) k == Seq.index (Seq.index ind_cpa_a k) (v i))) @@ -783,7 +783,7 @@ let generate_keypair v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 97f19a565..1d240a32f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -78,7 +78,7 @@ val unpack_public_key Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector unpacked_public_key_future.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == deserialized_pk /\ unpacked_public_key_future.f_ind_cpa_public_key .Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == @@ -94,28 +94,28 @@ val impl_3__serialized_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in - let self___ = self in + let self_ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_3__serialized @@ -126,26 +126,26 @@ val impl_3__serialized (self: t_MlKemPublicKeyUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in - let self___ = self in + let self_ = self in res.Libcrux_ml_kem.Types.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl @@ -197,30 +197,30 @@ val impl_4__serialized_public_key_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_public_key .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in - let self___ = self in + let self_ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_4__serialized_public_key @@ -231,28 +231,28 @@ val impl_4__serialized_public_key (self: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_public_key .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in - let self___ = self in + let self_ = self in res.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized private key. val impl_4__serialized_private_key_mut @@ -401,7 +401,7 @@ val encapsulate public_key.f_public_key_hash (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A) @@ -444,7 +444,7 @@ val decapsulate (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key_pair.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector key_pair.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 16d98e990..0df834d7a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -263,7 +263,7 @@ let validate_private_key i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (e_ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = validate_private_key_only v_K v_SECRET_KEY_SIZE #v_Hasher private_key #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 8e73d0c5a..fb74247fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -97,7 +97,7 @@ val validate_private_key (#v_Hasher: Type0) {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (e_ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst index 158cabd67..714109e1d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst @@ -68,7 +68,7 @@ let impl_1 = fun (_: Prims.unit) -> { - f_t_as_ntt + f_tt_as_ntt = Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 01b734880..7078d5501 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -25,7 +25,7 @@ val impl type t_IndCpaPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { - f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; + f_tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; f_seed_for_A:t_Array u8 (mk_usize 32); f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index baac26d0c..70751f970 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -266,8 +266,8 @@ let sample_ring_element_cbd let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -275,14 +275,14 @@ let sample_ring_element_cbd let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let v__domain_separator_init:u8 = domain_separator in + let e_domain_separator_init:u8 = domain_separator in let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = - sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input v__domain_separator_init + sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input e_domain_separator_init in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = @@ -328,7 +328,7 @@ let sample_ring_element_cbd #v_Vector error_1_ prf_input - v__domain_separator_init + e_domain_separator_init in error_1_, domain_separator <: @@ -407,14 +407,14 @@ let sample_vector_cbd_then_ntt let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let v__domain_separator_init:u8 = domain_separator in + let e_domain_separator_init:u8 = domain_separator in let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = - sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input v__domain_separator_init + sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input e_domain_separator_init in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = @@ -469,7 +469,7 @@ let sample_vector_cbd_then_ntt #v_Vector re_as_ntt prf_input - v__domain_separator_init + e_domain_separator_init in let hax_temp_output:u8 = domain_separator in re_as_ntt, hax_temp_output @@ -493,8 +493,8 @@ let sample_vector_cbd_then_ntt_out let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -602,11 +602,11 @@ let generate_keypair_unpacked let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt error_as_ntt @@ -638,7 +638,7 @@ let generate_keypair_unpacked assert (valid ==> ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) == + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) == t_as_ntt) /\ (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector @@ -656,7 +656,7 @@ let generate_keypair_unpacked (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) in private_key, public_key @@ -682,7 +682,7 @@ let serialize_unpacked_secret_key v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -923,7 +923,7 @@ let encrypt_unpacked let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Matrix.compute_ring_element_v v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt r_as_ntt error_2_ message_as_ring_element @@ -994,7 +994,7 @@ let build_unpacked_public_key_mut let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { unpacked_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector @@ -1003,7 +1003,7 @@ let build_unpacked_public_key_mut Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) - unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 2354ccac2..8be9b6051 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -223,7 +223,7 @@ val generate_keypair_unpacked (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt) /\ (public_key_future.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key_future.f_A == matrix_A_as_ntt) /\ @@ -239,7 +239,7 @@ val generate_keypair_unpacked (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) /// Serialize the secret key from the unpacked key pair generation. @@ -362,7 +362,7 @@ val encrypt_unpacked randomness (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) @@ -393,7 +393,7 @@ val build_unpacked_public_key_mut let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt /\ valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector @@ -420,7 +420,7 @@ val build_unpacked_public_key let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt /\ valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index aff441ba5..c48698282 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -21,7 +21,7 @@ let invert_ntt_at_layer_1_ = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -30,7 +30,7 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 4 /\ + v zeta_i == v e_zeta_i_init - v round * 4 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -100,7 +100,7 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -109,7 +109,7 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 2 /\ + v zeta_i == v e_zeta_i_init - v round * 2 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -177,7 +177,7 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -186,7 +186,7 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round /\ + v zeta_i == v e_zeta_i_init - v round /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c0fe46211..8da86b04c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -243,8 +243,8 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index eebdfcedb..d2950b430 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index b59106cca..e2c4d6032 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 45033e1d8..0dbe77079 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst index 420397080..ec668685d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti index 55494bc93..7da09ddc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem1024KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 351562191..245881c47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 654e7f647..9d7e1814c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 0971ec8be..341176dca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst index 05959df41..09d98b64c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti index 3f98de8bf..f72217571 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem512KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 39a6dac29..35885baf9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 12d585a78..a2923981a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -40,7 +40,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -76,7 +76,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -92,7 +92,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index 961c4e8c8..2f4ca5d47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -40,7 +40,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -76,7 +76,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -92,7 +92,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst index e19acdcc9..0d29d489c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti index f1c2a540e..e74c9b8ae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem768KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 79df0d16e..08d38e92e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -18,11 +18,11 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -31,7 +31,7 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 4 /\ + v zeta_i == v e_zeta_i_init + v round * 4 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -99,11 +99,11 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -112,7 +112,7 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 2 /\ + v zeta_i == v e_zeta_i_init + v round * 2 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -178,11 +178,11 @@ let ntt_at_layer_3_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -191,7 +191,7 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round /\ + v zeta_i == v e_zeta_i_init + v round /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -272,10 +272,10 @@ let ntt_at_layer_4_plus Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) + (layer e_initial_coefficient_bound: usize) = let step:usize = mk_usize 1 <>! layer <: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 06d5bf582..4aaf8b884 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -28,7 +28,7 @@ val ntt_at_layer_1_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 63 /\ ntt_re_range_2 re) (ensures @@ -51,7 +51,7 @@ val ntt_at_layer_2_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 31 /\ ntt_re_range_3 re) (ensures @@ -74,7 +74,7 @@ val ntt_at_layer_3_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 15 /\ ntt_re_range_4 re) (ensures @@ -111,7 +111,7 @@ val ntt_at_layer_4_plus {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) + (layer e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v layer >= 4 /\ v layer <= 7 /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 8dc7807f5..bb43ec0d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -200,7 +200,7 @@ let sample_from_xof let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & @@ -304,7 +304,7 @@ let sample_from_binomial_distribution_2_ in let coin_toss_outcomes:u32 = even_bits +! odd_bits in Rust_primitives.Hax.Folds.fold_range_step_by (mk_u32 0) - Core.Num.impl__u32__BITS + Core.Num.impl_u32__BITS (mk_usize 4) (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 4126df24b..8876200e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -345,8 +345,8 @@ let deserialize_ring_elements_reduced_out let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index ebaa64544..e8d7d8778 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -23,7 +23,7 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_ f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } @@ -123,7 +123,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } @@ -223,7 +223,7 @@ let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 84267e501..9b0e6d631 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -52,8 +52,8 @@ let prf_input_inc (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) (domain_separator: u8) = - let v__domain_separator_init:u8 = domain_separator in - let v__prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = + let e_domain_separator_init:u8 = domain_separator in + let e_prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = Core.Clone.f_clone #(t_Array (t_Array u8 (mk_usize 33)) v_K) #FStar.Tactics.Typeclasses.solve prf_inputs @@ -66,15 +66,15 @@ let prf_input_inc temp_0_ in let i:usize = i in - v domain_separator == v v__domain_separator_init + v i /\ + v domain_separator == v e_domain_separator_init + v i /\ (v i < v v_K ==> (forall (j: nat). - (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\ + (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == e_prf_inputs_init.[ sz j ])) /\ (forall (j: nat). j < v i ==> - v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\ + v (Seq.index (Seq.index prf_inputs j) 32) == v e_domain_separator_init + j /\ Seq.slice (Seq.index prf_inputs j) 0 32 == - Seq.slice (Seq.index v__prf_inputs_init j) 0 32)) + Seq.slice (Seq.index e_prf_inputs_init j) 0 32)) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index ce7a40c47..c04b35cf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -8,11 +8,11 @@ let ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 <: i16) - (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) - (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.f_neg zeta3 <: i16) + (Core.Ops.Arith.f_neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.f_neg zeta2 <: i16) + (Core.Ops.Arith.f_neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.f_neg zeta0 <: i16) + (Core.Ops.Arith.f_neg zeta0 <: i16) zeta0 zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) vector @@ -27,11 +27,11 @@ let ntt_layer_1_step let ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 + (Core.Ops.Arith.f_neg zeta0 <: i16) (Core.Ops.Arith.f_neg zeta0 <: i16) + (Core.Ops.Arith.f_neg zeta0 <: i16) (Core.Ops.Arith.f_neg zeta0 <: i16) zeta0 zeta0 zeta0 zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -214,17 +214,17 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta in let right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 right - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast (zeta3 <: i16) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Core.Ops.Arith.f_neg (cast (zeta3 <: i16) <: i32) <: i32) (cast (zeta3 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta2 <: i16) <: i32) <: i32) (cast (zeta2 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta1 <: i16) <: i32) <: i32) (cast (zeta1 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta0 <: i16) <: i32) <: i32) (cast (zeta0 <: i16) <: i32) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 15a24bbe9..b0d036be1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -41,7 +41,7 @@ val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet (requires Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) -let ntt_multiply__PERMUTE_WITH: i32 = mk_i32 216 +let ntt_multiply__v_PERMUTE_WITH: i32 = mk_i32 216 val ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index ebc4d32d3..b167ae236 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -21,14 +21,14 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let _:Prims.unit = assert (v (cast (good.[ sz 0 ] <: u8) <: usize) < 256); assert (v (cast (good.[ sz 1 ] <: u8) <: usize) < 256); - assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) <= 8); - assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 1 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl_u8__count_ones good.[ sz 1 ]) <: usize) <= 8); assume (Core.Ops.Index.f_index_pre output ({ - Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize; + Core.Ops.Range.f_start = cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize; Core.Ops.Range.f_end = - (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 + (cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 })) in let lower_shuffles:t_Array u8 (mk_usize 16) = @@ -52,7 +52,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 output lower_coefficients in let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize + cast (Core.Num.impl_u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize in let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize @@ -93,7 +93,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = in let hax_temp_output:usize = sampled_count +! - (cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) + (cast (Core.Num.impl_u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 245ce78ea..0ae117b00 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -297,6 +297,44 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (mk_usize 10)) Core.Array.t_TryFromSliceError) +let deserialize_5_ (bytes: t_Slice u8) = + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ mk_usize 9 ] <: u8) + (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 7 ] <: u8) + (bytes.[ mk_usize 7 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) + (bytes.[ mk_usize 5 ] <: u8) (bytes.[ mk_usize 4 ] <: u8) (bytes.[ mk_usize 3 ] <: u8) + (bytes.[ mk_usize 3 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) + (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 0 ] <: u8) + in + let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 coefficients coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 15) (mk_i8 14) (mk_i8 15) (mk_i8 14) + (mk_i8 13) (mk_i8 12) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 11) (mk_i8 10) + (mk_i8 9) (mk_i8 8) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 7) (mk_i8 6) (mk_i8 5) + (mk_i8 4) (mk_i8 5) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) + (mk_i8 1) (mk_i8 0) + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 1 < + coefficients i = + (if i % 16 < 10 + then + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) + else 0))) + in + coefficients + +let deserialize_10_ (bytes: t_Slice u8) = + let lower_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } + <: + Core.Ops.Range.t_Range usize ] + in + let upper_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = mk_usize 4; Core.Ops.Range.f_end = mk_usize 20 } + <: + Core.Ops.Range.t_Range usize ] + in + deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients + + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + #push-options "--admit_smt_queries true" let serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -550,123 +667,6 @@ let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -let deserialize_5_ (bytes: t_Slice u8) = - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ mk_usize 9 ] <: u8) - (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 7 ] <: u8) - (bytes.[ mk_usize 7 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) - (bytes.[ mk_usize 5 ] <: u8) (bytes.[ mk_usize 4 ] <: u8) (bytes.[ mk_usize 3 ] <: u8) - (bytes.[ mk_usize 3 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) - (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 0 ] <: u8) - in - let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - mm256_si256_from_two_si128 coefficients coefficients - in - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 15) (mk_i8 14) (mk_i8 15) (mk_i8 14) - (mk_i8 13) (mk_i8 12) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 11) (mk_i8 10) - (mk_i8 9) (mk_i8 8) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 7) (mk_i8 6) (mk_i8 5) - (mk_i8 4) (mk_i8 5) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) - (mk_i8 1) (mk_i8 0) - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) - in - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 1 < - coefficients i = - (if i % 16 < 10 - then - let j = (i / 16) * 10 + i % 16 in - if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) - else 0))) - in - coefficients - -let deserialize_10_ (bytes: t_Slice u8) = - let lower_coefficients:t_Slice u8 = - bytes.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } - <: - Core.Ops.Range.t_Range usize ] - in - let upper_coefficients:t_Slice u8 = - bytes.[ { Core.Ops.Range.f_start = mk_usize 4; Core.Ops.Range.f_end = mk_usize 20 } - <: - Core.Ops.Range.t_Range usize ] - in - deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients - - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) - (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) - [@@"opaque_to_smt"] let deserialize_12___deserialize_12_vec diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index e7c7f0e90..ea54af8a8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -133,6 +133,11 @@ val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 10) + (fun _ -> Prims.l_True) + val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) @@ -154,38 +159,6 @@ val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) let r:t_Array u8 (mk_usize 20) = r in forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) -val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - -val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure - (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) - (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) - (ensures - fun temp_0_ -> - let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & - Libcrux_intrinsics.Avx2_extract.t_Vec128) = - temp_0_ - in - forall (i: nat{i < 192}). - vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) - -val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (mk_usize 24)) - (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) - (ensures - fun r -> - let r:t_Array u8 (mk_usize 24) = r in - forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) - -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires Seq.length bytes == 10) - (fun _ -> Prims.l_True) - val deserialize_10___deserialize_10_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -215,6 +188,33 @@ val deserialize_10_ (bytes: t_Slice u8) let j = (i / 16) * 10 + i % 16 in bit_vec_of_int_t_array (bytes <: t_Array _ (sz 20)) 8 j)) +val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun temp_0_ -> + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 192}). + vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) + +val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (mk_usize 24)) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (mk_usize 24) = r in + forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) + val deserialize_12___deserialize_12_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index a892086c8..38c5b093c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -338,10 +338,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector)); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> impl.f_repr out == @@ -375,13 +375,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_compress_1_pre + f_compress_1__pre = (fun (vector: t_SIMD256Vector) -> forall (i: nat). i < 16 ==> v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329); - f_compress_1_post + f_compress_1__post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); @@ -553,50 +553,50 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) -> ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); - f_serialize_1_pre + f_serialize_1__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); - f_serialize_1_post + f_serialize_1__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> serialize_1_ vector); - f_deserialize_1_pre + f_deserialize_1__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2); - f_deserialize_1_post + f_deserialize_1__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out)); f_deserialize_1_ = (fun (bytes: t_Slice u8) -> deserialize_1_ bytes); - f_serialize_4_pre + f_serialize_4__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); - f_serialize_4_post + f_serialize_4__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> serialize_4_ vector); - f_deserialize_4_pre + f_deserialize_4__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8); - f_deserialize_4_post + f_deserialize_4__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> deserialize_4_ bytes); - f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); + f_serialize_5__pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_5__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre + f_deserialize_5__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10); - f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_5__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = (fun (bytes: t_Slice u8) -> @@ -604,52 +604,52 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre + f_serialize_10__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); - f_serialize_10_post + f_serialize_10__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> serialize_10_ vector); - f_deserialize_10_pre + f_deserialize_10__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20); - f_deserialize_10_post + f_deserialize_10__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> deserialize_10_ bytes); - f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); + f_serialize_11__pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_11__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre + f_deserialize_11__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22); - f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_11__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = (fun (bytes: t_Slice u8) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector); - f_serialize_12_pre + f_serialize_12__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); - f_serialize_12_post + f_serialize_12__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> serialize_12_ vector); - f_deserialize_12_pre + f_deserialize_12__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24); - f_deserialize_12_post + f_deserialize_12__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out)); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index b22cca873..6375db008 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -9,7 +9,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -20,8 +20,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 lhs - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -35,7 +34,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -46,8 +45,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 lhs - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -61,7 +59,7 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c } <: @@ -72,8 +70,7 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c } <: @@ -82,13 +79,13 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 c in + let c:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 c in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -98,8 +95,7 @@ let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD1 v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high - c + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -112,7 +108,7 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 v_SHIFT_BY + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 v_SHIFT_BY v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -123,7 +119,7 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 v_SHIFT_BY + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 v_SHIFT_BY v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -132,28 +128,27 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 3329) in + let c:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 3329) in let m0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c + Libcrux_intrinsics.Arm64_extract.e_vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c in let m1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c + Libcrux_intrinsics.Arm64_extract.e_vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c in let c0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 c - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 m0 <: u8) + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 c + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 m0 <: u8) in let c1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 c - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 m1 <: u8) + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 c + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 m1 <: u8) in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low - c0 + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c0 } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -163,7 +158,7 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c1 } <: @@ -172,15 +167,15 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect v let barrett_reduce_int16x8_t (v: u8) = - let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1024) in - let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in - let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 vec adder in - let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 11) vec in + let adder:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 1024) in + let vec:u8 = Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in + let vec:u8 = Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 vec adder in + let quotient:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 11) vec in let sub:u8 = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 quotient + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 quotient Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v sub + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v sub let barrett_reduce (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = @@ -207,34 +202,34 @@ let barrett_reduce (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let montgomery_reduce_int16x8_t (low high: u8) = let k:u8 = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vmulq_n_u16 - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 low <: u8) + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vmulq_n_u16 + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 low <: u8) (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: u16) <: u8) in let c:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 k + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 k Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: u8) in - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 high c + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 high c let montgomery_multiply_by_constant_int16x8_t (v: u8) (c: i16) = - let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v c in + let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v c <: u8) + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high let montgomery_multiply_int16x8_t (v c: u8) = - let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_s16 v c in + let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.e_vmulq_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_s16 v c <: u8) + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index d9d3c06c3..a3ce4df63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -4,25 +4,24 @@ open Core open FStar.Mul let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1664) in - let quarter:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 832) in + let half:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 1664) in + let quarter:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 832) in let shifted:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half - v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in - let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 15) shifted in + let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.e_veorq_s16 mask shifted in let shifted_positive_in_range:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 shifted_to_positive quarter in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vshrq_n_u16 (mk_i32 15) - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 shifted_positive_in_range <: u8) <: @@ -32,22 +31,22 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector in let shifted:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in - let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 15) shifted in + let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.e_veorq_s16 mask shifted in let shifted_positive_in_range:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 shifted_to_positive quarter in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vshrq_n_u16 (mk_i32 15) - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 shifted_positive_in_range <: u8) <: @@ -67,21 +66,21 @@ let mask_n_least_significant_bits (coefficient_bits: i16) = | x -> (mk_i16 1 < Libcrux_ml_kem.Vector.Neon.Arithmetic.shift_right v_SHIFT_BY v); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -232,8 +232,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> Libcrux_ml_kem.Vector.Neon.Arithmetic.montgomery_multiply_by_constant v c); - f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_compress_1_post + f_compress_1__pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_compress_1__post = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -436,8 +436,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = (zeta4: i16) -> Libcrux_ml_kem.Vector.Neon.Ntt.ntt_multiply lhs rhs zeta1 zeta2 zeta3 zeta4); - f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_1_post + f_serialize_1__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_1__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -448,15 +448,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_1_post + f_deserialize_1__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_1_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_1_ a); - f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_4_post + f_serialize_4__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_4__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -467,15 +467,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_4_post + f_deserialize_4__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_4_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_4_ a); - f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_5_post + f_serialize_5__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_5__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -486,15 +486,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_5_post + f_deserialize_5__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_5_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_5_ a); - f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_10_post + f_serialize_10__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_10__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -505,15 +505,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_10_post + f_deserialize_10__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_10_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_10_ a); - f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_11_post + f_serialize_11__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_11__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -524,15 +524,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_11_post + f_deserialize_11__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_11_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_11_ a); - f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_12_post + f_serialize_12__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_12__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -543,8 +543,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_12_post + f_deserialize_12__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_12_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 6bd277379..31c7f78fb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -31,7 +31,7 @@ let get_n_least_significant_bits (n: u8) (value: u32) = #push-options "--z3rlimit 150" let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let e_lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -41,8 +41,8 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ - (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) + (Seq.index e_lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index e_lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -68,14 +68,14 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let _:Prims.unit = assert (forall i. v (Seq.index lhs.f_elements i) == - v (Seq.index v__lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) + v (Seq.index e_lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) in lhs #pop-options let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let e_lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -85,8 +85,8 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ - (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) + (Seq.index e_lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index e_lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -112,12 +112,12 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let _:Prims.unit = assert (forall i. v (Seq.index lhs.f_elements i) == - v (Seq.index v__lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) + v (Seq.index e_lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) in lhs let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -125,8 +125,8 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in (forall j. - j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *! c) /\ - (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j) *! c) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -149,7 +149,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port vec) in let _:Prims.unit = - assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index v__vec0.f_elements i) * v c) + assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index e_vec0.f_elements i) * v c) in vec @@ -157,16 +157,15 @@ let bitwise_and_with_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j &. c) - ) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j) - ) + (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index e_vec0.f_elements j &. c)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -189,12 +188,12 @@ let bitwise_and_with_constant vec) in let _:Prims.unit = - Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) e_vec0.f_elements) in vec let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -203,8 +202,8 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty let i:usize = i in (forall j. j < v i ==> - Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j >>! v_SHIFT_BY)) /\ - (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + Seq.index vec.f_elements j == (Seq.index e_vec0.f_elements j >>! v_SHIFT_BY)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -229,14 +228,14 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty in let _:Prims.unit = Seq.lemma_eq_intro vec.f_elements - (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) e_vec0.f_elements) in vec #push-options "--z3rlimit 300" let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -246,9 +245,9 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta (forall j. j < v i ==> Seq.index vec.f_elements j == - (let x = Seq.index v__vec0.f_elements j in + (let x = Seq.index e_vec0.f_elements j in if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x)) /\ - (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -279,7 +278,7 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta let _:Prims.unit = Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) - v__vec0.f_elements) + e_vec0.f_elements) in vec @@ -325,7 +324,7 @@ let barrett_reduce_element (value: i16) = #push-options "--z3rlimit 150" let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -335,11 +334,11 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ - v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index v__vec0.f_elements j) % 3329) - )) /\ + v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index e_vec0.f_elements j) % 3329)) + ) /\ (forall j. j >= v i ==> - (Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j /\ + (Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j /\ Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j)))) vec (fun vec i -> @@ -487,7 +486,7 @@ let montgomery_multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -498,8 +497,8 @@ let montgomery_multiply_by_constant j < v i ==> (let vecj = Seq.index vec.f_elements j in (Spec.Utils.is_i16b 3328 vecj /\ - v vecj % 3329 == (v (Seq.index v__vec0.f_elements j) * v c * 169) % 3329))) /\ - (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + v vecj % 3329 == (v (Seq.index e_vec0.f_elements j) * v c * 169) % 3329))) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index fdd445812..4d7f04222 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -44,7 +44,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) let result:i16 = result in result >=. mk_i16 0 && result <. - (Core.Num.impl__i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) + (Core.Num.impl_i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 9c235b4b2..a038b901a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -418,9 +418,9 @@ let ntt_multiply_binomials let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bi in let ai_bi:i32 = (cast (ai <: i16) <: i32) *! (cast (bi <: i16) <: i32) in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bj in - let aj_bj___:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let aj_bj_:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in let _:Prims.unit = assert_norm (3328 * 3328 <= 3328 * pow2 15) in - let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj___ in + let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj_ in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in let aj_bj_zeta:i32 = (cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) in let ai_bi_aj_bj:i32 = ai_bi +! aj_bj_zeta in @@ -444,9 +444,9 @@ let ntt_multiply_binomials ((((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } ((((v ai * v bi) + (((v aj_bj % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj % 3329 == (v aj_bj___ * 169) % 3329) } - ((((v ai * v bi) + ((((v aj_bj___ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj___ == v aj * v bj) } + ( == ) { assert (v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } + ((((v ai * v bi) + ((((v aj_bj_ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj_ == v aj * v bj) } ((((v ai * v bi) + ((((v aj * v bj * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } ((((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329) * 169) % 3329; @@ -479,7 +479,7 @@ let ntt_multiply_binomials ((v ai * v bj + v aj * v bi) * 169) % 3329; } in - let v__out0:t_Array i16 (mk_usize 16) = + let e_out0:t_Array i16 (mk_usize 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -513,7 +513,7 @@ let ntt_multiply_binomials assert (Seq.index out.f_elements (2 * v i + 1) == o1); assert (Spec.Utils.is_i16b_array 3328 out.f_elements); assert (forall k. - (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index e_out0 k) in let _:Prims.unit = admit () (* Panic freedom *) in out @@ -526,10 +526,10 @@ let ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let nzeta0:i16 = Core.Ops.Arith.Neg.neg zeta0 in - let nzeta1:i16 = Core.Ops.Arith.Neg.neg zeta1 in - let nzeta2:i16 = Core.Ops.Arith.Neg.neg zeta2 in - let nzeta3:i16 = Core.Ops.Arith.Neg.neg zeta3 in + let nzeta0:i16 = Core.Ops.Arith.f_neg zeta0 in + let nzeta1:i16 = Core.Ops.Arith.f_neg zeta1 in + let nzeta2:i16 = Core.Ops.Arith.f_neg zeta2 in + let nzeta3:i16 = Core.Ops.Arith.f_neg zeta3 in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta0) in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta1) in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta2) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 6f0be6123..14135d831 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,404 +3,7 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul -let serialize_4_int (v: t_Slice i16) = - let result0:u8 = - ((cast (v.[ mk_usize 1 ] <: i16) <: u8) <>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_5_int (v: t_Slice i16) = - let r0:u8 = - cast ((v.[ mk_usize 0 ] <: i16) |. ((v.[ mk_usize 1 ] <: i16) <>! mk_i32 3 <: i16) |. - ((v.[ mk_usize 2 ] <: i16) <>! mk_i32 1 <: i16) |. - ((v.[ mk_usize 4 ] <: i16) <>! mk_i32 4 <: i16) |. - ((v.[ mk_usize 5 ] <: i16) <>! mk_i32 2 <: i16) |. - ((v.[ mk_usize 7 ] <: i16) <>! mk_i32 5 <: u8) - <: - u8) - <: - i16 - in - let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in - let v3:i16 = - cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) - <: - u8) - <: - i16 - in - let v4:i16 = - cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) - <: - u8) - <: - i16 - in - let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in - let v6:i16 = - cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) - <: - u8) - <: - i16 - in - let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 5 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 5; - Core.Ops.Range.f_end = mk_usize 10 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -let serialize_10_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) - in - let r3:u8 = - ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) - in - let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in - r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) - -let deserialize_10_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) - in - let r2:i16 = - (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) - in - let r3:i16 = - ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) - in - let r4:i16 = - (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) - in - let r6:i16 = - (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) - in - let r7:i16 = - ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) - in - let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) - in - let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) - in - let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = mk_usize 8; - Core.Ops.Range.f_end = mk_usize 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; - r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; - r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); - Rust_primitives.Hax.array_of_list 22 list - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 7 <: i16) <>! mk_i32 3 <: i16) - in - let r2:i16 = - ((((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) &. mk_i16 1 <: i16) <>! mk_i32 6 <: i16) - in - let r3:i16 = - (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) - in - let r4:i16 = - (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) - in - let r5:i16 = - ((((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 7 <: i16) - in - let r6:i16 = - (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) - in - let r7:i16 = - ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 11 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 11; - Core.Ops.Range.f_end = mk_usize 22 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -let serialize_12_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in - let r1:u8 = - cast (((v.[ mk_usize 0 ] <: i16) >>! mk_i32 8 <: i16) |. - (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in - r0, r1, r2 <: (u8 & u8 & u8) - -let deserialize_12_int (bytes: t_Slice u8) = - let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in - let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in - let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in - let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in - r0, r1 <: (i16 & i16) - -let rec serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 0 ] <: i16) <: @@ -541,7 +144,7 @@ let serialize_1_lemma inputs = #pop-options -let rec deserialize_1_ (v: t_Slice u8) = +let deserialize_1_ (v: t_Slice u8) = let result0:i16 = cast ((v.[ mk_usize 0 ] <: u8) &. mk_u8 1 <: u8) <: i16 in let result1:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in let result2:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in @@ -597,7 +200,26 @@ let deserialize_1_lemma inputs = let deserialize_1_bounded_lemma inputs = admit() -let rec serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_4_int (v: t_Slice i16) = + let result0:u8 = + ((cast (v.[ mk_usize 1 ] <: i16) <: u8) <>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_4_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_4_bounded_lemma inputs = + admit() + +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let serialize_5_int (v: t_Slice i16) = + let r0:u8 = + cast ((v.[ mk_usize 0 ] <: i16) |. ((v.[ mk_usize 1 ] <: i16) <>! mk_i32 3 <: i16) |. + ((v.[ mk_usize 2 ] <: i16) <>! mk_i32 1 <: i16) |. + ((v.[ mk_usize 4 ] <: i16) <>! mk_i32 4 <: i16) |. + ((v.[ mk_usize 5 ] <: i16) <>! mk_i32 2 <: i16) |. + ((v.[ mk_usize 7 ] <: i16) <>! mk_i32 5 <: u8) + <: + u8) + <: + i16 + in + let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in + let v3:i16 = + cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) + <: + u8) + <: + i16 + in + let v4:i16 = + cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) + <: + u8) + <: + i16 + in + let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in + let v6:i16 = + cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) + <: + u8) + <: + i16 + in + let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 4 + Core.Ops.Range.f_end = mk_usize 5 } <: Core.Ops.Range.t_Range usize ] @@ -667,9 +473,9 @@ let rec deserialize_4_ (bytes: t_Slice u8) = t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 4; - Core.Ops.Range.f_end = mk_usize 8 + deserialize_5_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 5; + Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize ] @@ -691,31 +497,24 @@ let rec deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -let deserialize_4_bounded_lemma inputs = - admit() - -#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" - -let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) - : squash ( - let inputs = bit_vec_of_int_t_array v 8 in - let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in - (forall (i: nat {i < 64}). inputs i == outputs i) - ) = - _ by (Tactics.GetBit.prove_bit_vector_equality' ()) - -#pop-options - -#push-options "--z3rlimit 300" - -let deserialize_4_lemma inputs = - deserialize_4_bit_vec_lemma inputs; - BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) - (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) - -#pop-options +let serialize_10_int (v: t_Slice i16) = + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in + let r1:u8 = + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) + in + let r2:u8 = + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) + in + let r3:u8 = + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) + in + let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in + r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) -let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -788,7 +587,42 @@ let serialize_10_lemma inputs = #pop-options -let rec deserialize_10_ (bytes: t_Slice u8) = +let deserialize_10_int (bytes: t_Slice u8) = + let r0:i16 = + (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) + in + let r2:i16 = + (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) + in + let r3:i16 = + ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) + in + let r4:i16 = + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) + in + let r6:i16 = + (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) + in + let r7:i16 = + ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) + in + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -848,7 +682,165 @@ let deserialize_10_lemma inputs = let deserialize_10_bounded_lemma inputs = admit() -let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_11_int (v: t_Slice i16) = + let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in + let r1:u8 = + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) + in + let r2:u8 = + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) + in + let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in + let r4:u8 = + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) + in + let r5:u8 = + ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) + in + let r6:u8 = + ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) + in + let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in + let r8:u8 = + ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) + in + let r9:u8 = + ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) + in + let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; + r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; + r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); + Rust_primitives.Hax.array_of_list 22 list + +let deserialize_11_int (bytes: t_Slice u8) = + let r0:i16 = + (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 7 <: i16) <>! mk_i32 3 <: i16) + in + let r2:i16 = + ((((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) &. mk_i16 1 <: i16) <>! mk_i32 6 <: i16) + in + let r3:i16 = + (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) + in + let r4:i16 = + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) + in + let r5:i16 = + ((((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 7 <: i16) + in + let r6:i16 = + (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) + in + let r7:i16 = + ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) + in + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 11 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 11; + Core.Ops.Range.f_end = mk_usize 22 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let serialize_12_int (v: t_Slice i16) = + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in + let r1:u8 = + cast (((v.[ mk_usize 0 ] <: i16) >>! mk_i32 8 <: i16) |. + (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in + r0, r1, r2 <: (u8 & u8 & u8) + +let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -961,7 +953,15 @@ let serialize_12_lemma inputs = #pop-options -let rec deserialize_12_ (bytes: t_Slice u8) = +let deserialize_12_int (bytes: t_Slice u8) = + let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in + r0, r1 <: (i16 & i16) + +let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 059e4bb4e..b2b1e7f16 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -3,16 +3,52 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) + +val deserialize_1_ (v: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) + (fun _ -> Prims.l_True) + +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) + +val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) + val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) + val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) + (fun _ -> Prims.l_True) + +val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) + +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) + val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) @@ -36,11 +72,29 @@ val serialize_10_int (v: t_Slice i16) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) + val deserialize_10_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) + (fun _ -> Prims.l_True) + +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) + +val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) + val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) @@ -64,65 +118,6 @@ val serialize_12_int (v: t_Slice i16) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) -val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) - (fun _ -> Prims.l_True) - -val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) - (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) - -val deserialize_1_ (v: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) - (fun _ -> Prims.l_True) - -val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) - -val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) - -val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) - (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) - -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) - (fun _ -> Prims.l_True) - -val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) - -val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) - -val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) - (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) - -val deserialize_10_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) - (fun _ -> Prims.l_True) - -val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) - -val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) - val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -130,6 +125,11 @@ val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) (ensures bit_vec_of_int_t_array (serialize_12_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) +val deserialize_12_int (bytes: t_Slice u8) + : Prims.Pure (i16 & i16) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) + (fun _ -> Prims.l_True) + val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index f23a5327e..43ae7e0b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -223,11 +223,11 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Arithmetic.shift_right v_SHIFT_BY v); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr v)); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -271,12 +271,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r); - f_compress_1_pre + f_compress_1__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> forall (i: nat). i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329); - f_compress_1_post + f_compress_1__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -531,11 +531,11 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) -> Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); - f_serialize_1_pre + f_serialize_1__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr a)); - f_serialize_1_post + f_serialize_1__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -546,19 +546,19 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); - f_deserialize_1_pre + f_deserialize_1__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2); - f_deserialize_1_post + f_deserialize_1__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); - f_serialize_4_pre + f_serialize_4__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr a)); - f_serialize_4_post + f_serialize_4__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -569,18 +569,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); - f_deserialize_4_pre + f_deserialize_4__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8); - f_deserialize_4_post + f_deserialize_4__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); - f_serialize_5_pre + f_serialize_5__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_serialize_5_post + f_serialize_5__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -590,18 +590,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); - f_deserialize_5_pre + f_deserialize_5__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10); - f_deserialize_5_post + f_deserialize_5__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); - f_serialize_10_pre + f_serialize_10__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr a)); - f_serialize_10_post + f_serialize_10__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -612,18 +612,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); - f_deserialize_10_pre + f_deserialize_10__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20); - f_deserialize_10_post + f_deserialize_10__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); - f_serialize_11_pre + f_serialize_11__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_serialize_11_post + f_serialize_11__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -633,18 +633,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); - f_deserialize_11_pre + f_deserialize_11__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22); - f_deserialize_11_post + f_deserialize_11__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); - f_serialize_12_pre + f_serialize_12__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr a)); - f_serialize_12_post + f_serialize_12__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -655,10 +655,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); - f_deserialize_12_pre + f_deserialize_12__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24); - f_deserialize_12_post + f_deserialize_12__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index ed03c1db0..98c7d8830 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -125,9 +125,9 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v: v_Self + f_cond_subtract_3329__pre:v: v_Self -> pred: Type0{Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr v) ==> pred}; - f_cond_subtract_3329_post:v: v_Self -> result: v_Self + f_cond_subtract_3329__post:v: v_Self -> result: v_Self -> pred: Type0 { pred ==> @@ -136,8 +136,8 @@ class t_Operations (v_Self: Type0) = { (f_repr v) }; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self - (f_cond_subtract_3329_pre x0) - (fun result -> f_cond_subtract_3329_post x0 result); + (f_cond_subtract_3329__pre x0) + (fun result -> f_cond_subtract_3329__post x0 result); f_barrett_reduce_pre:vector: v_Self -> pred: Type0{Spec.Utils.is_i16b_array 28296 (f_repr vector) ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; @@ -150,16 +150,16 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:a: v_Self + f_compress_1__pre:a: v_Self -> pred: Type0 { (forall (i: nat). i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> pred }; - f_compress_1_post:a: v_Self -> result: v_Self + f_compress_1__post:a: v_Self -> result: v_Self -> pred: Type0{pred ==> (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) 1)}; f_compress_1_:x0: v_Self - -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); + -> Prims.Pure v_Self (f_compress_1__pre x0) (fun result -> f_compress_1__post x0 result); f_compress_pre:v_COEFFICIENT_BITS: i32 -> a: v_Self -> pred: Type0 @@ -303,53 +303,53 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; - f_serialize_1_post:a: v_Self -> result: t_Array u8 (mk_usize 2) + f_serialize_1__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; + f_serialize_1__post:a: v_Self -> result: t_Array u8 (mk_usize 2) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 2)) - (f_serialize_1_pre x0) - (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:a: t_Slice u8 + (f_serialize_1__pre x0) + (fun result -> f_serialize_1__post x0 result); + f_deserialize_1__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2 ==> pred}; - f_deserialize_1_post:a: t_Slice u8 -> result: v_Self + f_deserialize_1__post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; - f_serialize_4_post:a: v_Self -> result: t_Array u8 (mk_usize 8) + -> Prims.Pure v_Self (f_deserialize_1__pre x0) (fun result -> f_deserialize_1__post x0 result); + f_serialize_4__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; + f_serialize_4__post:a: v_Self -> result: t_Array u8 (mk_usize 8) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 8)) - (f_serialize_4_pre x0) - (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:a: t_Slice u8 + (f_serialize_4__pre x0) + (fun result -> f_serialize_4__post x0 result); + f_deserialize_4__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8 ==> pred}; - f_deserialize_4_post:a: t_Slice u8 -> result: v_Self + f_deserialize_4__post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> Type0; - f_serialize_5_post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; + -> Prims.Pure v_Self (f_deserialize_4__pre x0) (fun result -> f_deserialize_4__post x0 result); + f_serialize_5__pre:v_Self -> Type0; + f_serialize_5__post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 10)) - (f_serialize_5_pre x0) - (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:a: t_Slice u8 + (f_serialize_5__pre x0) + (fun result -> f_serialize_5__post x0 result); + f_deserialize_5__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10 ==> pred}; - f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_5__post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; - f_serialize_10_post:a: v_Self -> result: t_Array u8 (mk_usize 20) + -> Prims.Pure v_Self (f_deserialize_5__pre x0) (fun result -> f_deserialize_5__post x0 result); + f_serialize_10__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; + f_serialize_10__post:a: v_Self -> result: t_Array u8 (mk_usize 20) -> pred: Type0 { pred ==> @@ -357,29 +357,29 @@ class t_Operations (v_Self: Type0) = { }; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 20)) - (f_serialize_10_pre x0) - (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:a: t_Slice u8 + (f_serialize_10__pre x0) + (fun result -> f_serialize_10__post x0 result); + f_deserialize_10__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20 ==> pred}; - f_deserialize_10_post:a: t_Slice u8 -> result: v_Self + f_deserialize_10__post:a: t_Slice u8 -> result: v_Self -> pred: Type0 {pred ==> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (f_repr result)}; f_deserialize_10_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> Type0; - f_serialize_11_post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; + -> Prims.Pure v_Self (f_deserialize_10__pre x0) (fun result -> f_deserialize_10__post x0 result); + f_serialize_11__pre:v_Self -> Type0; + f_serialize_11__post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 22)) - (f_serialize_11_pre x0) - (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:a: t_Slice u8 + (f_serialize_11__pre x0) + (fun result -> f_serialize_11__post x0 result); + f_deserialize_11__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22 ==> pred}; - f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_11__post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; - f_serialize_12_post:a: v_Self -> result: t_Array u8 (mk_usize 24) + -> Prims.Pure v_Self (f_deserialize_11__pre x0) (fun result -> f_deserialize_11__post x0 result); + f_serialize_12__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; + f_serialize_12__post:a: v_Self -> result: t_Array u8 (mk_usize 24) -> pred: Type0 { pred ==> @@ -387,16 +387,16 @@ class t_Operations (v_Self: Type0) = { }; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 24)) - (f_serialize_12_pre x0) - (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:a: t_Slice u8 + (f_serialize_12__pre x0) + (fun result -> f_serialize_12__post x0 result); + f_deserialize_12__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 ==> pred}; - f_deserialize_12_post:a: t_Slice u8 -> result: v_Self + f_deserialize_12__post:a: t_Slice u8 -> result: v_Self -> pred: Type0 {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); + -> Prims.Pure v_Self (f_deserialize_12__pre x0) (fun result -> f_deserialize_12__post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0