Merge pull request #732 from cryspen/franziskus/mldsa-cleanup

ML-DSA Parameter Set Monomorphization with Macros
cryspen · Jan 9, 2025 · 31e77d0 · 31e77d0
2 parents 8ce0529 + 2173ec8
commit 31e77d0
Show file tree

Hide file tree

Showing 221 changed files with 27,607 additions and 22,320 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -119,8 +119,9 @@ lto = "fat"
 codegen-units = 1
 panic = "abort"
 
-[profile.dev.package."libcrux-ml-dsa"]
-opt-level = 1
+# XXX: Not needed anymore, but nice for test speed
+# [profile.dev.package."libcrux-ml-dsa"]
+# opt-level = 1
 
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = [

diff --git a/libcrux-intrinsics/src/avx2.rs b/libcrux-intrinsics/src/avx2.rs
@@ -305,6 +305,11 @@ pub fn mm256_castsi256_ps(a: Vec256) -> Vec256Float {
     unsafe { _mm256_castsi256_ps(a) }
 }
 
+#[inline(always)]
+pub fn mm256_castps_si256(a: Vec256Float) -> Vec256 {
+    unsafe { _mm256_castps_si256(a) }
+}
+
 #[inline(always)]
 pub fn mm256_movemask_ps(a: Vec256Float) -> i32 {
     unsafe { _mm256_movemask_ps(a) }
@@ -352,6 +357,19 @@ pub fn mm256_testz_si256(lhs: Vec256, rhs: Vec256) -> i32 {
 
 #[inline(always)]
 pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 {
+    // This floating point xor may or may not be faster than regular xor.
+    // Local testing seems to indicate that it's a little more stable in
+    // benchmarks though.
+    // See https://stackoverflow.com/questions/27804476/difference-between-mm256-xor-si256-and-mm256-xor-ps
+    //
+    // However, using this pushes the doc test in ml-kem over the limit for
+    // stack size on Windows.
+    // unsafe {
+    //     _mm256_castps_si256(_mm256_xor_ps(
+    //         _mm256_castsi256_ps(lhs),
+    //         _mm256_castsi256_ps(rhs),
+    //     ))
+    // }
     unsafe { _mm256_xor_si256(lhs, rhs) }
 }
 

diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml
@@ -19,6 +19,7 @@ bench = false # so libtest doesn't eat the arguments to criterion
 libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" }
 libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" }
 libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" }
+libcrux-macros = { version = "0.0.2-beta.2", path = "../macros" }
 hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" }
 
 [dev-dependencies]
@@ -34,6 +35,7 @@ default = ["std", "mldsa44", "mldsa65", "mldsa87"]
 simd128 = ["libcrux-sha3/simd128", "libcrux-intrinsics/simd128"]
 simd256 = ["libcrux-sha3/simd256", "libcrux-intrinsics/simd256"]
 acvp = []                                                        # expose internal API for ACVP testing
+test-utils = []                                                  # exposing internal functions for testing
 
 # Features for the different key sizes of ML-DSA
 mldsa44 = []

diff --git a/libcrux-ml-dsa/boring.sh b/libcrux-ml-dsa/boring.sh
@@ -17,9 +17,10 @@ done
 
 # Extract the C code
 if [[ "$no_clean" = 0 ]]; then
-    cargo clean
+    # It's enough to clean sha3 to work around the charon bug.
+    cargo clean -p libcrux-sha3
 fi
-# TODO: add feature flags for mldsa65
+
 ./c.sh --config cg.yaml --out cg --mldsa65\
     --no-glue --no-unrolling --no-karamel_include --no-karamel_include
 

diff --git a/libcrux-ml-dsa/cg/CMakeLists.txt b/libcrux-ml-dsa/cg/CMakeLists.txt
@@ -19,6 +19,7 @@ if(NOT MSVC)
         -fstack-usage
         -Wunused-function
         # -Wno-unused-function
+        -Wno-unused-variable
         $<$<CONFIG:DEBUG>:-g>
         $<$<CONFIG:DEBUG>:-Og>
         $<$<CONFIG:RELEASE>:-g>

diff --git a/libcrux-ml-dsa/cg/code_gen.txt b/libcrux-ml-dsa/cg/code_gen.txt
@@ -1,6 +1,6 @@
 This code was generated with the following revisions:
-Charon: db4e045d4597d06d854ce7a2c10e8dcfda6ecd25
-Eurydice: 75eae2e2534a16f5ba5430e6ee5c69d8a46f3bea
-Karamel: 3823e3d82fa0b271d799b61c59ffb4742ddc1e65
+Charon: 0de54092afb546bf53cd8261c79499f3cae2c24b
+Eurydice: 8e112cd3065d2c1eb6c023cd37111300dbf9fc9a
+Karamel: f82ecfe9b99edd64642d47b4e3fb6314a8e2320b
 F*: b0961063393215ca65927f017720cb365a193833-dirty
-Libcrux: 834b7f51701fa4e8695a784c138ed230f49f0c4e
+Libcrux: 66afce2b7d2b86febb97fb1fc5de2fbba7419d74
diff --git a/libcrux-ml-dsa/cg/header.txt b/libcrux-ml-dsa/cg/header.txt
@@ -4,9 +4,9 @@
  * SPDX-License-Identifier: MIT or Apache-2.0
  *
  * This code was generated with the following revisions:
- * Charon: db4e045d4597d06d854ce7a2c10e8dcfda6ecd25
- * Eurydice: 75eae2e2534a16f5ba5430e6ee5c69d8a46f3bea
- * Karamel: 3823e3d82fa0b271d799b61c59ffb4742ddc1e65
+ * Charon: 0de54092afb546bf53cd8261c79499f3cae2c24b
+ * Eurydice: 8e112cd3065d2c1eb6c023cd37111300dbf9fc9a
+ * Karamel: f82ecfe9b99edd64642d47b4e3fb6314a8e2320b
  * F*: b0961063393215ca65927f017720cb365a193833-dirty
- * Libcrux: 834b7f51701fa4e8695a784c138ed230f49f0c4e
+ * Libcrux: 66afce2b7d2b86febb97fb1fc5de2fbba7419d74
  */