mlkem: update from formosa-crypto/formosa-mlkem#22

Author: tfaoliveira

src/crypto_kem/mlkem/mlkem768/amd64/avx2/poly.jinc

@@ -318,7 +318,6 @@ fn _poly_decompress(reg ptr u16[MLKEM_N] rp, reg u64 ap) -> stack u16[MLKEM_N]
 
   for i=0 to MLKEM_N/16
   {
-    // was patched in the context of Kyber: check https://github.com/formosa-crypto/libjade/commit/d05492d5eab67c86733b5e841d910bc353f1b38d
     h = (128u)(u64)[ap + 8*i];
     sh = h;
     f = #VPBROADCAST_2u128(sh);
@@ -889,7 +888,6 @@ fn _poly_invntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
 {
   reg u256 zeta0 zeta1 zeta2 zeta3 r0 r1 r2 r3 r4 r5 r6 r7 qx16 vx16 flox16 fhix16;
   reg ptr u16[400] zetasp;
-  reg ptr u16[16] qx16p;
   inline int i;
 
   zetasp = jzetas_inv_exp;
@@ -1087,8 +1085,6 @@ fn __butterfly64x(reg u256 rl0 rl1 rl2 rl3 rh0 rh1 rh2 rh3 zl0 zl1 zh0 zh1 qx16)
 fn _poly_ntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
 {
   reg u256 zeta0 zeta1 zeta2 zeta3 r0 r1 r2 r3 r4 r5 r6 r7 qx16 vx16;
-  reg u32 t;
-  reg u16 w;
   reg ptr u16[400] zetasp;
   inline int i;
 

src/crypto_kem/mlkem/mlkem768/amd64/ref/fips202.jinc

@@ -3,10 +3,6 @@ param int SHAKE256_RATE = 136;
 param int SHA3_256_RATE = 136;
 param int SHA3_512_RATE = 72;
 
-param int SHAKE128_RATE = 168;
-param int SHAKE256_RATE = 136;
-param int SHA3_512_RATE = 72;
-
 inline
 fn __index(inline int x, inline int y) -> inline int {
   inline int r;
@@ -148,7 +144,6 @@ u64[24] roundconstants = {0x0000000000000001, 0x0000000000008082, 0x800000000000
 
 
 fn __keccakf1600_ref(reg ptr u64[25] state) -> reg ptr u64[25] {
-  inline int round;
   reg ptr u64[24] constptr;
 
   reg u64 rctr;

src/crypto_kem/mlkem/mlkem768/amd64/ref/indcpa.jinc

@@ -88,11 +88,10 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLK
 {
   stack u16[MLKEM_VECN] pkpv sp ep bp;
   stack u16[MLKEM_K*MLKEM_VECN] aat;
-  stack u16[MLKEM_N] k poly epp v poly0 poly1 poly2;
+  stack u16[MLKEM_N] k epp v;
   stack u8[MLKEM_SYMBYTES] publicseed;
-  reg u64 i j t64;
+  reg u64 i t64;
   reg u64 ctp;
-  reg u16 t;
   reg u8 nonce;
 
   pkpv = __polyvec_frombytes(pkp);
@@ -156,10 +155,9 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,
 {
   stack u16[MLKEM_VECN] pkpv sp ep bp;
   stack u16[MLKEM_K*MLKEM_VECN] aat;
-  stack u16[MLKEM_N] k poly epp v poly0 poly1 poly2;
+  stack u16[MLKEM_N] k epp v;
   stack u8[MLKEM_SYMBYTES] publicseed;
-  reg u64 i j t64;
-  reg u16 t;
+  reg u64 i t64;
   reg u8 nonce;
   stack ptr u8[MLKEM_CT_LEN] sctp;
 

src/crypto_kem/mlkem/mlkem768/amd64/ref/poly.jinc

@@ -45,7 +45,6 @@ fn _poly_csubq(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
 
 fn _poly_basemul(reg ptr u16[MLKEM_N] rp, reg const ptr u16[MLKEM_N] ap bp) -> reg ptr u16[MLKEM_N]
 {
-  reg u64 offset;
   reg u16 zeta;
   reg u16 r0;
   reg u16 r1;
@@ -293,7 +292,6 @@ fn _poly_frommsg(reg ptr u16[MLKEM_N] rp, reg u64 ap) -> stack u16[MLKEM_N]
   reg u8 c;
   reg u16 t;
   inline int i;
-  inline int j;
 
   for i = 0 to 32
   {
@@ -356,7 +354,6 @@ fn _i_poly_frommsg(reg ptr u16[MLKEM_N] rp, reg ptr u8[32] ap) -> stack u16[MLKE
   reg u8 c;
   reg u16 t;
   inline int i;
-  inline int j;
 
   for i = 0 to 32
   {
@@ -417,7 +414,6 @@ fn _poly_getnoise(reg ptr u16[MLKEM_N] rp, reg ptr u8[MLKEM_SYMBYTES] seed, reg
 {
   stack u8[33] extseed;   /* 33 = MLKEM_SYMBYTES +1 */
   stack u8[128] buf;      /* 128 = MLKEM_ETA*MLKEM_N/4 */
-  reg u64 outlen;
   reg u8 c,a,b;
   reg u16 t;
   reg u64 i;
@@ -499,11 +495,9 @@ fn _poly_invntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
       zetasctr += 1;
 
       j = start;
-      //cmp = #LEA(start + len);
       cmp = start; cmp += len;
       while (j < cmp)
       {
-        //offset = #LEA(j + len);
         offset = j; offset += len;
         s = rp[(int)offset];
         t = rp[(int)j];
@@ -515,7 +509,6 @@ fn _poly_invntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
         rp[(int)offset] = t;
         j += 1;
       }
-      //start = #LEA(j + len);
       start = j; start += len;
     }
     len <<= 1;
@@ -560,11 +553,9 @@ fn _poly_ntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
       zetasctr += 1;
       zeta = zetasp[(int)zetasctr];
       j = start;
-      // cmp = #LEA(start + len);
       cmp = start; cmp += len;
       while (j < cmp)
       {
-        //offset = #LEA(j + len);
         offset = j; offset += len;
         t = rp[(int)offset];
         t = __fqmul(t, zeta);
@@ -576,7 +567,6 @@ fn _poly_ntt(reg ptr u16[MLKEM_N] rp) -> reg ptr u16[MLKEM_N]
         rp[(int)j] = t;
         j += 1;
       }
-      //start = #LEA(j + len);
       start = j; start += len;
     }
     len >>= 1;

src/crypto_kem/mlkem/mlkem768/amd64/ref/polyvec.jinc

@@ -26,7 +26,6 @@ fn __polyvec_compress(reg u64 rp, stack u16[MLKEM_VECN] a)
 {
   stack u16[MLKEM_VECN] aa;
   reg u16 c, b;
-  reg u16 d;
   reg u64[4] t;
   reg u64 i j;
   inline int k;
@@ -90,7 +89,6 @@ fn __i_polyvec_compress(reg ptr u8[MLKEM_POLYVECCOMPRESSEDBYTES] rp, stack u16[M
 {
   stack u16[MLKEM_VECN] aa;
   reg u16 c, b;
-  reg u16 d;
   reg u64[4] t;
   reg u64 i j;
   inline int k;

src/crypto_kem/mlkem/mlkem768/amd64/ref/verify.jinc

@@ -27,7 +27,7 @@ fn __verify(reg u64 ctp, reg ptr u8[MLKEM_CT_LEN] ctpc) -> reg u64
 inline
 fn __cmov(reg u64 dst, reg ptr u8[MLKEM_SYMBYTES] src, reg u64 cnd)
 {
-  reg u8 t1 t2 bcond;
+  reg u8 t1 t2;
   inline int i;
 
   cnd = -cnd;