Skip to content

CBMC: Add proof and contract for crypto_sign_keypair_internal #269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

CBMC: Add proof and contract for crypto_sign_keypair_internal #269

wants to merge 1 commit into from

Conversation

jakemas
Copy link
Contributor

@jakemas jakemas commented May 22, 2025
edited
Loading

@jakemas
Copy link
Contributor Author

jakemas commented May 22, 2025

Work in progress

jakemas
jakemas commented May 22, 2025
View reviewed changes
mldsa/sign.c
Comment on lines +32 to 33
shake256(seedbuf, 2 * MLDSA_SEEDBYTES + MLDSA_CRHBYTES, inbuf,
MLDSA_SEEDBYTES + 2);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CBMC disliked the shared use of seedbuf as both in and out here.

@jakemas jakemas force-pushed the crypto_sign_keypair_internal branch from 8ffcfca to ae1870d Compare May 22, 2025 04:20
@mkannwischer mkannwischer force-pushed the crypto_sign_keypair_internal branch from ae1870d to 8c4946f Compare May 22, 2025 05:42
@jakemas jakemas force-pushed the crypto_sign_keypair_internal branch from 8c4946f to f6b4738 Compare May 22, 2025 15:54
mkannwischer
mkannwischer reviewed May 23, 2025
View reviewed changes
proofs/cbmc/crypto_sign_keypair_internal/Makefile
Comment on lines +23 to +29
USE_FUNCTION_CONTRACTS=$(FIPS202_NAMESPACE)shake256 $(MLD_NAMESPACE)polyvec_matrix_expand \
$(MLD_NAMESPACE)poly_uniform_eta_4x $(MLD_NAMESPACE)polyvecl_ntt \
$(MLD_NAMESPACE)polyvec_matrix_pointwise_montgomery \
$(MLD_NAMESPACE)polyveck_reduce $(MLD_NAMESPACE)polyveck_invntt_tomont \
$(MLD_NAMESPACE)polyveck_add $(MLD_NAMESPACE)polyveck_caddq \
$(MLD_NAMESPACE)polyveck_power2round $(MLD_NAMESPACE)pack_pk \
$(MLD_NAMESPACE)pack_sk
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find it a bit easier to parse to use

USE_FUNCTION_CONTRACTS=$(FIPS202_NAMESPACE)shake256
USE_FUNCTION_CONTRACTS+=$(MLD_NAMESPACE)polyvec_matrix_expand
USE_FUNCTION_CONTRACTS+=$(MLD_NAMESPACE)poly_uniform_eta_4x

@mkannwischer mkannwischer force-pushed the crypto_sign_keypair_internal branch from f6b4738 to 0af3d30 Compare May 23, 2025 02:11
@mkannwischer
Copy link
Contributor

polyveck_power2round(&t1, &t0, &t1);

is still problematic. I think, you can change the contract of polyveck_power2round
to be

void polyveck_power2round(polyveck *v1, polyveck *v0, const polyveck *v)
__contract__(
  requires(memory_no_alias(v1, sizeof(polyveck)))
  requires(memory_no_alias(v0, sizeof(polyveck)))
  requires(v == v1)
  ...

(and change poly_power2round accordingly).

There is only one call site so this should be okay.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkannwischer mkannwischer mkannwischer left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CBMC: Prove crypto_sign_keypair_internal
2 participants
@jakemas @mkannwischer