libcrux icon indicating copy to clipboard operation
libcrux copied to clipboard

Published 20 hours ago verified publisher icon cryspen

Secret Independence for ML-KEM and ML-DSA

Open karthikbhargavan opened this issue 1 year ago • 2 comments

We need to prove secret-independence for the code in libcrux-ml-kem and libcrux-ml-dsa This will require merging some ongoing work in https://github.com/hacspec/hax/tree/karthik/secret-integers

karthikbhargavan avatar Jul 30 '24 11:07 karthikbhargavan

We never got around to doing this.

karthikbhargavan avatar Sep 09 '24 05:09 karthikbhargavan

  • [ ] Check C and compiled versions
  • [ ] Consolidate and write up our story
  • [ ] Automate checks

franziskuskiefer avatar Sep 16 '24 07:09 franziskuskiefer

  • I have created a new branch: https://github.com/cryspen/libcrux/tree/libcrux-secret-independence/libcrux-ml-kem
  • The secret independence (aka secret integers) crate is now here: https://github.com/cryspen/libcrux/tree/libcrux-secret-independence/libcrux-secret-independence
  • I extended libcrux-intrinsics to support secret-independent SIMD instructions: use avx2_secret and neon_secret modules to get the secret independent versions
  • This branch uses secret integers throughout libcrux-sha3, which is proved to be secret independent (yay!)
  • Now all SHA-3 functions expect &[U8] and produce arrays of [U8]
  • I propagated the use of SHA-3 throughout libcrux, resulting in changes to ML-KEM and ML-DSA
  • For now the pattern for using SHA-3 is: first classify the input, call SHA-3, then declassify the output
  • As more code becomes secret independent, we can move this classification dance higher and higher till it only applies to user inputs and outputs
  • There is some bug in psq that seems unrelated and needs fixing.
  • I did not propagate the changes to the old Kyber code yet.

karthikbhargavan avatar Oct 11 '24 06:10 karthikbhargavan

This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days.

github-actions[bot] avatar Jan 11 '25 02:01 github-actions[bot]

https://github.com/cryspen/libcrux/tree/franziskus/secret-arrays is a branch with all the things in a crate and some propagation to sha3.

franziskuskiefer avatar Jan 28 '25 10:01 franziskuskiefer

This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days.

github-actions[bot] avatar Mar 30 '25 02:03 github-actions[bot]

This issue has been closed due to a lack of activity since being marked as stale. If you believe this issue is still relevant, please reopen it with an update or comment.

github-actions[bot] avatar Apr 07 '25 02:04 github-actions[bot]