libcrux icon indicating copy to clipboard operation
libcrux copied to clipboard
verified publisher icon cryspen

ML-DSA: verify portable `ntt`

Open W95Psp opened this issue 8 months ago • 1 comments

W95Psp avatar Apr 28 '25 06:04 W95Psp

@karthikbhargavan and I inverstigated a bit this.

Notes:

  • the indirection via the values field of Coefficients will probably makes us hit https://github.com/FStarLang/FStar/issues/3800 to a certain degree. Would be much nicer to have IndexMut on coefficients. (see https://github.com/cryspen/hax/issues/644#issuecomment-2090950211)
  • we should add an interpretations for Rust arrays (or F* sequences) as lists, defining lifts and simplification lemmas just as we did for bitvec<->int_vec
  • then we can see e.g. ntt_at_layer_0 as a circuit
  • it is less clear for outer_3_plus: there is a loop, and we need montgomery_multiply_by_constant, subtract and add to be circuits already

W95Psp avatar Apr 30 '25 16:04 W95Psp

Can likely be improved, but addressed for now in #989

karthikbhargavan avatar May 23 '25 15:05 karthikbhargavan