Falcon Post Quantum Digital Signature Verification, in Miden Assembly #369
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ion of Falcon signature Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
This implementation has some assumptions about input state ( more concretely how input is provided to verification routine ), which can be understood by go through comments accompanying the implementation assembly. Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
…degree 512 This optimization gain is achieved by using `loadw.mem` instead of `pushw.mem` instruction. Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
…oopifying repetitive instructions This increases cost of signature verification by 1762 VM cycles Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
…ory address ) when normalizing a degree-512 polynomial Some unnecessary stack push operations are skipped. Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
…ng to pointer based interface Pointer based interface denotes traversing memory using pointer arithmetic ( i.e. applying `INCR` instruction on previous memory address to compute next absolute memory address ). Cost of signature verification: 347,649 cycles Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
|
At commit 23aad20, cost of Falcon512 signature verification: 347,649 cycles. |
Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
…w API, avoiding some memcpy(s) Cost of signature verification is 337,402 cycles. Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
|
At commit 562425b, cost of signature verification is 337,402 cycles. |
…cal memory indexing order This commit is due to rebasing from `next`. Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
|
Commit 17882bb includes latest from |
bobbinth
reviewed
Oct 12, 2022
stdlib/asm/crypto/dsa/falcon.masm
Outdated
| # Expected stack state : | ||
| # | ||
| # [f_addr0, f_addr1, ..., f_addr126, f_addr127, g_addr0, g_addr1, ..., g_addr126, g_addr127, | ||
| # h_addr0, h_addr1, ..., h_addr126, h_addr127, k_addr0, k_addr1, ..., k_addr126, k_addr127, ...] | 512 absolute memory addresses |
There was a problem hiding this comment.
Is this comment still accurate? I thought we are providing just starting addresses via the stack (e.g., f_start_addr) rather than consecutive addresses.
Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
bobbinth
approved these changes
Oct 12, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
This PR implements Falcon-512 PQ DSA, in Miden Assembly, with following assumptions
f.ghkis supplied as input to program, which is actually decompressed signature, just that each coefficient is represented as absolute value ( sign bit is ignored )If signature verification fails, program execution should stop, due to assertion failure, which checks whether norm of signature is small enough or not.
Note, this PR needs to be reviewed after PR #349 , #368 ( in order appearing ) are reviewed & merged
Cost of signature verification at 7357b77, 335399 cycles