Add crypto_sign_pk_from_sk to top-level API
#714
Conversation
jakemas
force-pushed
the
mldsa-pk-from-sk
branch
5 times, most recently
from
510f9bb to
bd3181c
Compare
mldsa/src/sign.h
Outdated
| * Arguments: - uint8_t pk[CRYPTO_PUBLICKEYBYTES]: output public key | ||
| * - const uint8_t sk[CRYPTO_SECRETKEYBYTES]: input secret key | ||
| * | ||
| * Returns 0 on success, -1 if validation fails (corrupted secret key) |
There was a problem hiding this comment.
Is there a reference to FIPS204 one can provide here?
There was a problem hiding this comment.
Unfortunately not, there is no mention of this in FIPS 204.
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thanks @jakemas!
Two blockers:
- The function needs to be added to mldsa_native.h
- I think some of the declassifications need to be removed
I also wonder if we should rename the function to crypto_sign_pk_from_sk to align with other functions?
jakemas
force-pushed
the
mldsa-pk-from-sk
branch
2 times, most recently
from
00ff754 to
7fa39ba
Compare
mkannwischer
changed the title
crypto_sign_pk_from_sk to top-level API
mkannwischer
left a comment
mkannwischer
left a comment
There was a problem hiding this comment.
Thanks @jakemas for the changes! This looks good to me now.
mkannwischer
force-pushed
the
mldsa-pk-from-sk
branch
from
7fa39ba to
d5e1c73
Compare
mldsa/src/sign.c
Outdated
| mld_zeroize(&t0, sizeof(t0)); | ||
| mld_zeroize(&t0_computed, sizeof(t0_computed)); | ||
| mld_zeroize(key, sizeof(key)); | ||
| mld_zeroize(tr_computed, sizeof(tr_computed)); |
There was a problem hiding this comment.
Why are tr, rho, and t1 omitted?
There was a problem hiding this comment.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Mac Mini (M1, 2020) benchmarks (opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
46487 cycles |
46496 cycles |
1.00 |
ML-DSA-44 sign |
132757 cycles |
132772 cycles |
1.00 |
ML-DSA-44 verify |
47842 cycles |
47842 cycles |
1 |
ML-DSA-65 keypair |
81474 cycles |
81453 cycles |
1.00 |
ML-DSA-65 sign |
219244 cycles |
219163 cycles |
1.00 |
ML-DSA-65 verify |
80118 cycles |
80109 cycles |
1.00 |
ML-DSA-87 keypair |
132625 cycles |
132596 cycles |
1.00 |
ML-DSA-87 sign |
281125 cycles |
281212 cycles |
1.00 |
ML-DSA-87 verify |
130395 cycles |
130395 cycles |
1 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A76 (Raspberry Pi 5) benchmarks (opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
115791 cycles |
115546 cycles |
1.00 |
ML-DSA-44 sign |
376960 cycles |
377228 cycles |
1.00 |
ML-DSA-44 verify |
120301 cycles |
120526 cycles |
1.00 |
ML-DSA-65 keypair |
200397 cycles |
200179 cycles |
1.00 |
ML-DSA-65 sign |
623689 cycles |
622967 cycles |
1.00 |
ML-DSA-65 verify |
197920 cycles |
198351 cycles |
1.00 |
ML-DSA-87 keypair |
327697 cycles |
327201 cycles |
1.00 |
ML-DSA-87 sign |
791495 cycles |
791268 cycles |
1.00 |
ML-DSA-87 verify |
324898 cycles |
324856 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Mac Mini (M1, 2020) benchmarks (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
115249 cycles |
115268 cycles |
1.00 |
ML-DSA-44 sign |
430426 cycles |
430432 cycles |
1.00 |
ML-DSA-44 verify |
122140 cycles |
122206 cycles |
1.00 |
ML-DSA-65 keypair |
197283 cycles |
197166 cycles |
1.00 |
ML-DSA-65 sign |
700190 cycles |
700196 cycles |
1.00 |
ML-DSA-65 verify |
197625 cycles |
197602 cycles |
1.00 |
ML-DSA-87 keypair |
325694 cycles |
325565 cycles |
1.00 |
ML-DSA-87 sign |
884149 cycles |
884047 cycles |
1.00 |
ML-DSA-87 verify |
329030 cycles |
328865 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A76 (Raspberry Pi 5) benchmarks (no-opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
213789 cycles |
213817 cycles |
1.00 |
ML-DSA-44 sign |
782200 cycles |
784050 cycles |
1.00 |
ML-DSA-44 verify |
229962 cycles |
229513 cycles |
1.00 |
ML-DSA-65 keypair |
385235 cycles |
384799 cycles |
1.00 |
ML-DSA-65 sign |
1307962 cycles |
1314461 cycles |
1.00 |
ML-DSA-65 verify |
375315 cycles |
375898 cycles |
1.00 |
ML-DSA-87 keypair |
605968 cycles |
607035 cycles |
1.00 |
ML-DSA-87 sign |
1623238 cycles |
1623460 cycles |
1.00 |
ML-DSA-87 verify |
617584 cycles |
617252 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
34826 cycles |
35939 cycles |
0.97 |
ML-DSA-44 sign |
120719 cycles |
120718 cycles |
1.00 |
ML-DSA-44 verify |
38106 cycles |
38141 cycles |
1.00 |
ML-DSA-65 keypair |
61681 cycles |
62873 cycles |
0.98 |
ML-DSA-65 sign |
200838 cycles |
201460 cycles |
1.00 |
ML-DSA-65 verify |
62662 cycles |
62704 cycles |
1.00 |
ML-DSA-87 keypair |
94020 cycles |
95260 cycles |
0.99 |
ML-DSA-87 sign |
234791 cycles |
235558 cycles |
1.00 |
ML-DSA-87 verify |
94036 cycles |
94737 cycles |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i) (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
95908 cycles |
96057 cycles |
1.00 |
ML-DSA-44 sign |
349152 cycles |
349268 cycles |
1.00 |
ML-DSA-44 verify |
101404 cycles |
101803 cycles |
1.00 |
ML-DSA-65 keypair |
163022 cycles |
163944 cycles |
0.99 |
ML-DSA-65 sign |
565178 cycles |
565147 cycles |
1.00 |
ML-DSA-65 verify |
165073 cycles |
164858 cycles |
1.00 |
ML-DSA-87 keypair |
267098 cycles |
268355 cycles |
1.00 |
ML-DSA-87 sign |
723299 cycles |
723103 cycles |
1.00 |
ML-DSA-87 verify |
270824 cycles |
271795 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
69326 cycles |
69288 cycles |
1.00 |
ML-DSA-44 sign |
185135 cycles |
184700 cycles |
1.00 |
ML-DSA-44 verify |
69807 cycles |
69124 cycles |
1.01 |
ML-DSA-65 keypair |
119325 cycles |
119443 cycles |
1.00 |
ML-DSA-65 sign |
294920 cycles |
295201 cycles |
1.00 |
ML-DSA-65 verify |
115135 cycles |
115118 cycles |
1.00 |
ML-DSA-87 keypair |
202804 cycles |
201971 cycles |
1.00 |
ML-DSA-87 sign |
386640 cycles |
385373 cycles |
1.00 |
ML-DSA-87 verify |
193896 cycles |
193641 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
56848 cycles |
56917 cycles |
1.00 |
ML-DSA-44 sign |
180172 cycles |
179672 cycles |
1.00 |
ML-DSA-44 verify |
61090 cycles |
60918 cycles |
1.00 |
ML-DSA-65 keypair |
99403 cycles |
99920 cycles |
0.99 |
ML-DSA-65 sign |
297649 cycles |
296088 cycles |
1.01 |
ML-DSA-65 verify |
99947 cycles |
100006 cycles |
1.00 |
ML-DSA-87 keypair |
153370 cycles |
153471 cycles |
1.00 |
ML-DSA-87 sign |
352161 cycles |
351626 cycles |
1.00 |
ML-DSA-87 verify |
152016 cycles |
151962 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
41377 cycles |
42240 cycles |
0.98 |
ML-DSA-44 sign |
130261 cycles |
130842 cycles |
1.00 |
ML-DSA-44 verify |
44326 cycles |
44445 cycles |
1.00 |
ML-DSA-65 keypair |
72592 cycles |
72530 cycles |
1.00 |
ML-DSA-65 sign |
212974 cycles |
212854 cycles |
1.00 |
ML-DSA-65 verify |
72910 cycles |
72838 cycles |
1.00 |
ML-DSA-87 keypair |
109007 cycles |
111974 cycles |
0.97 |
ML-DSA-87 sign |
249340 cycles |
252780 cycles |
0.99 |
ML-DSA-87 verify |
110323 cycles |
110309 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton2
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
116104 cycles |
115816 cycles |
1.00 |
ML-DSA-44 sign |
377627 cycles |
377624 cycles |
1.00 |
ML-DSA-44 verify |
120720 cycles |
120558 cycles |
1.00 |
ML-DSA-65 keypair |
201022 cycles |
200332 cycles |
1.00 |
ML-DSA-65 sign |
624955 cycles |
623594 cycles |
1.00 |
ML-DSA-65 verify |
198562 cycles |
198416 cycles |
1.00 |
ML-DSA-87 keypair |
328680 cycles |
327949 cycles |
1.00 |
ML-DSA-87 sign |
792082 cycles |
792354 cycles |
1.00 |
ML-DSA-87 verify |
325473 cycles |
325213 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a) (no-opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
135698 cycles |
135799 cycles |
1.00 |
ML-DSA-44 sign |
541044 cycles |
541174 cycles |
1.00 |
ML-DSA-44 verify |
148924 cycles |
148797 cycles |
1.00 |
ML-DSA-65 keypair |
229510 cycles |
228686 cycles |
1.00 |
ML-DSA-65 sign |
893688 cycles |
889946 cycles |
1.00 |
ML-DSA-65 verify |
239113 cycles |
237363 cycles |
1.01 |
ML-DSA-87 keypair |
373804 cycles |
373747 cycles |
1.00 |
ML-DSA-87 sign |
1107920 cycles |
1107872 cycles |
1.00 |
ML-DSA-87 verify |
387419 cycles |
387864 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i) (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
158673 cycles |
158843 cycles |
1.00 |
ML-DSA-44 sign |
565192 cycles |
565210 cycles |
1.00 |
ML-DSA-44 verify |
170503 cycles |
170622 cycles |
1.00 |
ML-DSA-65 keypair |
269034 cycles |
269010 cycles |
1.00 |
ML-DSA-65 sign |
929262 cycles |
925157 cycles |
1.00 |
ML-DSA-65 verify |
275150 cycles |
275546 cycles |
1.00 |
ML-DSA-87 keypair |
453080 cycles |
452301 cycles |
1.00 |
ML-DSA-87 sign |
1184615 cycles |
1184508 cycles |
1.00 |
ML-DSA-87 verify |
460062 cycles |
460129 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton3
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
74123 cycles |
74051 cycles |
1.00 |
ML-DSA-44 sign |
228505 cycles |
228515 cycles |
1.00 |
ML-DSA-44 verify |
77970 cycles |
78086 cycles |
1.00 |
ML-DSA-65 keypair |
130611 cycles |
130702 cycles |
1.00 |
ML-DSA-65 sign |
378494 cycles |
378703 cycles |
1.00 |
ML-DSA-65 verify |
129336 cycles |
129261 cycles |
1.00 |
ML-DSA-87 keypair |
210178 cycles |
212536 cycles |
0.99 |
ML-DSA-87 sign |
475176 cycles |
479884 cycles |
0.99 |
ML-DSA-87 verify |
209083 cycles |
209138 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a) (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
119881 cycles |
120484 cycles |
0.99 |
ML-DSA-44 sign |
454066 cycles |
454537 cycles |
1.00 |
ML-DSA-44 verify |
129694 cycles |
130258 cycles |
1.00 |
ML-DSA-65 keypair |
205145 cycles |
205710 cycles |
1.00 |
ML-DSA-65 sign |
734299 cycles |
736196 cycles |
1.00 |
ML-DSA-65 verify |
211165 cycles |
210669 cycles |
1.00 |
ML-DSA-87 keypair |
339368 cycles |
337960 cycles |
1.00 |
ML-DSA-87 sign |
927673 cycles |
929194 cycles |
1.00 |
ML-DSA-87 verify |
346322 cycles |
346912 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
SpacemiT K1 8 (Banana Pi F3) benchmarks (no-opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
826748 cycles |
827647 cycles |
1.00 |
ML-DSA-44 sign |
3333385 cycles |
3334880 cycles |
1.00 |
ML-DSA-44 verify |
921833 cycles |
920513 cycles |
1.00 |
ML-DSA-65 keypair |
1404918 cycles |
1402398 cycles |
1.00 |
ML-DSA-65 sign |
5439603 cycles |
5447328 cycles |
1.00 |
ML-DSA-65 verify |
1469503 cycles |
1469774 cycles |
1.00 |
ML-DSA-87 keypair |
2313759 cycles |
2304928 cycles |
1.00 |
ML-DSA-87 sign |
6805657 cycles |
6815632 cycles |
1.00 |
ML-DSA-87 verify |
2404792 cycles |
2406938 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton4
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
69739 cycles |
69654 cycles |
1.00 |
ML-DSA-44 sign |
214000 cycles |
213912 cycles |
1.00 |
ML-DSA-44 verify |
72452 cycles |
72630 cycles |
1.00 |
ML-DSA-65 keypair |
123543 cycles |
123193 cycles |
1.00 |
ML-DSA-65 sign |
350504 cycles |
350733 cycles |
1.00 |
ML-DSA-65 verify |
120453 cycles |
120398 cycles |
1.00 |
ML-DSA-87 keypair |
201683 cycles |
201124 cycles |
1.00 |
ML-DSA-87 sign |
448983 cycles |
449467 cycles |
1.00 |
ML-DSA-87 verify |
197933 cycles |
198562 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton2 (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
214225 cycles |
214496 cycles |
1.00 |
ML-DSA-44 sign |
783025 cycles |
782673 cycles |
1.00 |
ML-DSA-44 verify |
230399 cycles |
230022 cycles |
1.00 |
ML-DSA-65 keypair |
386017 cycles |
384918 cycles |
1.00 |
ML-DSA-65 sign |
1308982 cycles |
1309733 cycles |
1.00 |
ML-DSA-65 verify |
375953 cycles |
376024 cycles |
1.00 |
ML-DSA-87 keypair |
607027 cycles |
607162 cycles |
1.00 |
ML-DSA-87 sign |
1626070 cycles |
1625843 cycles |
1.00 |
ML-DSA-87 verify |
618374 cycles |
617048 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton3 (no-opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
138958 cycles |
138866 cycles |
1.00 |
ML-DSA-44 sign |
493735 cycles |
493812 cycles |
1.00 |
ML-DSA-44 verify |
148332 cycles |
148472 cycles |
1.00 |
ML-DSA-65 keypair |
242400 cycles |
242502 cycles |
1.00 |
ML-DSA-65 sign |
809415 cycles |
808928 cycles |
1.00 |
ML-DSA-65 verify |
240614 cycles |
240449 cycles |
1.00 |
ML-DSA-87 keypair |
396999 cycles |
396812 cycles |
1.00 |
ML-DSA-87 sign |
1027165 cycles |
1026791 cycles |
1.00 |
ML-DSA-87 verify |
401187 cycles |
402036 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton4 (no-opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
128292 cycles |
128301 cycles |
1.00 |
ML-DSA-44 sign |
457141 cycles |
456702 cycles |
1.00 |
ML-DSA-44 verify |
136206 cycles |
136387 cycles |
1.00 |
ML-DSA-65 keypair |
220512 cycles |
220816 cycles |
1.00 |
ML-DSA-65 sign |
746675 cycles |
746751 cycles |
1.00 |
ML-DSA-65 verify |
220424 cycles |
220427 cycles |
1.00 |
ML-DSA-87 keypair |
365393 cycles |
365316 cycles |
1.00 |
ML-DSA-87 sign |
943508 cycles |
943661 cycles |
1.00 |
ML-DSA-87 verify |
368880 cycles |
369268 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A55 (Snapdragon 888) benchmarks (opt)
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
290055 cycles |
293203 cycles |
0.99 |
ML-DSA-44 sign |
928433 cycles |
944561 cycles |
0.98 |
ML-DSA-44 verify |
295798 cycles |
297453 cycles |
0.99 |
ML-DSA-65 keypair |
492683 cycles |
492637 cycles |
1.00 |
ML-DSA-65 sign |
1549870 cycles |
1521934 cycles |
1.02 |
ML-DSA-65 verify |
475787 cycles |
477392 cycles |
1.00 |
ML-DSA-87 keypair |
839790 cycles |
831029 cycles |
1.01 |
ML-DSA-87 sign |
2064612 cycles |
2047516 cycles |
1.01 |
ML-DSA-87 verify |
815989 cycles |
812867 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A55 (Snapdragon 888) benchmarks (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
467621 cycles |
469051 cycles |
1.00 |
ML-DSA-44 sign |
2223589 cycles |
2214428 cycles |
1.00 |
ML-DSA-44 verify |
549909 cycles |
550053 cycles |
1.00 |
ML-DSA-65 keypair |
784786 cycles |
783189 cycles |
1.00 |
ML-DSA-65 sign |
3630079 cycles |
3624689 cycles |
1.00 |
ML-DSA-65 verify |
850296 cycles |
848495 cycles |
1.00 |
ML-DSA-87 keypair |
1263704 cycles |
1263827 cycles |
1.00 |
ML-DSA-87 sign |
4481368 cycles |
4490718 cycles |
1.00 |
ML-DSA-87 verify |
1360890 cycles |
1366338 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
mkannwischer
force-pushed
the
mldsa-pk-from-sk
branch
from
d5e1c73 to
0f055f1
Compare
There was a problem hiding this comment.
Arm Cortex-A72 (Raspberry Pi 4) benchmarks (opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
233886 cycles |
231372 cycles |
1.01 |
ML-DSA-44 sign |
702534 cycles |
684967 cycles |
1.03 |
ML-DSA-44 verify |
239027 cycles |
228202 cycles |
1.05 |
ML-DSA-65 keypair |
417927 cycles |
403128 cycles |
1.04 |
ML-DSA-65 sign |
1136303 cycles |
1144695 cycles |
0.99 |
ML-DSA-65 verify |
391256 cycles |
386359 cycles |
1.01 |
ML-DSA-87 keypair |
681652 cycles |
672087 cycles |
1.01 |
ML-DSA-87 sign |
1512470 cycles |
1486097 cycles |
1.02 |
ML-DSA-87 verify |
669947 cycles |
645549 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Arm Cortex-A72 (Raspberry Pi 4) benchmarks (opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: d5e1c73 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 verify |
239027 cycles |
228202 cycles |
1.05 |
ML-DSA-65 keypair |
417927 cycles |
403128 cycles |
1.04 |
ML-DSA-87 verify |
669947 cycles |
645549 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A72 (Raspberry Pi 4) benchmarks (no-opt)
| Benchmark suite | Current: d5e1c73703c22cabfe400a46b234e8b9471f5d61 | Previous: 674b8bc | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
319367 cycles |
319083 cycles |
1.00 |
ML-DSA-44 sign |
1230294 cycles |
1223060 cycles |
1.01 |
ML-DSA-44 verify |
346844 cycles |
342702 cycles |
1.01 |
ML-DSA-65 keypair |
589189 cycles |
578493 cycles |
1.02 |
ML-DSA-65 sign |
1954963 cycles |
1972771 cycles |
0.99 |
ML-DSA-65 verify |
546390 cycles |
534999 cycles |
1.02 |
ML-DSA-87 keypair |
872771 cycles |
868555 cycles |
1.00 |
ML-DSA-87 sign |
2495089 cycles |
2474436 cycles |
1.01 |
ML-DSA-87 verify |
913654 cycles |
889743 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
| /* Declassify public key */ | ||
| MLD_CT_TESTING_DECLASSIFY(pk, CRYPTO_PUBLICKEYBYTES); |
There was a problem hiding this comment.
Nit: This declassification could (should?) be moved to after the validation.
There was a problem hiding this comment.
Actually... if the function fails, pk should probably be 0'ed.
There was a problem hiding this comment.
Ok, what would you like here? Move the declassification, remove it, and 0 instead?
| /* Constant time: Declassify to check result */ | ||
| MLD_CT_TESTING_DECLASSIFY(&rc, sizeof(int)); |
There was a problem hiding this comment.
Why do we need this declassification here, but not above?
There was a problem hiding this comment.
would you like it added above or removed here?
| /* Constant time: Declassify to check result */ | ||
| MLD_CT_TESTING_DECLASSIFY(&rc, sizeof(int)); |
There was a problem hiding this comment.
would you like it added above or removed here?
| CHECK(crypto_sign_keypair(pk, sk) == 0); | ||
|
|
||
| /* Derive public key from secret key */ | ||
| CHECK(crypto_sign_pk_from_sk(pk_derived, sk) == 0); |
There was a problem hiding this comment.
@mkannwischer Is there a way to test/assert in valgrind that certain memory is (still) classified? For failing crypto_sign_pk_from_sk we may want to check that pk is still secret (see comment above).
There was a problem hiding this comment.
I don't think we should this is a good idea. The pk should be a public output regardless of what input was passed to the function. We should zero out the public key and keep the declassification.
There was a problem hiding this comment.
That's OK by me as well.
There was a problem hiding this comment.
Ok so the consensus is that we should zero out the public key and keep the declassification. Is this the same for rc also in your above comments Hanno?
hanno-becker
left a comment
hanno-becker
left a comment
There was a problem hiding this comment.
One question regarding declassification/zeroing of pk in case of failure remaining.
This change will make #713 harder, unfortunately, but we can cross that bridge when we get to it.
jakemas
force-pushed
the
mldsa-pk-from-sk
branch
from
1cd4dd7 to
7535659
Compare
Ok, let me know what you think -- I've added the zero of |
Refactor keygen to use a new function that derives t0 t1 tr pk from rho s1 s2 so that this function can also be called by a utility function pk_to_sk that generates the pk given the sk. We also include ct_memcmp for constant time comparison. Signed-off-by: Jake Massimo <[email protected]>
jakemas
force-pushed
the
mldsa-pk-from-sk
branch
from
7535659 to
79cbd83
Compare
Uh oh!
There was an error while loading. Please reload this page.