diff --git a/benchmarks.csv b/benchmarks.csv
index 6064966e..952b95f8 100644
--- a/benchmarks.csv
+++ b/benchmarks.csv
@@ -8,15 +8,15 @@ bikel3 (10 executions),opt,248083316,248083286,248083345,16405238,16405236,16405
hqc-128 (10 executions),clean,52705201,52705180,52705224,105650897,105650877,105650927,159569179,159569176,159569183
hqc-192 (10 executions),clean,161458617,161458590,161458638,323146261,323146250,323146292,486156251,486156214,486156266
hqc-256 (10 executions),clean,295934078,295934057,295934104,591853870,591853850,591853898,891163005,891162988,891163038
-kyber1024 (10 executions),clean,1540378,1537672,1549497,1707203,1704498,1716319,2019461,2016781,2028566
-kyber1024 (10 executions),m4fspeed,1007332,1004620,1027834,1025692,1023006,1046169,1088140,1085497,1108618
-kyber1024 (10 executions),m4fstack,1010439,1007447,1019916,1034164,1031168,1043640,1097375,1094378,1106850
-kyber512 (10 executions),clean,596231,595868,596646,696137,695809,696547,884186,883823,884599
-kyber512 (10 executions),m4fspeed,387168,386737,387669,386230,385800,386729,423509,423078,424010
-kyber512 (10 executions),m4fstack,386859,386551,387231,388111,387802,388486,425445,425136,425820
-kyber768 (10 executions),clean,990392,988002,998996,1134996,1132606,1143599,1384768,1382378,1393371
-kyber768 (10 executions),m4fspeed,631922,631406,632490,651769,651258,652364,700842,700331,701436
-kyber768 (10 executions),m4fstack,633057,632425,633410,656716,656088,657072,706247,705620,706604
+kyber1024 (10 executions),clean,1540394,1537580,1549267,1712150,1709337,1721019,2024408,2021583,2033304
+kyber1024 (10 executions),m4fspeed,1006341,1004590,1016692,1029398,1027642,1039752,1091847,1090091,1102201
+kyber1024 (10 executions),m4fstack,1009603,1007702,1019835,1038001,1036100,1048226,1101208,1099307,1111470
+kyber512 (10 executions),clean,597372,596106,607563,702227,700957,712416,890274,889008,900467
+kyber512 (10 executions),m4fspeed,387341,386762,387769,391098,390520,391527,428365,427786,428794
+kyber512 (10 executions),m4fstack,386853,386573,387221,392801,392521,393166,430140,429861,430504
+kyber768 (10 executions),clean,989247,987825,999577,1138807,1137381,1149131,1388568,1387146,1398896
+kyber768 (10 executions),m4fspeed,631912,631599,632459,656455,656155,656969,705524,705223,706037
+kyber768 (10 executions),m4fstack,634213,632786,644273,662556,661130,672615,712081,710655,722140
Signature Schemes,,,,,,,,,,
Scheme,Implementation,Key Generation [cycles] (mean),Key Generation [cycles] (min),Key Generation [cycles] (max),Sign [cycles] (mean),Sign [cycles] (min),Sign [cycles] (max),Verify [cycles] (mean),Verify [cycles] (min),Verify [cycles] (max)
aimer-l1-param1 (10 executions),ref,392943,392938,392977,32386301,32386203,32386424,31111672,31111588,31111782
@@ -54,17 +54,21 @@ dilithium3 (1000 executions),m4fstack,3412759,3406659,3419247,23673016,6733971,1
dilithium5 (1000 executions),clean,5341477,5286872,5395822,15710371,7953367,75940093,5609679,5609217,5610183
dilithium5 (1000 executions),m4f,4275029,4210286,4329519,7977781,4882524,25936176,4185417,4184925,4185896
dilithium5 (1000 executions),m4fstack,5816287,5474236,6115061,33452872,11170780,185259803,9912851,9845789,9981834
-falcon-1024 (10 executions),m4-ct,354880005,284902033,635131652,87741288,87506676,87922628,991320,982548,997219
-falcon-1024 (10 executions),opt-ct,555202324,284912829,1157528581,87710190,87606677,87841235,993584,983066,997523
-falcon-1024 (10 executions),opt-leaktime,438412062,334858742,625013074,80139483,79891200,80551967,994127,984891,997390
-falcon-1024-tree (10 executions),opt-ct,500950316,327706067,969046860,39207109,39013867,39449442,992787,982032,998080
-falcon-1024-tree (10 executions),opt-leaktime,372505822,284807343,551245131,42213136,41842229,42582424,995859,984960,998421
-falcon-512 (10 executions),m4-ct,161245486,110088298,279215300,40225282,40072879,40389913,478930,472982,485577
-falcon-512 (10 executions),opt-ct,151650543,116181731,228216352,40147309,40003575,40360540,480990,472795,485260
-falcon-512 (10 executions),opt-leaktime,159608965,111149933,301580807,37267337,36991076,37518518,478421,471680,484872
-falcon-512-tree (10 executions),m4-ct,167653515,121618919,272326714,18250061,18135371,18325579,479823,471774,485540
-falcon-512-tree (10 executions),opt-ct,184949574,121623805,270290280,18248036,18069599,18462666,484565,484059,485335
-falcon-512-tree (10 executions),opt-leaktime,156710258,106732109,326634247,20050613,19891001,20227947,482101,472948,485643
+falcon-1024 (10 executions),clean,602066436,377135260,1488065363,136241759,136017549,136556585,1678109,1677732,1678566
+falcon-1024 (10 executions),m4-ct,408725773,314885208,712370124,87706019,87549942,87839508,990541,984448,997160
+falcon-1024 (10 executions),opt-ct,448194494,301446952,784390745,87699336,87550679,87857833,992822,983184,998271
+falcon-1024 (10 executions),opt-leaktime,371539477,261831977,576613448,80134413,79844667,80338608,992815,982774,998600
+falcon-1024-tree (10 executions),opt-ct,469168139,341160847,733947155,39197559,39095597,39392055,995190,984826,998305
+falcon-1024-tree (10 executions),opt-leaktime,418213501,284879287,699555143,42181577,41844047,42456098,991791,983935,997742
+falcon-512 (10 executions),clean,229742458,134930383,358460785,62255726,62124149,62424751,834970,834402,835533
+falcon-512 (10 executions),m4-ct,146357328,106015844,250638532,40191597,40123901,40381630,482280,472137,485160
+falcon-512 (10 executions),opt-ct,168942163,106015882,258726842,40136012,40046972,40195851,481102,472809,485947
+falcon-512 (10 executions),opt-leaktime,130638983,94352160,240934147,37196341,36969717,37564986,476152,471514,484487
+falcon-512-tree (10 executions),m4-ct,187840863,121618909,531189026,18199972,18111179,18297541,479819,472890,485685
+falcon-512-tree (10 executions),opt-ct,179501018,121618960,347996956,18222471,18064774,18329860,479635,472057,484767
+falcon-512-tree (10 executions),opt-leaktime,203618838,106760540,425495750,20110699,19752157,20375122,480119,472263,485743
+falcon-padded-1024 (10 executions),clean,464867653,351942875,908060882,136157961,135988344,136430038,1677719,1677506,1677932
+falcon-padded-512 (10 executions),clean,241548154,164862595,348699388,62231774,62096573,62365088,834766,834480,834957
haetae2 (100 executions),m4f,6743278,1555292,25393506,21993963,4721290,86765689,918459,918244,918668
haetae2 (100 executions),ref,9363639,1716264,41895014,31631089,6247382,216853925,1104080,1103874,1104329
haetae3 (100 executions),m4f,12925388,2752846,52240529,30891994,7467529,160522018,1760745,1760408,1761081
@@ -204,19 +208,21 @@ dilithium3,m4fstack,4408,6608,2704,,,,,,
dilithium5,clean,97696,122724,92940,,,,,,
dilithium5,m4f,97688,116076,92932,,,,,,
dilithium5,m4fstack,4408,8136,2712,,,,,,
-falcon-1024,clean,34988,84604,8784,,,,,,
+falcon-1024,clean,35076,84604,8776,,,,,,
falcon-1024,m4-ct,1156,2508,376,,,,,,
-falcon-1024,opt-ct,1156,2508,376,,,,,,
-falcon-1024,opt-leaktime,1212,2580,376,,,,,,
-falcon-1024-tree,opt-ct,1252,2772,376,,,,,,
-falcon-1024-tree,opt-leaktime,1212,2988,376,,,,,,
-falcon-512,clean,18092,43548,4688,,,,,,
-falcon-512,m4-ct,1156,2428,376,,,,,,
-falcon-512,opt-ct,1156,2428,376,,,,,,
-falcon-512,opt-leaktime,1156,2492,376,,,,,,
-falcon-512-tree,m4-ct,1212,2636,376,,,,,,
+falcon-1024,opt-ct,1204,2508,376,,,,,,
+falcon-1024,opt-leaktime,1252,2580,444,,,,,,
+falcon-1024-tree,opt-ct,1148,2884,376,,,,,,
+falcon-1024-tree,opt-leaktime,1196,2988,376,,,,,,
+falcon-512,clean,18180,43548,4680,,,,,,
+falcon-512,m4-ct,1148,2428,376,,,,,,
+falcon-512,opt-ct,1244,2428,376,,,,,,
+falcon-512,opt-leaktime,1148,2492,376,,,,,,
+falcon-512-tree,m4-ct,1172,2636,376,,,,,,
falcon-512-tree,opt-ct,1156,2636,376,,,,,,
-falcon-512-tree,opt-leaktime,1212,2828,376,,,,,,
+falcon-512-tree,opt-leaktime,1196,2828,376,,,,,,
+falcon-padded-1024,clean,34988,84596,8776,,,,,,
+falcon-padded-512,clean,18092,43540,4680,,,,,,
haetae2,m4f,19756,55568,23296,,,,,,
haetae2,ref,26092,54444,29696,,,,,,
haetae3,m4f,29596,83420,31784,,,,,,
@@ -311,15 +317,15 @@ bikel3,opt,0.0,6.3,0.2,,,,,,
hqc-128,clean,0.4,0.8,0.5,,,,,,
hqc-192,clean,0.3,0.5,0.3,,,,,,
hqc-256,clean,0.2,0.4,0.3,,,,,,
-kyber1024,clean,50.0,45.8,38.7,,,,,,
-kyber1024,m4fspeed,76.0,75.8,71.5,,,,,,
-kyber1024,m4fstack,75.9,75.3,71.0,,,,,,
-kyber512,clean,49.8,41.4,32.6,,,,,,
-kyber512,m4fspeed,76.6,74.4,68.0,,,,,,
-kyber512,m4fstack,76.6,74.0,67.6,,,,,,
-kyber768,clean,48.4,43.3,35.5,,,,,,
-kyber768,m4fspeed,75.4,74.9,69.6,,,,,,
-kyber768,m4fstack,75.4,74.5,69.3,,,,,,
+kyber1024,clean,49.9,45.6,38.6,,,,,,
+kyber1024,m4fspeed,76.1,75.5,71.2,,,,,,
+kyber1024,m4fstack,75.8,74.9,70.6,,,,,,
+kyber512,clean,49.8,41.1,32.5,,,,,,
+kyber512,m4fspeed,76.5,73.5,67.1,,,,,,
+kyber512,m4fstack,76.5,73.1,66.8,,,,,,
+kyber768,clean,48.5,43.2,35.4,,,,,,
+kyber768,m4fspeed,75.4,74.4,69.2,,,,,,
+kyber768,m4fstack,75.3,73.8,68.7,,,,,,
Signature Schemes,,,,,,,,,,
Scheme,Implementation,Key Generation [%],Sign [%],Verify [%],,,,,,
aimer-l1-param1,ref,72.0,47.2,46.7,,,,,,
@@ -357,19 +363,21 @@ dilithium3,m4fstack,77.1,54.6,41.0,,,,,,
dilithium5,clean,67.0,35.7,61.1,,,,,,
dilithium5,m4f,83.5,65.0,81.7,,,,,,
dilithium5,m4fstack,76.1,54.5,42.6,,,,,,
-falcon-1024,clean,6.5,0.3,23.7,,,,,,
-falcon-1024,m4-ct,7.4,0.4,32.4,,,,,,
-falcon-1024,opt-ct,11.7,0.4,32.2,,,,,,
-falcon-1024,opt-leaktime,12.3,0.5,32.4,,,,,,
-falcon-1024-tree,opt-ct,5.2,0.9,32.3,,,,,,
-falcon-1024-tree,opt-leaktime,11.9,0.9,32.4,,,,,,
-falcon-512,clean,10.9,0.4,26.0,,,,,,
-falcon-512,m4-ct,15.3,0.5,34.3,,,,,,
-falcon-512,opt-ct,17.2,0.5,33.6,,,,,,
-falcon-512,opt-leaktime,16.0,0.5,33.8,,,,,,
-falcon-512-tree,m4-ct,18.4,1.1,33.9,,,,,,
-falcon-512-tree,opt-ct,14.5,1.1,33.9,,,,,,
-falcon-512-tree,opt-leaktime,18.7,1.0,33.9,,,,,,
+falcon-1024,clean,8.9,0.3,23.7,,,,,,
+falcon-1024,m4-ct,8.6,0.4,32.2,,,,,,
+falcon-1024,opt-ct,9.8,0.4,32.2,,,,,,
+falcon-1024,opt-leaktime,10.9,0.5,32.2,,,,,,
+falcon-1024-tree,opt-ct,9.2,0.9,32.3,,,,,,
+falcon-1024-tree,opt-leaktime,10.6,0.9,32.3,,,,,,
+falcon-512,clean,7.9,0.4,26.0,,,,,,
+falcon-512,m4-ct,13.7,0.5,33.9,,,,,,
+falcon-512,opt-ct,14.0,0.5,33.2,,,,,,
+falcon-512,opt-leaktime,17.3,0.5,33.6,,,,,,
+falcon-512-tree,m4-ct,12.6,1.1,33.7,,,,,,
+falcon-512-tree,opt-ct,14.6,1.1,34.2,,,,,,
+falcon-512-tree,opt-leaktime,20.5,1.0,34.3,,,,,,
+falcon-padded-1024,clean,7.3,0.3,23.7,,,,,,
+falcon-padded-512,clean,16.0,0.4,26.0,,,,,,
haetae2,m4f,12.4,56.7,54.1,,,,,,
haetae2,ref,10.6,42.4,45.1,,,,,,
haetae3,m4f,14.6,56.6,57.1,,,,,,
@@ -463,15 +471,15 @@ bikel3,opt,43091,24,1,43116,,,,,
hqc-128,clean,18628,0,0,18628,,,,,
hqc-192,clean,21104,0,0,21104,,,,,
hqc-256,clean,26260,0,0,26260,,,,,
-kyber1024,clean,6296,0,0,6296,,,,,
-kyber1024,m4fspeed,16912,0,0,16912,,,,,
-kyber1024,m4fstack,14120,0,0,14120,,,,,
-kyber512,clean,5164,0,0,5164,,,,,
-kyber512,m4fspeed,15824,0,0,15824,,,,,
-kyber512,m4fstack,13308,0,0,13308,,,,,
-kyber768,clean,5168,0,0,5168,,,,,
-kyber768,m4fspeed,15992,0,0,15992,,,,,
-kyber768,m4fstack,13316,0,0,13316,,,,,
+kyber1024,clean,6264,0,0,6264,,,,,
+kyber1024,m4fspeed,16884,0,0,16884,,,,,
+kyber1024,m4fstack,14092,0,0,14092,,,,,
+kyber512,clean,5132,0,0,5132,,,,,
+kyber512,m4fspeed,15796,0,0,15796,,,,,
+kyber512,m4fstack,13280,0,0,13280,,,,,
+kyber768,clean,5136,0,0,5136,,,,,
+kyber768,m4fspeed,15964,0,0,15964,,,,,
+kyber768,m4fstack,13288,0,0,13288,,,,,
Signature Schemes,,,,,,,,,,
Scheme,Implementation,.text [bytes],.data [bytes],.bss [bytes],Total [bytes],,,,,
aimer-l1-param1,ref,19302,468,0,19770,,,,,
@@ -509,19 +517,21 @@ dilithium3,m4fstack,23448,0,0,23448,,,,,
dilithium5,clean,7808,0,0,7808,,,,,
dilithium5,m4f,18468,0,0,18468,,,,,
dilithium5,m4fstack,23820,0,0,23820,,,,,
-falcon-1024,clean,82647,0,0,82647,,,,,
+falcon-1024,clean,82703,0,0,82703,,,,,
falcon-1024,m4-ct,81825,0,79872,161697,,,,,
falcon-1024,opt-ct,81825,0,79872,161697,,,,,
falcon-1024,opt-leaktime,75429,0,79872,155301,,,,,
falcon-1024-tree,opt-ct,81569,0,55296,136865,,,,,
falcon-1024-tree,opt-leaktime,75173,0,55296,130469,,,,,
-falcon-512,clean,82611,0,0,82611,,,,,
+falcon-512,clean,82663,0,0,82663,,,,,
falcon-512,m4-ct,81825,0,39936,121761,,,,,
falcon-512,opt-ct,81825,0,39936,121761,,,,,
falcon-512,opt-leaktime,75429,0,39936,115365,,,,,
falcon-512-tree,m4-ct,81569,0,27648,109217,,,,,
falcon-512-tree,opt-ct,81569,0,27648,109217,,,,,
falcon-512-tree,opt-leaktime,75173,0,27648,102821,,,,,
+falcon-padded-1024,clean,82643,0,0,82643,,,,,
+falcon-padded-512,clean,82599,0,0,82599,,,,,
haetae2,m4f,35708,0,0,35708,,,,,
haetae2,ref,25568,0,0,25568,,,,,
haetae3,m4f,35936,0,0,35936,,,,,
diff --git a/benchmarks.md b/benchmarks.md
index ba34c3d9..afb0ab01 100644
--- a/benchmarks.md
+++ b/benchmarks.md
@@ -9,15 +9,15 @@
| hqc-128 (10 executions) | clean | AVG: 52,705,201
MIN: 52,705,180
MAX: 52,705,224 | AVG: 105,650,897
MIN: 105,650,877
MAX: 105,650,927 | AVG: 159,569,179
MIN: 159,569,176
MAX: 159,569,183 |
| hqc-192 (10 executions) | clean | AVG: 161,458,617
MIN: 161,458,590
MAX: 161,458,638 | AVG: 323,146,261
MIN: 323,146,250
MAX: 323,146,292 | AVG: 486,156,251
MIN: 486,156,214
MAX: 486,156,266 |
| hqc-256 (10 executions) | clean | AVG: 295,934,078
MIN: 295,934,057
MAX: 295,934,104 | AVG: 591,853,870
MIN: 591,853,850
MAX: 591,853,898 | AVG: 891,163,005
MIN: 891,162,988
MAX: 891,163,038 |
-| kyber1024 (10 executions) | clean | AVG: 1,540,378
MIN: 1,537,672
MAX: 1,549,497 | AVG: 1,707,203
MIN: 1,704,498
MAX: 1,716,319 | AVG: 2,019,461
MIN: 2,016,781
MAX: 2,028,566 |
-| kyber1024 (10 executions) | m4fspeed | AVG: 1,007,332
MIN: 1,004,620
MAX: 1,027,834 | AVG: 1,025,692
MIN: 1,023,006
MAX: 1,046,169 | AVG: 1,088,140
MIN: 1,085,497
MAX: 1,108,618 |
-| kyber1024 (10 executions) | m4fstack | AVG: 1,010,439
MIN: 1,007,447
MAX: 1,019,916 | AVG: 1,034,164
MIN: 1,031,168
MAX: 1,043,640 | AVG: 1,097,375
MIN: 1,094,378
MAX: 1,106,850 |
-| kyber512 (10 executions) | clean | AVG: 596,231
MIN: 595,868
MAX: 596,646 | AVG: 696,137
MIN: 695,809
MAX: 696,547 | AVG: 884,186
MIN: 883,823
MAX: 884,599 |
-| kyber512 (10 executions) | m4fspeed | AVG: 387,168
MIN: 386,737
MAX: 387,669 | AVG: 386,230
MIN: 385,800
MAX: 386,729 | AVG: 423,509
MIN: 423,078
MAX: 424,010 |
-| kyber512 (10 executions) | m4fstack | AVG: 386,859
MIN: 386,551
MAX: 387,231 | AVG: 388,111
MIN: 387,802
MAX: 388,486 | AVG: 425,445
MIN: 425,136
MAX: 425,820 |
-| kyber768 (10 executions) | clean | AVG: 990,392
MIN: 988,002
MAX: 998,996 | AVG: 1,134,996
MIN: 1,132,606
MAX: 1,143,599 | AVG: 1,384,768
MIN: 1,382,378
MAX: 1,393,371 |
-| kyber768 (10 executions) | m4fspeed | AVG: 631,922
MIN: 631,406
MAX: 632,490 | AVG: 651,769
MIN: 651,258
MAX: 652,364 | AVG: 700,842
MIN: 700,331
MAX: 701,436 |
-| kyber768 (10 executions) | m4fstack | AVG: 633,057
MIN: 632,425
MAX: 633,410 | AVG: 656,716
MIN: 656,088
MAX: 657,072 | AVG: 706,247
MIN: 705,620
MAX: 706,604 |
+| kyber1024 (10 executions) | clean | AVG: 1,540,394
MIN: 1,537,580
MAX: 1,549,267 | AVG: 1,712,150
MIN: 1,709,337
MAX: 1,721,019 | AVG: 2,024,408
MIN: 2,021,583
MAX: 2,033,304 |
+| kyber1024 (10 executions) | m4fspeed | AVG: 1,006,341
MIN: 1,004,590
MAX: 1,016,692 | AVG: 1,029,398
MIN: 1,027,642
MAX: 1,039,752 | AVG: 1,091,847
MIN: 1,090,091
MAX: 1,102,201 |
+| kyber1024 (10 executions) | m4fstack | AVG: 1,009,603
MIN: 1,007,702
MAX: 1,019,835 | AVG: 1,038,001
MIN: 1,036,100
MAX: 1,048,226 | AVG: 1,101,208
MIN: 1,099,307
MAX: 1,111,470 |
+| kyber512 (10 executions) | clean | AVG: 597,372
MIN: 596,106
MAX: 607,563 | AVG: 702,227
MIN: 700,957
MAX: 712,416 | AVG: 890,274
MIN: 889,008
MAX: 900,467 |
+| kyber512 (10 executions) | m4fspeed | AVG: 387,341
MIN: 386,762
MAX: 387,769 | AVG: 391,098
MIN: 390,520
MAX: 391,527 | AVG: 428,365
MIN: 427,786
MAX: 428,794 |
+| kyber512 (10 executions) | m4fstack | AVG: 386,853
MIN: 386,573
MAX: 387,221 | AVG: 392,801
MIN: 392,521
MAX: 393,166 | AVG: 430,140
MIN: 429,861
MAX: 430,504 |
+| kyber768 (10 executions) | clean | AVG: 989,247
MIN: 987,825
MAX: 999,577 | AVG: 1,138,807
MIN: 1,137,381
MAX: 1,149,131 | AVG: 1,388,568
MIN: 1,387,146
MAX: 1,398,896 |
+| kyber768 (10 executions) | m4fspeed | AVG: 631,912
MIN: 631,599
MAX: 632,459 | AVG: 656,455
MIN: 656,155
MAX: 656,969 | AVG: 705,524
MIN: 705,223
MAX: 706,037 |
+| kyber768 (10 executions) | m4fstack | AVG: 634,213
MIN: 632,786
MAX: 644,273 | AVG: 662,556
MIN: 661,130
MAX: 672,615 | AVG: 712,081
MIN: 710,655
MAX: 722,140 |
## Signature Schemes
| scheme | implementation | key generation [cycles] | sign [cycles] | verify [cycles] |
| ------ | -------------- | ----------------------- | ------------- | --------------- |
@@ -56,17 +56,21 @@
| dilithium5 (1000 executions) | clean | AVG: 5,341,477
MIN: 5,286,872
MAX: 5,395,822 | AVG: 15,710,371
MIN: 7,953,367
MAX: 75,940,093 | AVG: 5,609,679
MIN: 5,609,217
MAX: 5,610,183 |
| dilithium5 (1000 executions) | m4f | AVG: 4,275,029
MIN: 4,210,286
MAX: 4,329,519 | AVG: 7,977,781
MIN: 4,882,524
MAX: 25,936,176 | AVG: 4,185,417
MIN: 4,184,925
MAX: 4,185,896 |
| dilithium5 (1000 executions) | m4fstack | AVG: 5,816,287
MIN: 5,474,236
MAX: 6,115,061 | AVG: 33,452,872
MIN: 11,170,780
MAX: 185,259,803 | AVG: 9,912,851
MIN: 9,845,789
MAX: 9,981,834 |
-| falcon-1024 (10 executions) | m4-ct | AVG: 354,880,005
MIN: 284,902,033
MAX: 635,131,652 | AVG: 87,741,288
MIN: 87,506,676
MAX: 87,922,628 | AVG: 991,320
MIN: 982,548
MAX: 997,219 |
-| falcon-1024 (10 executions) | opt-ct | AVG: 555,202,324
MIN: 284,912,829
MAX: 1,157,528,581 | AVG: 87,710,190
MIN: 87,606,677
MAX: 87,841,235 | AVG: 993,584
MIN: 983,066
MAX: 997,523 |
-| falcon-1024 (10 executions) | opt-leaktime | AVG: 438,412,062
MIN: 334,858,742
MAX: 625,013,074 | AVG: 80,139,483
MIN: 79,891,200
MAX: 80,551,967 | AVG: 994,127
MIN: 984,891
MAX: 997,390 |
-| falcon-1024-tree (10 executions) | opt-ct | AVG: 500,950,316
MIN: 327,706,067
MAX: 969,046,860 | AVG: 39,207,109
MIN: 39,013,867
MAX: 39,449,442 | AVG: 992,787
MIN: 982,032
MAX: 998,080 |
-| falcon-1024-tree (10 executions) | opt-leaktime | AVG: 372,505,822
MIN: 284,807,343
MAX: 551,245,131 | AVG: 42,213,136
MIN: 41,842,229
MAX: 42,582,424 | AVG: 995,859
MIN: 984,960
MAX: 998,421 |
-| falcon-512 (10 executions) | m4-ct | AVG: 161,245,486
MIN: 110,088,298
MAX: 279,215,300 | AVG: 40,225,282
MIN: 40,072,879
MAX: 40,389,913 | AVG: 478,930
MIN: 472,982
MAX: 485,577 |
-| falcon-512 (10 executions) | opt-ct | AVG: 151,650,543
MIN: 116,181,731
MAX: 228,216,352 | AVG: 40,147,309
MIN: 40,003,575
MAX: 40,360,540 | AVG: 480,990
MIN: 472,795
MAX: 485,260 |
-| falcon-512 (10 executions) | opt-leaktime | AVG: 159,608,965
MIN: 111,149,933
MAX: 301,580,807 | AVG: 37,267,337
MIN: 36,991,076
MAX: 37,518,518 | AVG: 478,421
MIN: 471,680
MAX: 484,872 |
-| falcon-512-tree (10 executions) | m4-ct | AVG: 167,653,515
MIN: 121,618,919
MAX: 272,326,714 | AVG: 18,250,061
MIN: 18,135,371
MAX: 18,325,579 | AVG: 479,823
MIN: 471,774
MAX: 485,540 |
-| falcon-512-tree (10 executions) | opt-ct | AVG: 184,949,574
MIN: 121,623,805
MAX: 270,290,280 | AVG: 18,248,036
MIN: 18,069,599
MAX: 18,462,666 | AVG: 484,565
MIN: 484,059
MAX: 485,335 |
-| falcon-512-tree (10 executions) | opt-leaktime | AVG: 156,710,258
MIN: 106,732,109
MAX: 326,634,247 | AVG: 20,050,613
MIN: 19,891,001
MAX: 20,227,947 | AVG: 482,101
MIN: 472,948
MAX: 485,643 |
+| falcon-1024 (10 executions) | clean | AVG: 602,066,436
MIN: 377,135,260
MAX: 1,488,065,363 | AVG: 136,241,759
MIN: 136,017,549
MAX: 136,556,585 | AVG: 1,678,109
MIN: 1,677,732
MAX: 1,678,566 |
+| falcon-1024 (10 executions) | m4-ct | AVG: 408,725,773
MIN: 314,885,208
MAX: 712,370,124 | AVG: 87,706,019
MIN: 87,549,942
MAX: 87,839,508 | AVG: 990,541
MIN: 984,448
MAX: 997,160 |
+| falcon-1024 (10 executions) | opt-ct | AVG: 448,194,494
MIN: 301,446,952
MAX: 784,390,745 | AVG: 87,699,336
MIN: 87,550,679
MAX: 87,857,833 | AVG: 992,822
MIN: 983,184
MAX: 998,271 |
+| falcon-1024 (10 executions) | opt-leaktime | AVG: 371,539,477
MIN: 261,831,977
MAX: 576,613,448 | AVG: 80,134,413
MIN: 79,844,667
MAX: 80,338,608 | AVG: 992,815
MIN: 982,774
MAX: 998,600 |
+| falcon-1024-tree (10 executions) | opt-ct | AVG: 469,168,139
MIN: 341,160,847
MAX: 733,947,155 | AVG: 39,197,559
MIN: 39,095,597
MAX: 39,392,055 | AVG: 995,190
MIN: 984,826
MAX: 998,305 |
+| falcon-1024-tree (10 executions) | opt-leaktime | AVG: 418,213,501
MIN: 284,879,287
MAX: 699,555,143 | AVG: 42,181,577
MIN: 41,844,047
MAX: 42,456,098 | AVG: 991,791
MIN: 983,935
MAX: 997,742 |
+| falcon-512 (10 executions) | clean | AVG: 229,742,458
MIN: 134,930,383
MAX: 358,460,785 | AVG: 62,255,726
MIN: 62,124,149
MAX: 62,424,751 | AVG: 834,970
MIN: 834,402
MAX: 835,533 |
+| falcon-512 (10 executions) | m4-ct | AVG: 146,357,328
MIN: 106,015,844
MAX: 250,638,532 | AVG: 40,191,597
MIN: 40,123,901
MAX: 40,381,630 | AVG: 482,280
MIN: 472,137
MAX: 485,160 |
+| falcon-512 (10 executions) | opt-ct | AVG: 168,942,163
MIN: 106,015,882
MAX: 258,726,842 | AVG: 40,136,012
MIN: 40,046,972
MAX: 40,195,851 | AVG: 481,102
MIN: 472,809
MAX: 485,947 |
+| falcon-512 (10 executions) | opt-leaktime | AVG: 130,638,983
MIN: 94,352,160
MAX: 240,934,147 | AVG: 37,196,341
MIN: 36,969,717
MAX: 37,564,986 | AVG: 476,152
MIN: 471,514
MAX: 484,487 |
+| falcon-512-tree (10 executions) | m4-ct | AVG: 187,840,863
MIN: 121,618,909
MAX: 531,189,026 | AVG: 18,199,972
MIN: 18,111,179
MAX: 18,297,541 | AVG: 479,819
MIN: 472,890
MAX: 485,685 |
+| falcon-512-tree (10 executions) | opt-ct | AVG: 179,501,018
MIN: 121,618,960
MAX: 347,996,956 | AVG: 18,222,471
MIN: 18,064,774
MAX: 18,329,860 | AVG: 479,635
MIN: 472,057
MAX: 484,767 |
+| falcon-512-tree (10 executions) | opt-leaktime | AVG: 203,618,838
MIN: 106,760,540
MAX: 425,495,750 | AVG: 20,110,699
MIN: 19,752,157
MAX: 20,375,122 | AVG: 480,119
MIN: 472,263
MAX: 485,743 |
+| falcon-padded-1024 (10 executions) | clean | AVG: 464,867,653
MIN: 351,942,875
MAX: 908,060,882 | AVG: 136,157,961
MIN: 135,988,344
MAX: 136,430,038 | AVG: 1,677,719
MIN: 1,677,506
MAX: 1,677,932 |
+| falcon-padded-512 (10 executions) | clean | AVG: 241,548,154
MIN: 164,862,595
MAX: 348,699,388 | AVG: 62,231,774
MIN: 62,096,573
MAX: 62,365,088 | AVG: 834,766
MIN: 834,480
MAX: 834,957 |
| haetae2 (100 executions) | m4f | AVG: 6,743,278
MIN: 1,555,292
MAX: 25,393,506 | AVG: 21,993,963
MIN: 4,721,290
MAX: 86,765,689 | AVG: 918,459
MIN: 918,244
MAX: 918,668 |
| haetae2 (100 executions) | ref | AVG: 9,363,639
MIN: 1,716,264
MAX: 41,895,014 | AVG: 31,631,089
MIN: 6,247,382
MAX: 216,853,925 | AVG: 1,104,080
MIN: 1,103,874
MAX: 1,104,329 |
| haetae3 (100 executions) | m4f | AVG: 12,925,388
MIN: 2,752,846
MAX: 52,240,529 | AVG: 30,891,994
MIN: 7,467,529
MAX: 160,522,018 | AVG: 1,760,745
MIN: 1,760,408
MAX: 1,761,081 |
@@ -208,19 +212,21 @@
| dilithium5 | clean | 97,696 | 122,724 | 92,940 |
| dilithium5 | m4f | 97,688 | 116,076 | 92,932 |
| dilithium5 | m4fstack | 4,408 | 8,136 | 2,712 |
-| falcon-1024 | clean | 34,988 | 84,604 | 8,784 |
+| falcon-1024 | clean | 35,076 | 84,604 | 8,776 |
| falcon-1024 | m4-ct | 1,156 | 2,508 | 376 |
-| falcon-1024 | opt-ct | 1,156 | 2,508 | 376 |
-| falcon-1024 | opt-leaktime | 1,212 | 2,580 | 376 |
-| falcon-1024-tree | opt-ct | 1,252 | 2,772 | 376 |
-| falcon-1024-tree | opt-leaktime | 1,212 | 2,988 | 376 |
-| falcon-512 | clean | 18,092 | 43,548 | 4,688 |
-| falcon-512 | m4-ct | 1,156 | 2,428 | 376 |
-| falcon-512 | opt-ct | 1,156 | 2,428 | 376 |
-| falcon-512 | opt-leaktime | 1,156 | 2,492 | 376 |
-| falcon-512-tree | m4-ct | 1,212 | 2,636 | 376 |
+| falcon-1024 | opt-ct | 1,204 | 2,508 | 376 |
+| falcon-1024 | opt-leaktime | 1,252 | 2,580 | 444 |
+| falcon-1024-tree | opt-ct | 1,148 | 2,884 | 376 |
+| falcon-1024-tree | opt-leaktime | 1,196 | 2,988 | 376 |
+| falcon-512 | clean | 18,180 | 43,548 | 4,680 |
+| falcon-512 | m4-ct | 1,148 | 2,428 | 376 |
+| falcon-512 | opt-ct | 1,244 | 2,428 | 376 |
+| falcon-512 | opt-leaktime | 1,148 | 2,492 | 376 |
+| falcon-512-tree | m4-ct | 1,172 | 2,636 | 376 |
| falcon-512-tree | opt-ct | 1,156 | 2,636 | 376 |
-| falcon-512-tree | opt-leaktime | 1,212 | 2,828 | 376 |
+| falcon-512-tree | opt-leaktime | 1,196 | 2,828 | 376 |
+| falcon-padded-1024 | clean | 34,988 | 84,596 | 8,776 |
+| falcon-padded-512 | clean | 18,092 | 43,540 | 4,680 |
| haetae2 | m4f | 19,756 | 55,568 | 23,296 |
| haetae2 | ref | 26,092 | 54,444 | 29,696 |
| haetae3 | m4f | 29,596 | 83,420 | 31,784 |
@@ -316,15 +322,15 @@
| hqc-128 | clean | 0.4% | 0.8% | 0.5% |
| hqc-192 | clean | 0.3% | 0.5% | 0.3% |
| hqc-256 | clean | 0.2% | 0.4% | 0.3% |
-| kyber1024 | clean | 50.0% | 45.8% | 38.7% |
-| kyber1024 | m4fspeed | 76.0% | 75.8% | 71.5% |
-| kyber1024 | m4fstack | 75.9% | 75.3% | 71.0% |
-| kyber512 | clean | 49.8% | 41.4% | 32.6% |
-| kyber512 | m4fspeed | 76.6% | 74.4% | 68.0% |
-| kyber512 | m4fstack | 76.6% | 74.0% | 67.6% |
-| kyber768 | clean | 48.4% | 43.3% | 35.5% |
-| kyber768 | m4fspeed | 75.4% | 74.9% | 69.6% |
-| kyber768 | m4fstack | 75.4% | 74.5% | 69.3% |
+| kyber1024 | clean | 49.9% | 45.6% | 38.6% |
+| kyber1024 | m4fspeed | 76.1% | 75.5% | 71.2% |
+| kyber1024 | m4fstack | 75.8% | 74.9% | 70.6% |
+| kyber512 | clean | 49.8% | 41.1% | 32.5% |
+| kyber512 | m4fspeed | 76.5% | 73.5% | 67.1% |
+| kyber512 | m4fstack | 76.5% | 73.1% | 66.8% |
+| kyber768 | clean | 48.5% | 43.2% | 35.4% |
+| kyber768 | m4fspeed | 75.4% | 74.4% | 69.2% |
+| kyber768 | m4fstack | 75.3% | 73.8% | 68.7% |
## Signature Schemes
| Scheme | Implementation | Key Generation [%] | Sign [%] | Verify [%] |
| ------ | -------------- | ------------------ | -------- | ---------- |
@@ -363,19 +369,21 @@
| dilithium5 | clean | 67.0% | 35.7% | 61.1% |
| dilithium5 | m4f | 83.5% | 65.0% | 81.7% |
| dilithium5 | m4fstack | 76.1% | 54.5% | 42.6% |
-| falcon-1024 | clean | 6.5% | 0.3% | 23.7% |
-| falcon-1024 | m4-ct | 7.4% | 0.4% | 32.4% |
-| falcon-1024 | opt-ct | 11.7% | 0.4% | 32.2% |
-| falcon-1024 | opt-leaktime | 12.3% | 0.5% | 32.4% |
-| falcon-1024-tree | opt-ct | 5.2% | 0.9% | 32.3% |
-| falcon-1024-tree | opt-leaktime | 11.9% | 0.9% | 32.4% |
-| falcon-512 | clean | 10.9% | 0.4% | 26.0% |
-| falcon-512 | m4-ct | 15.3% | 0.5% | 34.3% |
-| falcon-512 | opt-ct | 17.2% | 0.5% | 33.6% |
-| falcon-512 | opt-leaktime | 16.0% | 0.5% | 33.8% |
-| falcon-512-tree | m4-ct | 18.4% | 1.1% | 33.9% |
-| falcon-512-tree | opt-ct | 14.5% | 1.1% | 33.9% |
-| falcon-512-tree | opt-leaktime | 18.7% | 1.0% | 33.9% |
+| falcon-1024 | clean | 8.9% | 0.3% | 23.7% |
+| falcon-1024 | m4-ct | 8.6% | 0.4% | 32.2% |
+| falcon-1024 | opt-ct | 9.8% | 0.4% | 32.2% |
+| falcon-1024 | opt-leaktime | 10.9% | 0.5% | 32.2% |
+| falcon-1024-tree | opt-ct | 9.2% | 0.9% | 32.3% |
+| falcon-1024-tree | opt-leaktime | 10.6% | 0.9% | 32.3% |
+| falcon-512 | clean | 7.9% | 0.4% | 26.0% |
+| falcon-512 | m4-ct | 13.7% | 0.5% | 33.9% |
+| falcon-512 | opt-ct | 14.0% | 0.5% | 33.2% |
+| falcon-512 | opt-leaktime | 17.3% | 0.5% | 33.6% |
+| falcon-512-tree | m4-ct | 12.6% | 1.1% | 33.7% |
+| falcon-512-tree | opt-ct | 14.6% | 1.1% | 34.2% |
+| falcon-512-tree | opt-leaktime | 20.5% | 1.0% | 34.3% |
+| falcon-padded-1024 | clean | 7.3% | 0.3% | 23.7% |
+| falcon-padded-512 | clean | 16.0% | 0.4% | 26.0% |
| haetae2 | m4f | 12.4% | 56.7% | 54.1% |
| haetae2 | ref | 10.6% | 42.4% | 45.1% |
| haetae3 | m4f | 14.6% | 56.6% | 57.1% |
@@ -470,15 +478,15 @@
| hqc-128 | clean | 18,628 | 0 | 0 | 18,628 |
| hqc-192 | clean | 21,104 | 0 | 0 | 21,104 |
| hqc-256 | clean | 26,260 | 0 | 0 | 26,260 |
-| kyber1024 | clean | 6,296 | 0 | 0 | 6,296 |
-| kyber1024 | m4fspeed | 16,912 | 0 | 0 | 16,912 |
-| kyber1024 | m4fstack | 14,120 | 0 | 0 | 14,120 |
-| kyber512 | clean | 5,164 | 0 | 0 | 5,164 |
-| kyber512 | m4fspeed | 15,824 | 0 | 0 | 15,824 |
-| kyber512 | m4fstack | 13,308 | 0 | 0 | 13,308 |
-| kyber768 | clean | 5,168 | 0 | 0 | 5,168 |
-| kyber768 | m4fspeed | 15,992 | 0 | 0 | 15,992 |
-| kyber768 | m4fstack | 13,316 | 0 | 0 | 13,316 |
+| kyber1024 | clean | 6,264 | 0 | 0 | 6,264 |
+| kyber1024 | m4fspeed | 16,884 | 0 | 0 | 16,884 |
+| kyber1024 | m4fstack | 14,092 | 0 | 0 | 14,092 |
+| kyber512 | clean | 5,132 | 0 | 0 | 5,132 |
+| kyber512 | m4fspeed | 15,796 | 0 | 0 | 15,796 |
+| kyber512 | m4fstack | 13,280 | 0 | 0 | 13,280 |
+| kyber768 | clean | 5,136 | 0 | 0 | 5,136 |
+| kyber768 | m4fspeed | 15,964 | 0 | 0 | 15,964 |
+| kyber768 | m4fstack | 13,288 | 0 | 0 | 13,288 |
## Signature Schemes
| Scheme | Implementation | .text [bytes] | .data [bytes] | .bss [bytes] | Total [bytes] |
| ------ | -------------- | ------------- | ------------- | ------------ | ------------- |
@@ -517,19 +525,21 @@
| dilithium5 | clean | 7,808 | 0 | 0 | 7,808 |
| dilithium5 | m4f | 18,468 | 0 | 0 | 18,468 |
| dilithium5 | m4fstack | 23,820 | 0 | 0 | 23,820 |
-| falcon-1024 | clean | 82,647 | 0 | 0 | 82,647 |
+| falcon-1024 | clean | 82,703 | 0 | 0 | 82,703 |
| falcon-1024 | m4-ct | 81,825 | 0 | 79,872 | 161,697 |
| falcon-1024 | opt-ct | 81,825 | 0 | 79,872 | 161,697 |
| falcon-1024 | opt-leaktime | 75,429 | 0 | 79,872 | 155,301 |
| falcon-1024-tree | opt-ct | 81,569 | 0 | 55,296 | 136,865 |
| falcon-1024-tree | opt-leaktime | 75,173 | 0 | 55,296 | 130,469 |
-| falcon-512 | clean | 82,611 | 0 | 0 | 82,611 |
+| falcon-512 | clean | 82,663 | 0 | 0 | 82,663 |
| falcon-512 | m4-ct | 81,825 | 0 | 39,936 | 121,761 |
| falcon-512 | opt-ct | 81,825 | 0 | 39,936 | 121,761 |
| falcon-512 | opt-leaktime | 75,429 | 0 | 39,936 | 115,365 |
| falcon-512-tree | m4-ct | 81,569 | 0 | 27,648 | 109,217 |
| falcon-512-tree | opt-ct | 81,569 | 0 | 27,648 | 109,217 |
| falcon-512-tree | opt-leaktime | 75,173 | 0 | 27,648 | 102,821 |
+| falcon-padded-1024 | clean | 82,643 | 0 | 0 | 82,643 |
+| falcon-padded-512 | clean | 82,599 | 0 | 0 | 82,599 |
| haetae2 | m4f | 35,708 | 0 | 0 | 35,708 |
| haetae2 | ref | 25,568 | 0 | 0 | 25,568 |
| haetae3 | m4f | 35,936 | 0 | 0 | 35,936 |
diff --git a/crypto_kem/kyber1024/m4fspeed/cmov_int16.S b/crypto_kem/kyber1024/m4fspeed/cmov_int16.S
new file mode 120000
index 00000000..e57b8b26
--- /dev/null
+++ b/crypto_kem/kyber1024/m4fspeed/cmov_int16.S
@@ -0,0 +1 @@
+../../kyber768/m4fspeed/cmov_int16.S
\ No newline at end of file
diff --git a/crypto_kem/kyber1024/m4fstack/cmov_int16.S b/crypto_kem/kyber1024/m4fstack/cmov_int16.S
new file mode 120000
index 00000000..e57b8b26
--- /dev/null
+++ b/crypto_kem/kyber1024/m4fstack/cmov_int16.S
@@ -0,0 +1 @@
+../../kyber768/m4fspeed/cmov_int16.S
\ No newline at end of file
diff --git a/crypto_kem/kyber512/m4fspeed/cmov_int16.S b/crypto_kem/kyber512/m4fspeed/cmov_int16.S
new file mode 120000
index 00000000..e57b8b26
--- /dev/null
+++ b/crypto_kem/kyber512/m4fspeed/cmov_int16.S
@@ -0,0 +1 @@
+../../kyber768/m4fspeed/cmov_int16.S
\ No newline at end of file
diff --git a/crypto_kem/kyber512/m4fspeed/poly.c b/crypto_kem/kyber512/m4fspeed/poly.c
index 29861e69..401b26b7 100644
--- a/crypto_kem/kyber512/m4fspeed/poly.c
+++ b/crypto_kem/kyber512/m4fspeed/poly.c
@@ -606,6 +606,8 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
pointwise_sub(r->coeffs,a->coeffs,b->coeffs);
}
+void cmov_int16(int16_t *r, int16_t v, uint16_t b);
+
/*************************************************
* Name: poly_frommsg
*
@@ -614,16 +616,20 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
* Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *msg: pointer to input message
**************************************************/
-void poly_frommsg(poly *r, const unsigned char msg[KYBER_SYMBYTES]) {
- int i, j;
- uint16_t mask;
+void poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES])
+{
+ unsigned int i,j;
- for (i = 0; i < KYBER_SYMBYTES; i++) {
- for (j = 0; j < 8; j++) {
- mask = -((msg[i] >> j) & 1);
- r->coeffs[8 * i + j] = mask & ((KYBER_Q + 1) / 2);
- }
+#if (KYBER_INDCPA_MSGBYTES != KYBER_N/8)
+#error "KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!"
+#endif
+
+ for(i=0;icoeffs[8*i+j] = 0;
+ cmov_int16(r->coeffs+8*i+j, ((KYBER_Q+1)/2), (msg[i] >> j)&1);
}
+ }
}
/*************************************************
diff --git a/crypto_kem/kyber512/m4fstack/cmov_int16.S b/crypto_kem/kyber512/m4fstack/cmov_int16.S
new file mode 120000
index 00000000..e57b8b26
--- /dev/null
+++ b/crypto_kem/kyber512/m4fstack/cmov_int16.S
@@ -0,0 +1 @@
+../../kyber768/m4fspeed/cmov_int16.S
\ No newline at end of file
diff --git a/crypto_kem/kyber512/m4fstack/poly.c b/crypto_kem/kyber512/m4fstack/poly.c
index cc849592..443fdbae 100644
--- a/crypto_kem/kyber512/m4fstack/poly.c
+++ b/crypto_kem/kyber512/m4fstack/poly.c
@@ -571,6 +571,8 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
pointwise_sub(r->coeffs,a->coeffs,b->coeffs);
}
+void cmov_int16(int16_t *r, int16_t v, uint16_t b);
+
/*************************************************
* Name: poly_frommsg
*
@@ -579,16 +581,20 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
* Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *msg: pointer to input message
**************************************************/
-void poly_frommsg(poly *r, const unsigned char msg[KYBER_SYMBYTES]) {
- int i, j;
- uint16_t mask;
+void poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES])
+{
+ unsigned int i,j;
- for (i = 0; i < KYBER_SYMBYTES; i++) {
- for (j = 0; j < 8; j++) {
- mask = -((msg[i] >> j) & 1);
- r->coeffs[8 * i + j] = mask & ((KYBER_Q + 1) / 2);
- }
+#if (KYBER_INDCPA_MSGBYTES != KYBER_N/8)
+#error "KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!"
+#endif
+
+ for(i=0;icoeffs[8*i+j] = 0;
+ cmov_int16(r->coeffs+8*i+j, ((KYBER_Q+1)/2), (msg[i] >> j)&1);
}
+ }
}
/*************************************************
diff --git a/crypto_kem/kyber768/m4fspeed/cmov_int16.S b/crypto_kem/kyber768/m4fspeed/cmov_int16.S
new file mode 100644
index 00000000..4f7dcc6c
--- /dev/null
+++ b/crypto_kem/kyber768/m4fspeed/cmov_int16.S
@@ -0,0 +1,15 @@
+.syntax unified
+.cpu cortex-m4
+.thumb
+
+// void cmov_int16(int16_t *r, int16_t v, uint16_t b)
+.global cmov_int16
+.type cmov_int16, %function
+.align 2
+cmov_int16:
+ cmp.w r2, #0
+ ldrsh.w r3, [r0]
+ it ne
+ movne.w r3, r1
+ strh.w r3, [r0]
+ bx lr
\ No newline at end of file
diff --git a/crypto_kem/kyber768/m4fspeed/poly.c b/crypto_kem/kyber768/m4fspeed/poly.c
index f73f1acd..b52060f9 100644
--- a/crypto_kem/kyber768/m4fspeed/poly.c
+++ b/crypto_kem/kyber768/m4fspeed/poly.c
@@ -587,6 +587,9 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
pointwise_sub(r->coeffs,a->coeffs,b->coeffs);
}
+
+void cmov_int16(int16_t *r, int16_t v, uint16_t b);
+
/*************************************************
* Name: poly_frommsg
*
@@ -595,16 +598,20 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
* Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *msg: pointer to input message
**************************************************/
-void poly_frommsg(poly *r, const unsigned char msg[KYBER_SYMBYTES]) {
- int i, j;
- uint16_t mask;
+void poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES])
+{
+ unsigned int i,j;
- for (i = 0; i < KYBER_SYMBYTES; i++) {
- for (j = 0; j < 8; j++) {
- mask = -((msg[i] >> j) & 1);
- r->coeffs[8 * i + j] = mask & ((KYBER_Q + 1) / 2);
- }
+#if (KYBER_INDCPA_MSGBYTES != KYBER_N/8)
+#error "KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!"
+#endif
+
+ for(i=0;icoeffs[8*i+j] = 0;
+ cmov_int16(r->coeffs+8*i+j, ((KYBER_Q+1)/2), (msg[i] >> j)&1);
}
+ }
}
/*************************************************
diff --git a/crypto_kem/kyber768/m4fstack/cmov_int16.S b/crypto_kem/kyber768/m4fstack/cmov_int16.S
new file mode 120000
index 00000000..9055f6ab
--- /dev/null
+++ b/crypto_kem/kyber768/m4fstack/cmov_int16.S
@@ -0,0 +1 @@
+../m4fspeed/cmov_int16.S
\ No newline at end of file
diff --git a/crypto_kem/kyber768/m4fstack/poly.c b/crypto_kem/kyber768/m4fstack/poly.c
index 29b959f7..35475adb 100644
--- a/crypto_kem/kyber768/m4fstack/poly.c
+++ b/crypto_kem/kyber768/m4fstack/poly.c
@@ -552,6 +552,8 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
pointwise_sub(r->coeffs,a->coeffs,b->coeffs);
}
+void cmov_int16(int16_t *r, int16_t v, uint16_t b);
+
/*************************************************
* Name: poly_frommsg
*
@@ -560,16 +562,20 @@ void poly_sub(poly *r, const poly *a, const poly *b) {
* Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *msg: pointer to input message
**************************************************/
-void poly_frommsg(poly *r, const unsigned char msg[KYBER_SYMBYTES]) {
- int i, j;
- uint16_t mask;
+void poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES])
+{
+ unsigned int i,j;
- for (i = 0; i < KYBER_SYMBYTES; i++) {
- for (j = 0; j < 8; j++) {
- mask = -((msg[i] >> j) & 1);
- r->coeffs[8 * i + j] = mask & ((KYBER_Q + 1) / 2);
- }
+#if (KYBER_INDCPA_MSGBYTES != KYBER_N/8)
+#error "KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!"
+#endif
+
+ for(i=0;icoeffs[8*i+j] = 0;
+ cmov_int16(r->coeffs+8*i+j, ((KYBER_Q+1)/2), (msg[i] >> j)&1);
}
+ }
}
/*************************************************
diff --git a/mupq b/mupq
index 12d739e1..d5d4ed32 160000
--- a/mupq
+++ b/mupq
@@ -1 +1 @@
-Subproject commit 12d739e1112c383d9e1e0276465b2ea2cdb82604
+Subproject commit d5d4ed32d3016346c2c882f0ca3c951936364205
diff --git a/skiplist.py b/skiplist.py
index b97c1b84..4f6a868b 100644
--- a/skiplist.py
+++ b/skiplist.py
@@ -240,4 +240,6 @@
{'scheme': 'dilithium2', 'implementation': 'm4fstack', 'estmemory': 12288},
{'scheme': 'dilithium5', 'implementation': 'm4fstack', 'estmemory': 21504},
{'scheme': 'dilithium3', 'implementation': 'm4fstack', 'estmemory': 17408},
+ {'scheme': 'falcon-padded-1024', 'implementation': 'clean', 'estmemory': 91136},
+ {'scheme': 'falcon-padded-512', 'implementation': 'clean', 'estmemory': 48128},
]