libcrux-ml-dsa 0.0.4

Libcrux ML-DSA implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

// These functions constitute an executable specification for generating
// |SHUFFLE_TABLE| below. It is written in Rust
// so the code can be formally verified. They are not called anywhere
// except in a unit-test in this file.
//
// |SHUFFLE_TABLE| was originally generated using a
// python script.
#[allow(dead_code)]
fn is_bit_set(number: usize, bit_position: u8) -> bool {
    ((number & (1 << bit_position)) >> bit_position) == 1
}
#[allow(dead_code)]
fn generate_shuffle_table() -> [[u8; 16]; 16] {
    let mut byte_shuffles = [[255u8; 16]; 16];

    for bit_pattern in 0..(1 << 4) {
        let mut byte_shuffles_index = 0;

        for bit_position in 0..4 {
            if is_bit_set(bit_pattern, bit_position) {
                byte_shuffles[bit_pattern][byte_shuffles_index] = bit_position * 4;
                byte_shuffles_index += 1;

                byte_shuffles[bit_pattern][byte_shuffles_index] = (bit_position * 4) + 1;
                byte_shuffles_index += 1;

                byte_shuffles[bit_pattern][byte_shuffles_index] = (bit_position * 4) + 2;
                byte_shuffles_index += 1;

                byte_shuffles[bit_pattern][byte_shuffles_index] = (bit_position * 4) + 3;
                byte_shuffles_index += 1;
            }
        }
    }

    byte_shuffles
}

pub(crate) const SHUFFLE_TABLE: [[u8; 16]; 16] = [
    [
        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x04, 0x05, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff,
        0xff,
    ],
    [
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
        0x0f,
    ],
];

mod tests {
    #[test]
    fn test_generate_shuffle_table() {
        assert_eq!(super::generate_shuffle_table(), super::SHUFFLE_TABLE);
    }
}