mlkem-rust-libcrux PQ code packages update (Tue Jul 9 10:38:18 CEST 2024) - libcrux revision 4f6d0e93f1a5929ebf118a39bf8bfa9a532f8377

Signed-off-by: Franziskus Kiefer <[email protected]>

Author: franziskuskiefer

.gitignore

@@ -2,4 +2,6 @@
 # (TODO customize .gitignore for project)
 
 .vscode
-.idea
+.idea
+/target
+Cargo.lock

Cargo.toml

@@ -0,0 +1,51 @@
+[package]
+name = "libcrux-ml-kem"
+version = "0.0.2-alpha.1"
+authors = ["Cryspen"]
+license = "Apache-2.0"
+homepage = "https://github.com/cryspen/libcrux"
+edition = "2021"
+repository = "https://github.com/cryspen/libcrux"
+readme = "Readme.md"
+exclude = ["/tests"]
+
+[workspace]
+member = ["."]
+
+[dependencies]
+rand_core = { version = "0.6" }
+libcrux-platform = { version = "0.0.2-alpha.1" }
+libcrux-sha3 = { version = "0.0.2-alpha.1" }
+libcrux-intrinsics = {  version = "0.0.2-alpha.1" }
+
+# This is only required for verification.
+# The hax config is set by the hax toolchain.
+[target.'cfg(hax)'.dependencies]
+hax-lib = { git = "https://github.com/hacspec/hax/" }
+
+[features]
+default = ["std", "mlkem512", "mlkem768", "mlkem1024"]
+simd128 = ["libcrux-sha3/simd128"]
+simd256 = ["libcrux-sha3/simd256"]
+mlkem512 = []
+mlkem768 = []
+mlkem1024 = []
+std = []
+kyber = []
+pre-verification = []
+
+[dev-dependencies]
+rand = { version = "0.8" }
+serde_json = { version = "1.0" }
+serde = { version = "1.0", features = ["derive"] }
+hex = { version = "0.4.3", features = ["serde"] }
+criterion = "0.5"
+
+[[bench]]
+name = "ml-kem"
+harness = false
+
+[profile.release]
+lto = "fat"
+codegen-units = 1
+panic = "abort"

benches/ml-kem.rs

@@ -0,0 +1,165 @@
+use std::hint::black_box;
+use std::time::Duration;
+
+use criterion::{criterion_group, criterion_main, BatchSize, Criterion};
+use rand_core::OsRng;
+use rand_core::RngCore;
+
+use libcrux_ml_kem::mlkem768;
+
+pub fn comparisons_key_generation(c: &mut Criterion) {
+    let mut rng = OsRng;
+    let mut group = c.benchmark_group("Kyber768 Key Generation");
+    group.measurement_time(Duration::from_secs(10));
+
+    group.bench_function("libcrux portable (external random)", |b| {
+        let mut seed = [0; 64];
+        rng.fill_bytes(&mut seed);
+        b.iter(|| {
+            let _kp = mlkem768::generate_key_pair(seed);
+        })
+    });
+
+    // group.bench_function("libcrux portable (HACL-DRBG)", |b| {
+    //     b.iter(|| {
+    //         let (_secret_key, _public_key) =
+    //             libcrux::kem::key_gen(Algorithm::MlKem768, &mut drbg).unwrap();
+    //     })
+    // });
+
+    // group.bench_function("libcrux portable (OsRng)", |b| {
+    //     b.iter(|| {
+    //         let (_secret_key, _public_key) =
+    //             libcrux::kem::key_gen(Algorithm::MlKem768, &mut rng).unwrap();
+    //     })
+    // });
+
+    // group.bench_function("pqclean reference implementation", |b| {
+    //     b.iter(|| {
+    //         let (_public_key, _secret_key) = pqcrypto_kyber::kyber768::keypair();
+    //     })
+    // });
+}
+
+pub fn comparisons_pk_validation(c: &mut Criterion) {
+    let mut rng = OsRng;
+    let mut group = c.benchmark_group("Kyber768 PK Validation");
+    group.measurement_time(Duration::from_secs(10));
+
+    group.bench_function("libcrux portable", |b| {
+        let mut seed = [0; 64];
+        rng.fill_bytes(&mut seed);
+        b.iter_batched(
+            || {
+                let keypair = mlkem768::generate_key_pair(seed);
+                keypair.public_key().as_slice().into()
+            },
+            |public_key| {
+                let _valid = black_box(mlkem768::validate_public_key(public_key));
+            },
+            BatchSize::SmallInput,
+        )
+    });
+}
+
+pub fn comparisons_encapsulation(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Kyber768 Encapsulation");
+    group.measurement_time(Duration::from_secs(10));
+
+    group.bench_function("libcrux portable (external random)", |b| {
+        let mut seed1 = [0; 64];
+        OsRng.fill_bytes(&mut seed1);
+        let mut seed2 = [0; 32];
+        OsRng.fill_bytes(&mut seed2);
+        b.iter_batched(
+            || mlkem768::generate_key_pair(seed1),
+            |keypair| {
+                let (_shared_secret, _ciphertext) =
+                    mlkem768::encapsulate(keypair.public_key(), seed2);
+            },
+            BatchSize::SmallInput,
+        )
+    });
+
+    // group.bench_function("libcrux portable", |b| {
+    //     b.iter_batched(
+    //         || {
+    //             let mut drbg = Drbg::new(digest::Algorithm::Sha256).unwrap();
+    //             let (_secret_key, public_key) =
+    //                 libcrux::kem::key_gen(Algorithm::MlKem768, &mut drbg).unwrap();
+
+    //             (drbg, public_key)
+    //         },
+    //         |(mut rng, public_key)| {
+    //             let (_shared_secret, _ciphertext) = public_key.encapsulate(&mut rng).unwrap();
+    //         },
+    //         BatchSize::SmallInput,
+    //     )
+    // });
+
+    // group.bench_function("pqclean reference implementation", |b| {
+    //     b.iter_batched(
+    //         || {
+    //             let (public_key, _secret_key) = pqcrypto_kyber::kyber768::keypair();
+
+    //             public_key
+    //         },
+    //         |public_key| {
+    //             let (_shared_secret, _ciphertext) =
+    //                 pqcrypto_kyber::kyber768::encapsulate(&public_key);
+    //         },
+    //         BatchSize::SmallInput,
+    //     )
+    // });
+}
+
+pub fn comparisons_decapsulation(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Kyber768 Decapsulation");
+    group.measurement_time(Duration::from_secs(10));
+
+    group.bench_function("libcrux portable", |b| {
+        let mut seed1 = [0; 64];
+        OsRng.fill_bytes(&mut seed1);
+        let mut seed2 = [0; 32];
+        OsRng.fill_bytes(&mut seed2);
+        b.iter_batched(
+            || {
+                let keypair = mlkem768::generate_key_pair(seed1);
+                let (ciphertext, _shared_secret) =
+                    mlkem768::encapsulate(keypair.public_key(), seed2);
+                (keypair, ciphertext)
+            },
+            |(keypair, ciphertext)| {
+                let _shared_secret = mlkem768::decapsulate(keypair.private_key(), &ciphertext);
+            },
+            BatchSize::SmallInput,
+        )
+    });
+
+    // group.bench_function("pqclean reference implementation", |b| {
+    //     b.iter_batched(
+    //         || {
+    //             let (public_key, secret_key) = pqcrypto_kyber::kyber768::keypair();
+    //             let (_shared_secret, ciphertext) =
+    //                 pqcrypto_kyber::kyber768::encapsulate(&public_key);
+
+    //             (ciphertext, secret_key)
+    //         },
+    //         |(ciphertext, secret_key)| {
+    //             let _shared_secret =
+    //                 pqcrypto_kyber::kyber768::decapsulate(&ciphertext, &secret_key);
+    //         },
+    //         BatchSize::SmallInput,
+    //     )
+    // });
+}
+
+pub fn comparisons(c: &mut Criterion) {
+    comparisons_pk_validation(c);
+    comparisons_key_generation(c);
+    comparisons_encapsulation(c);
+    comparisons_decapsulation(c);
+}
+
+criterion_group!(benches, comparisons);
+criterion_main!(benches);

build.rs

@@ -0,0 +1,34 @@
+use std::env;
+
+fn main() {
+    let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap();
+    let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128");
+    let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256");
+
+    // Force a simd build. Make sure you know what you're doing.
+    let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128");
+    let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256");
+
+    let simd128_possible = target_arch == "aarch64";
+    if (simd128_possible || enable_simd128) && !disable_simd128 {
+        // We enable simd128 on all aarch64 builds.
+        println!("cargo:rustc-cfg=feature=\"simd128\"");
+    }
+    let simd126_possible = target_arch == "x86_64";
+    if (simd126_possible || enable_simd256) && !disable_simd256 {
+        // We enable simd256 on all x86_64 builds.
+        // Note that this doesn't mean the required CPU features are available.
+        // But the compiler will support them and the runtime checks ensure that
+        // it's only used when available.
+        //
+        // We don't enable this on x86 because it seems to generate invalid code.
+        println!("cargo:rustc-cfg=feature=\"simd256\"");
+    }
+}
+
+fn read_env(key: &str) -> bool {
+    match env::var(key) {
+        Ok(s) => s == "1" || s == "y" || s == "Y",
+        Err(_) => false,
+    }
+}

examples/decapsulate.rs

@@ -0,0 +1,16 @@
+use libcrux_ml_kem::{mlkem768, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE};
+use rand::{rngs::OsRng, RngCore};
+
+fn main() {
+    let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE];
+    OsRng.fill_bytes(&mut randomness);
+
+    let key_pair = mlkem768::generate_key_pair(randomness);
+    let mut randomness = [0u8; ENCAPS_SEED_SIZE];
+    OsRng.fill_bytes(&mut randomness);
+    let (ct, _ss) = mlkem768::encapsulate(key_pair.public_key(), randomness);
+
+    for _ in 0..100_000 {
+        let _ = mlkem768::decapsulate(key_pair.private_key(), &ct);
+    }
+}

examples/encapsulate.rs

@@ -0,0 +1,15 @@
+use libcrux_ml_kem::{mlkem768, ENCAPS_SEED_SIZE, KEY_GENERATION_SEED_SIZE};
+use rand::{rngs::OsRng, RngCore};
+
+fn main() {
+    let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE];
+    OsRng.fill_bytes(&mut randomness);
+
+    let key_pair = mlkem768::generate_key_pair(randomness);
+
+    let mut randomness = [0u8; ENCAPS_SEED_SIZE];
+    for _ in 0..100_000 {
+        OsRng.fill_bytes(&mut randomness);
+        let _ = mlkem768::encapsulate(key_pair.public_key(), randomness);
+    }
+}

examples/keygen.rs

@@ -0,0 +1,10 @@
+use libcrux_ml_kem::{mlkem768, KEY_GENERATION_SEED_SIZE};
+use rand::{rngs::OsRng, RngCore};
+
+fn main() {
+    let mut randomness = [0u8; KEY_GENERATION_SEED_SIZE];
+    for _ in 0..100_000 {
+        OsRng.fill_bytes(&mut randomness);
+        let _ = mlkem768::generate_key_pair(randomness);
+    }
+}

src/PERFORMANCE.md

@@ -0,0 +1,8 @@
+N.B.: All measurements were taken on an M1 MacBook Air with 16 GB of memory.
+
+|           |   Key Generation (µs) |   Encapsulation (µs) |   Decapsulation (µs) |
+|:----------|----------------------:|---------------------:|---------------------:|
+| libcrux   |               30.671  |              36.31   |              36.3    |
+| BoringSSL |               33.8152 |              28.7323 |              35.2664 |
+| CIRCL     |               39.785  |              44.517  |              49.626  |
+| PQClean   |               30.671  |              38.511  |              43.458  |

src/cfg.rs

@@ -0,0 +1,32 @@
+/// Macro to simplify feature gating of verified code that should only be enabled
+/// when unverified code is disabled.
+macro_rules! cfg_verified {
+    ($($item:item)*) => {
+        $(
+            #[cfg(not(feature = "pre-verification"))]
+            #[allow(missing_docs)]
+            $item
+        )*
+    }
+}
+
+/// Macro to simplify `pre-verification` feature gating
+macro_rules! cfg_pre_verification {
+    ($($item:item)*) => {
+        $(
+            #[cfg(feature = "pre-verification")]
+            $item
+        )*
+    }
+}
+
+/// Macro to simplify `kyber` feature gating
+#[cfg(feature = "pre-verification")]
+macro_rules! cfg_kyber {
+    ($($item:item)*) => {
+        $(
+            #[cfg(feature = "kyber")]
+            $item
+        )*
+    }
+}