[TEST] Reduce crypto_sign_verify_internal stack usage

BIBLIOGRAPHY.md

@@ -30,6 +30,7 @@ source code and documentation.
   - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h)
   - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h)
   - [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h)
+  - [examples/monolithic_build_native/config_65.h](examples/monolithic_build_native/config_65.h)
   - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h)
   - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h)
   - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h)
@@ -76,6 +77,7 @@ source code and documentation.
   - [examples/monolithic_build/mldsa_native/mldsa_native_config.h](examples/monolithic_build/mldsa_native/mldsa_native_config.h)
   - [examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h)
   - [examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h)
+  - [examples/monolithic_build_native/config_65.h](examples/monolithic_build_native/config_65.h)
   - [examples/monolithic_build_native/mldsa_native/mldsa_native_config.h](examples/monolithic_build_native/mldsa_native/mldsa_native_config.h)
   - [examples/multilevel_build/mldsa_native/mldsa_native_config.h](examples/multilevel_build/mldsa_native/mldsa_native_config.h)
   - [examples/multilevel_build_native/mldsa_native/mldsa_native_config.h](examples/multilevel_build_native/mldsa_native/mldsa_native_config.h)

README.md

@@ -151,6 +151,15 @@ contracts and loop invariants from the code; they will be ignored unless `CBMC`
 
 Yes. mldsa-native supports all three ML-DSA security levels (ML-DSA-44, ML-DSA-65, ML-DSA-87) as defined in FIPS 204. The security level is a compile-time parameter configured by setting `MLD_CONFIG_PARAMETER_SET=44/65/87` in [config.h](mldsa/src/config.h).
 
+### Can I reduce RAM usage for embedded systems?
+
+Yes. mldsa-native provides a compile-time option `MLD_CONFIG_REDUCE_RAM` that reduces RAM usage by generating matrix rows on-demand rather than storing the entire matrix in memory. This trades memory for performance:
+
+- **Memory savings**: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65), 49 KB (ML-DSA-87)
+- **Performance cost**: Matrix generation is no longer batched, resulting in slower signing and verification
+
+To enable this mode, define `MLD_CONFIG_REDUCE_RAM` in [config.h](mldsa/src/config.h) or pass `-DMLD_CONFIG_REDUCE_RAM` as a compiler flag.
+
 ### Does mldsa-native use hedged or deterministic signing?
 
 By default, mldsa-native uses the randomized "hedged" signing variant as specified in FIPS 204 Section 3.4. The hedged variant uses both fresh randomness at signing time and precomputed randomness from the private key. This helps mitigate fault injection attacks and side-channel attacks while protecting against potential flaws in the random number generator.

examples/basic_deterministic/mldsa_native/mldsa_native_config.h

@@ -621,6 +621,24 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/bring_your_own_fips202/mldsa_native/mldsa_native_config.h

@@ -621,6 +621,24 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/bring_your_own_fips202_static/mldsa_native/mldsa_native_config.h

@@ -622,6 +622,24 @@
  *****************************************************************************/
 #define MLD_CONFIG_SERIAL_FIPS202_ONLY
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/custom_backend/mldsa_native/mldsa_native_config.h

@@ -617,6 +617,24 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/monolithic_build/mldsa_native/mldsa_native_config.h

@@ -620,6 +620,24 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/monolithic_build_multilevel/mldsa_native/mldsa_native_config.h

@@ -621,6 +621,24 @@
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */

examples/monolithic_build_multilevel_native/mldsa_native/mldsa_native_config.h

@@ -628,6 +628,24 @@ static MLD_INLINE void mld_randombytes(uint8_t *ptr, size_t len)
  *****************************************************************************/
 /* #define MLD_CONFIG_SERIAL_FIPS202_ONLY */
 
+/******************************************************************************
+ * Name:        MLD_CONFIG_REDUCE_RAM
+ *
+ * Description: Set this to reduce RAM usage by generating matrix rows
+ *              on-demand rather than storing the entire matrix in memory.
+ *
+ *              This trades memory for performance:
+ *              - Memory savings: 12 KB (ML-DSA-44), 25 KB (ML-DSA-65),
+ *                49 KB (ML-DSA-87)
+ *              - Performance cost: Matrix generation is no longer batched,
+ *                resulting in slower signing and verification
+ *
+ *              This option is useful for embedded systems with tight RAM
+ *              constraints but relaxed performance requirements.
+ *
+ *****************************************************************************/
+#define MLD_CONFIG_REDUCE_RAM
+
 /*************************  Config internals  ********************************/
 
 #endif /* MLD_BUILD_INTERNAL */