Skip to content

Refactor mlk_polymat_permute_bitrev_to_custom #1336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mkannwischer wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Refactor mlk_polymat_permute_bitrev_to_custom #1336

mkannwischer wants to merge 2 commits into from

Conversation

@mkannwischer
Copy link
Contributor

@mkannwischer mkannwischer commented Dec 3, 2025
edited
Loading

This commit refactors mlk_polymat_permute_bitrev_to_custom to not require the helper function mlk_polyvec_permute_bitrev_to_custom. The function was only needed due CBMC limitations.

@mkannwischer mkannwischer force-pushed the refactor-polymat-permute branch from 18ed177 to 28046a2 Compare December 3, 2025 09:18
@mkannwischer
Copy link
Contributor Author

mkannwischer commented Dec 3, 2025
edited
Loading

This proves fine in a couple of seconds for MLKEM_K=3, but spins forever for MLKEM_K=2 and MLKEM_K=4:

$ tests cbmc -p polymat_permute_bitrev_to_custom_native --k 3

For your convenience, the output of this run will be symbolically linked to  /Users/matthiaskannwischer/git/native/mlkem-native/proofs/cbmc/output/latest/html/index.html 

Configuring CBMC proofs: 1 / 1
[16/16] mlk_polymat_permute_bitrev_to_custom_native: generating report                                                                                                                                                                                                                                                                                                  
Report was rendered at file:///Users/matthiaskannwischer/git/native/mlkem-native/proofs/cbmc/output/latest/html/index.html
## Summary of CBMC proof results

| Status  | Count |
|---------|-------|
| Success | 1     |

| Proof                                       | Status  | Duration (in s) |
|---------------------------------------------|---------|-----------------|
| mlk_polymat_permute_bitrev_to_custom_native | Success | 6               |


WARNING:root:$GITHUB_STEP_SUMMARY not set, not writing summary file
All good!
Matthiass-MacBook-Pro:mlkem-native matthiaskannwischer$ tests cbmc -p polymat_permute_bitrev_to_custom_native --k 2

For your convenience, the output of this run will be symbolically linked to  /Users/matthiaskannwischer/git/native/mlkem-native/proofs/cbmc/output/latest/html/index.html 

Configuring CBMC proofs: 1 / 1
[14/16] mlk_polymat_permute_bitrev_to_custom_native: printing safety properties

Makes no sense to me.
@rod-chapman, any ideas?

@rod-chapman
Copy link
Contributor

rod-chapman commented Dec 3, 2025

Since we introduced struct wrappers around mlk_polyvec and mlk_polymat, the latter is now a struct that contains a K-element array of structs, each of which contains a single K-element array of mlk_poly.

This new code is trying to treat that as a single-dimensional array of K*K mlk_poly's by the look of it. That's bound to cause serious complications for CBMC.

Try a nested loop, so the code structure matches the data structure.

@rod-chapman rod-chapman force-pushed the refactor-polymat-permute branch from cc0d751 to 782e470 Compare December 18, 2025 11:04
@hanno-becker
Copy link
Contributor

hanno-becker commented Jan 2, 2026

@mkannwischer Can you comment on state/plans for this?

@mkannwischer
Copy link
Contributor Author

mkannwischer commented Jan 6, 2026

@mkannwischer Can you comment on state/plans for this?

See pq-code-package/mldsa-native#770 - we are waiting for diffblue/cbmc#8705 to be merged.

@willieyz, could you rebase this PR and also include the experimental branch of CBMC so we can confirm that the proofs pass with that version.

@willieyz
Copy link
Contributor

willieyz commented Jan 6, 2026

@mkannwischer Can you comment on state/plans for this?

See pq-code-package/mldsa-native#770 - we are waiting for diffblue/cbmc#8705 to be merged.

@willieyz, could you rebase this PR and also include the experimental branch of CBMC so we can confirm that the proofs pass with that version.

Yes, I can do it.

@willieyz willieyz force-pushed the refactor-polymat-permute branch 3 times, most recently from 9c47daa to 6ce031c Compare January 6, 2026 10:15
@willieyz
Refactor mlk_polymat_permute_bitrev_to_custom
4f7ba63 
This commit refactors mlk_polymat_permute_bitrev_to_custom to not require the
helper function mlk_polyvec_permute_bitrev_to_custom.
The function was only needed due CBMC limitations.

Also updates CBMC to trial new build
(CBMC PR[#8705](https://github.com/pq-code-package/mlkem-native/issues/8705))
that solves performance problem for this proof.

Simplify polymat_permite_bitrev_to_customer() (native version)

The code structure now mimics the data structure to make proof tractable.
Also updates Makefile for this proof in line with the similar function
in mldsa-native.

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
Signed-off-by: Rod Chapman <rodchap@amazon.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
@willieyz
[TEST] Switch to tautschnig's experimental CBMC
1745ecc 
Signed-off-by: willieyz <willie.zhao@chelpis.com>
@willieyz willieyz force-pushed the refactor-polymat-permute branch from 6ce031c to 1745ecc Compare January 6, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CBMC: Refactor mlk_polymat_permute_bitrev_to_custom and prove monolithically

5 participants

@mkannwischer @rod-chapman @hanno-becker @willieyz