Skip to content

Latest commit

 

History

History

cbmc

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
KeccakF1600_StateExtractBytes
KeccakF1600_StateExtractBytes
 
 
KeccakF1600_StateExtractBytes_BE
KeccakF1600_StateExtractBytes_BE
 
 
KeccakF1600_StatePermute
KeccakF1600_StatePermute
 
 
KeccakF1600_StatePermute_native
KeccakF1600_StatePermute_native
 
 
KeccakF1600_StateXORBytes
KeccakF1600_StateXORBytes
 
 
KeccakF1600_StateXORBytes_BE
KeccakF1600_StateXORBytes_BE
 
 
KeccakF1600x4_StateExtractBytes
KeccakF1600x4_StateExtractBytes
 
 
KeccakF1600x4_StatePermute
KeccakF1600x4_StatePermute
 
 
KeccakF1600x4_StatePermute_native_x2
KeccakF1600x4_StatePermute_native_x2
 
 
KeccakF1600x4_StatePermute_native_x4
KeccakF1600x4_StatePermute_native_x4
 
 
KeccakF1600x4_StateXORBytes
KeccakF1600x4_StateXORBytes
 
 
barrett_reduce
barrett_reduce
 
 
crypto_kem_dec
crypto_kem_dec
 
 
crypto_kem_enc
crypto_kem_enc
 
 
crypto_kem_enc_derand
crypto_kem_enc_derand
 
 
crypto_kem_keypair
crypto_kem_keypair
 
 
crypto_kem_keypair_derand
crypto_kem_keypair_derand
 
 
ct_cmask_neg_i16
ct_cmask_neg_i16
 
 
ct_cmask_nonzero_u16
ct_cmask_nonzero_u16
 
 
ct_cmask_nonzero_u8
ct_cmask_nonzero_u8
 
 
ct_cmov_zero
ct_cmov_zero
 
 
ct_memcmp
ct_memcmp
 
 
ct_sel_int16
ct_sel_int16
 
 
ct_sel_uint8
ct_sel_uint8
 
 
fqmul
fqmul
 
 
gen_matrix
gen_matrix
 
 
gen_matrix_native
gen_matrix_native
 
 
indcpa_dec
indcpa_dec
 
 
indcpa_enc
indcpa_enc
 
 
indcpa_keypair_derand
indcpa_keypair_derand
 
 
invntt_layer
invntt_layer
 
 
keccak_absorb_once
keccak_absorb_once
 
 
keccak_absorb_once_x4
keccak_absorb_once_x4
 
 
keccak_squeeze_once
keccak_squeeze_once
 
 
keccak_squeezeblocks
keccak_squeezeblocks
 
 
keccak_squeezeblocks_x4
keccak_squeezeblocks_x4
 
 
lib
lib
 
 
matvec_mul
matvec_mul
 
 
montgomery_reduce
montgomery_reduce
 
 
ntt_butterfly_block
ntt_butterfly_block
 
 
ntt_layer
ntt_layer
 
 
poly_add
poly_add
 
 
poly_cbd_eta1
poly_cbd_eta1
 
 
poly_cbd_eta2
poly_cbd_eta2
 
 
poly_compress_du
poly_compress_du
 
 
poly_compress_dv
poly_compress_dv
 
 
poly_decompress_du
poly_decompress_du
 
 
poly_decompress_dv
poly_decompress_dv
 
 
poly_frombytes
poly_frombytes
 
 
poly_frombytes_native
poly_frombytes_native
 
 
poly_frommsg
poly_frommsg
 
 
poly_getnoise_eta1122_4x
poly_getnoise_eta1122_4x
 
 
poly_getnoise_eta1122_4x_native
poly_getnoise_eta1122_4x_native
 
 
poly_getnoise_eta1_4x
poly_getnoise_eta1_4x
 
 
poly_getnoise_eta2
poly_getnoise_eta2
 
 
poly_invntt_tomont
poly_invntt_tomont
 
 
poly_invntt_tomont_native
poly_invntt_tomont_native
 
 
poly_mulcache_compute
poly_mulcache_compute
 
 
poly_mulcache_compute_native
poly_mulcache_compute_native
 
 
poly_ntt
poly_ntt
 
 
poly_ntt_native
poly_ntt_native
 
 
poly_reduce
poly_reduce
 
 
poly_reduce_native
poly_reduce_native
 
 
poly_rej_uniform
poly_rej_uniform
 
 
poly_rej_uniform_x4
poly_rej_uniform_x4
 
 
poly_sub
poly_sub
 
 
poly_tobytes
poly_tobytes
 
 
poly_tobytes_native
poly_tobytes_native
 
 
poly_tomont
poly_tomont
 
 
poly_tomont_native
poly_tomont_native
 
 
poly_tomsg
poly_tomsg
 
 
polyvec_add
polyvec_add
 
 
polyvec_basemul_acc_montgomery
polyvec_basemul_acc_montgomery
 
 
polyvec_basemul_acc_montgomery_cached
polyvec_basemul_acc_montgomery_cached
 
 
polyvec_basemul_acc_montgomery_cached_native
polyvec_basemul_acc_montgomery_cached_native
 
 
polyvec_compress_du
polyvec_compress_du
 
 
polyvec_decompress_du
polyvec_decompress_du
 
 
polyvec_frombytes
polyvec_frombytes
 
 
polyvec_invntt_tomont
polyvec_invntt_tomont
 
 
polyvec_mulcache_compute
polyvec_mulcache_compute
 
 
polyvec_ntt
polyvec_ntt
 
 
polyvec_reduce
polyvec_reduce
 
 
polyvec_tobytes
polyvec_tobytes
 
 
polyvec_tomont
polyvec_tomont
 
 
rej_uniform
rej_uniform
 
 
rej_uniform_native
rej_uniform_native
 
 
rej_uniform_scalar
rej_uniform_scalar
 
 
scalar_compress_d1
scalar_compress_d1
 
 
scalar_compress_d10
scalar_compress_d10
 
 
scalar_compress_d11
scalar_compress_d11
 
 
scalar_compress_d4
scalar_compress_d4
 
 
scalar_compress_d5
scalar_compress_d5
 
 
scalar_decompress_d10
scalar_decompress_d10
 
 
scalar_decompress_d11
scalar_decompress_d11
 
 
scalar_decompress_d4
scalar_decompress_d4
 
 
scalar_decompress_d5
scalar_decompress_d5
 
 
scalar_signed_to_unsigned_q
scalar_signed_to_unsigned_q
 
 
sha3_256
sha3_256
 
 
sha3_512
sha3_512
 
 
shake128_absorb_once
shake128_absorb_once
 
 

README.md

CBMC proofs

Overview

This directory contains CBMC proofs for the absence of certain classes of undefined behaviour for parts of the C-code in mlkem-native.

Proofs are organized by functions, with the harnesses and proofs for each function in a separate directory.

See the Proof Guide for a walkthrough of how to use CBMC and develop new proofs.

Usage

To run all proofs, print a summary at the end and reflect overall success/failure in the error code, use

MLKEM_K={2,3,4} run-cbmc-proofs.py --summarize

If GITHUB_STEP_SUMMARY is set, the proof summary will be appended to it.

Alternatively, you can use the tests script, see

tests cbmc --help

Covered functions

Each proved function has an eponymous sub-directory of its own. Use list_proofs.sh to see the list of functions covered.