[crypto] ML-DSA-87: sec_a2b, sec_b2a, sec_add, sec_unmask (1/14)#29639
Open
andrea-caforio wants to merge 4 commits intolowRISC:masterfrom
Open
[crypto] ML-DSA-87: sec_a2b, sec_b2a, sec_add, sec_unmask (1/14)#29639andrea-caforio wants to merge 4 commits intolowRISC:masterfrom
sec_a2b, sec_b2a, sec_add, sec_unmask (1/14)#29639andrea-caforio wants to merge 4 commits intolowRISC:masterfrom
Conversation
andrea-caforio
changed the title
sec_a2b, sec_b2a, sec_add, sec_unmasksec_a2b, sec_b2a, sec_add, sec_unmask (1/14)
andrea-caforio
added
Type:Enhancement
andrea-caforio
force-pushed
the
mldsa87-sign-1
branch
from
6518000 to
57b2a9b
Compare
etterli
reviewed
Mar 31, 2026
Contributor
etterli
left a comment
etterli
left a comment
There was a problem hiding this comment.
Nice stuff. I reviewed the gadgets, tests will follow tomorrow.
| jal x1, _mai_poll | ||
|
|
||
| /* Read back the result. */ | ||
| bn.wsrr w0, MAI_RES_S0 |
Contributor
There was a problem hiding this comment.
Is it save to overwrite x0_A with x0_B? It should because the conversion is performs also a re-masking?
Contributor
Author
There was a problem hiding this comment.
I think it is okay. There shouldn't be any leakage.
Signed-off-by: Andrea Caforio <andrea.caforio@lowrisc.org>
Signed-off-by: Andrea Caforio <andrea.caforio@lowrisc.org>
andrea-caforio
force-pushed
the
mldsa87-sign-1
branch
from
57b2a9b to
58fbec6
Compare
etterli
approved these changes
Apr 1, 2026
Contributor
etterli
left a comment
etterli
left a comment
There was a problem hiding this comment.
Just some comment NITs, otherwise good :)
Signed-off-by: Andrea Caforio <andrea.caforio@lowrisc.org>
Signed-off-by: Andrea Caforio <andrea.caforio@lowrisc.org>
andrea-caforio
force-pushed
the
mldsa87-sign-1
branch
from
58fbec6 to
05543fd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The first batch of secure gadgets.
This is a series of PRs that in their composition result in FIPS-204-compliant OTBN implementation of ML-DSA-87 sign.
Resources
Gadgets
sec_a2b,sec_b2a,sec_add,sec_unmasksec_leq,sec_bound_checksec_decomposeSampling
sample_mask_poly,expand_maskEncoding
decode_t0decode_w1encode_zCommitment
decompose_w,compute_wSignature
compute_z,encode_sigNorm
check_infinity_norm_zcompute_r0,unmask_r0,check_infinity_norm_r0Hint
make_hint,compute_carriescheck_hamming_weight,compress_hintEpilogue
app