Skip to content

pk_from_sk: Add validation of s1 and s2 #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mkannwischer merged 1 commit into from
Jan 6, 2026
Merged

pk_from_sk: Add validation of s1 and s2 #841

mkannwischer merged 1 commit into from
Jan 6, 2026

Conversation

@mkannwischer
Copy link
Contributor

@mkannwischer mkannwischer commented Jan 5, 2026

Altenative to #807 (re-using chknorm instead of re-implementing a norm check, omitting tests for now).

This commit adds validation of the s1 and s2 components of the secret key to the pk_from_sk function. It checks if coefficients are within the valid bound [-MLDSA_ETA, MLDSA_ETA] by using the chknorm function that is already present in the code.

Documentation and CBMC proofs are adjusted accordingly.

@mkannwischer mkannwischer changed the title pk_from_sk: Add validation of s1 and s2 pk_from_sk: Add validation of s1 and s2 Jan 5, 2026
@mkannwischer mkannwischer mentioned this pull request Jan 5, 2026
Open
hanno-becker
hanno-becker reviewed Jan 5, 2026
View reviewed changes
@mkannwischer mkannwischer force-pushed the validate-sk branch 2 times, most recently from 81d158f to a8738b1 Compare January 5, 2026 05:51
hanno-becker
hanno-becker reviewed Jan 5, 2026
View reviewed changes
hanno-becker
hanno-becker approved these changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@hanno-becker hanno-becker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only one nit regarding variable naming

@mkannwischer
pk_from_sk: Add validation of s1 and s2
ebf11b6 
Altenative to #807

This commit adds validation of the s1 and s2 components of the secret key
to the pk_from_sk function. It checks if coefficients are within the valid
bound [-MLDSA_ETA, MLDSA_ETA] by using the chknorm function that is
already present in the code.

Documentation and CBMC proofs are adjusted accordingly.

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer mkannwischer marked this pull request as ready for review January 6, 2026 01:51
@mkannwischer mkannwischer requested a review from a team as a code owner January 6, 2026 01:51
@mkannwischer mkannwischer merged commit fd8be9c into main Jan 6, 2026
333 checks passed
@mkannwischer mkannwischer deleted the validate-sk branch January 6, 2026 02:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hanno-becker hanno-becker hanno-becker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mkannwischer @hanno-becker