Skip to content

HOL-Light: x86 INTT output bound <=26632 -> <=26631 #1394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mkannwischer wants to merge 0 commits into from
Closed

HOL-Light: x86 INTT output bound <=26632 -> <=26631 #1394

mkannwischer wants to merge 0 commits into from

Conversation

@mkannwischer
Copy link
Contributor

@mkannwischer mkannwischer commented Dec 16, 2025

During #1393, we noticed that the HOL-Light proof for the x86 INTT proves the bound <=26632, while our contract requires <= 26631.
This commit corrects the bound in the HOL-Light specification.

@mkannwischer mkannwischer force-pushed the hol-light-fix-intt-bound branch 3 times, most recently from 76a780f to 3c005aa Compare December 16, 2025 01:03
@mkannwischer mkannwischer marked this pull request as ready for review December 16, 2025 09:15
@mkannwischer mkannwischer requested a review from a team as a code owner December 16, 2025 09:15
mkannwischer added a commit to mkannwischer/s2n-bignum that referenced this pull request Dec 16, 2025
@mkannwischer
Correct x86 ML-KEM inverse NTT output bound
25eb52d 
While integrating the x86 ML-KEM inverse NTT proof into mlkem-native (more
specifically when adding the corresponding CBMC contract and trying to
prove it's adherence to out API contracts), we noticed that the output bound
in the HOL-Light specification is off by one:
mlkem-native requires < 26632 = 8*q, while the HOL-Light specification states
<= 26632.
This commit corrects the specification. No change to the proof is required.

 - See pq-code-package/mlkem-native#1394

Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer added a commit to mkannwischer/s2n-bignum that referenced this pull request Dec 16, 2025
@mkannwischer
Correct x86 ML-KEM inverse NTT output bound
c87cc96 
While integrating the x86 ML-KEM inverse NTT proof into mlkem-native (more
specifically when adding the corresponding CBMC contract and trying to
prove its adherence to out API contracts), we noticed that the output bound
in the HOL-Light specification is off by one:
mlkem-native requires < 26632 (8q), while the HOL-Light specification states
<= 26632.
This commit corrects the specification. No change to the proof is required.

 - See pq-code-package/mlkem-native#1394

Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer added a commit to mkannwischer/s2n-bignum that referenced this pull request Dec 16, 2025
@mkannwischer
Correct x86 ML-KEM inverse NTT output bound
7e3d4ef 
While integrating the x86 ML-KEM inverse NTT proof into mlkem-native (more
specifically when adding the corresponding CBMC contract and trying to
prove its adherence to the API contracts), we noticed that the output bound
in the HOL-Light specification is off by one:
mlkem-native requires < 26632 (8q), while the HOL-Light specification states
<= 26632.
This commit corrects the specification. No change to the proof is required.

 - See pq-code-package/mlkem-native#1394

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer mkannwischer mentioned this pull request Dec 16, 2025
Merged
@hanno-becker hanno-becker mentioned this pull request Dec 16, 2025
Merged
@hanno-becker hanno-becker force-pushed the hol-light-fix-intt-bound branch from 3c005aa to fb3ed8b Compare December 16, 2025 16:38
@mkannwischer
Copy link
Contributor Author

mkannwischer commented Dec 17, 2025

Merged as a part of #1383

jargh pushed a commit to awslabs/s2n-bignum that referenced this pull request Dec 20, 2025
@mkannwischer
Correct x86 ML-KEM inverse NTT output bound (#321)
e323c1a 
While integrating the x86 ML-KEM inverse NTT proof into mlkem-native (more
specifically when adding the corresponding CBMC contract and trying to
prove its adherence to the API contracts), we noticed that the output bound
in the HOL-Light specification is off by one:
mlkem-native requires < 26632 (8q), while the HOL-Light specification states
<= 26632.
This commit corrects the specification. No change to the proof is required.

 - See pq-code-package/mlkem-native#1394

Signed-off-by: Matthias J. Kannwischer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hanno-becker hanno-becker hanno-becker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mkannwischer @hanno-becker