List view
Hacl.Spec.Gf128.CT64 - br_add (Addition over Galois field 2^128 "XOR") - br_rev64 (Reverese bit order in 64-bit variable) - br_bmul64 (Carry-less multiplication of two 64-bit variables: Regular multiplication for each bit in half byte and summing (XORing) the products) - br_bmul256 (128*128->256 carrylessly) - br_reduce (Shift-based 256->128 reduction: Let a = input 256-bit variale, proof the procudure is equal to - a1 = a[128:255] * irreducible polynomial - a2 = a1[128:191] * irreducible polynomial - output = a[0:127] + a1[0:127] + a2) - br_bmul128_reduce_lemma (128*128 mod irreducible polynomial, implies verifying the equation over Galois field 2^128) - br_bmul256_reduce4_lemma (Likewise br_bmul128_reduce_lemma for 4-blocks) Hacl.Spec.Gf128.FieldNI - cl_add (Likewise br_add) - Done! - clmul_wide (Likewise br_bmul256) - clmul_wide4 (Likewise clmul_wide for 4-blocks) - gf128_clmul_wide_reduce_lemma (Likewise br_bmul128_reduce_lemma) - gf128_clmul_wide4_reduce_lemma (Likewise br_bmul256_reduce4_lemma) Hacl.Impl.AES.CoreBitSlice - sub_bytes_state (verified) - shift_rows_state - mix_columns_state - xor_state_key (XOR) - aes_enc - aes_enc_last - aes_keygen_assist
Overdue by 2 year(s)•Due by September 30, 2023