Conform to NIST FIPS-204 Draft Standard

.clang-format

@@ -81,7 +81,7 @@ BreakBeforeTernaryOperators: true
 BreakConstructorInitializers: BeforeComma
 BreakInheritanceList: BeforeComma
 BreakStringLiterals: true
-ColumnLimit:     120
+ColumnLimit:     172
 CommentPragmas:  '^ IWYU pragma:'
 CompactNamespaces: false
 ConstructorInitializerIndentWidth: 2

.github/workflows/test_ci.yml

@@ -1,4 +1,4 @@
-name: Test Dilithium Post-Quantum Digital Signature Scheme
+name: Test NIST FIPS 204 ML-DSA
 
 on:
   push:
@@ -23,8 +23,8 @@ jobs:
         mkdir build
         pushd build
         cmake .. -DBUILD_GMOCK=OFF
-        make
-        sudo make install
+        make -j
+        sudo make install -j
         popd
         popd
         popd

Makefile

@@ -13,7 +13,7 @@ DEP_IFLAGS = -I $(SHA3_INC_DIR)
 DUDECT_DEP_IFLAGS = $(DEP_IFLAGS) -I $(DUDECT_INC_DIR)
 
 SRC_DIR = include
-DILITHIUM_SOURCES := $(wildcard $(SRC_DIR)/*.hpp)
+ML_DSA_SOURCES := $(shell find $(SRC_DIR) -name '*.hpp')
 BUILD_DIR = build
 ASAN_BUILD_DIR = $(BUILD_DIR)/asan
 UBSAN_BUILD_DIR = $(BUILD_DIR)/ubsan
@@ -22,6 +22,7 @@ DUDECT_BUILD_DIR = $(BUILD_DIR)/dudect
 TEST_DIR = tests
 DUDECT_TEST_DIR = $(TEST_DIR)/dudect
 TEST_SOURCES := $(wildcard $(TEST_DIR)/*.cpp)
+TEST_HEADERS := $(wildcard $(TEST_DIR)/*.hpp)
 TEST_OBJECTS := $(addprefix $(BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES))))
 ASAN_TEST_OBJECTS := $(addprefix $(ASAN_BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES))))
 UBSAN_TEST_OBJECTS := $(addprefix $(UBSAN_BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES))))
@@ -57,13 +58,13 @@ $(BUILD_DIR):
 	mkdir -p $@
 
 $(SHA3_INC_DIR):
-	git submodule update --init
+	git submodule update --init sha3
 
 $(GTEST_PARALLEL): $(SHA3_INC_DIR)
-	git submodule update --init
+	git submodule update --init gtest-parallel
 
 $(DUDECT_INC_DIR): $(GTEST_PARALLEL)
-	git submodule update --init
+	git submodule update --init dudect
 
 $(BUILD_DIR)/%.o: $(TEST_DIR)/%.cpp $(BUILD_DIR) $(SHA3_INC_DIR)
 	$(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@
@@ -119,5 +120,5 @@ perf: $(PERF_BINARY)
 clean:
 	rm -rf $(BUILD_DIR)
 
-format: $(DILITHIUM_SOURCES) $(TEST_SOURCES) $(DUDECT_TEST_SOURCES) $(BENCHMARK_SOURCES) $(BENCHMARK_HEADERS)
+format: $(ML_DSA_SOURCES) $(TEST_SOURCES) $(TEST_HEADERS) $(DUDECT_TEST_SOURCES) $(BENCHMARK_SOURCES) $(BENCHMARK_HEADERS)
 	clang-format -i $^

benchmarks/bench_ml_dsa_44.cpp

@@ -0,0 +1,102 @@
+#include "bench_helper.hpp"
+#include "ml_dsa/ml_dsa_44.hpp"
+#include <benchmark/benchmark.h>
+
+// Benchmark performance of ML-DSA-44 key generation algorithm.
+void
+ml_dsa_44_keygen(benchmark::State& state)
+{
+  std::array<uint8_t, ml_dsa_44::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_44::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_44::SecKeyByteLen> seckey{};
+
+  ml_dsa_prng::prng_t<128> prng;
+  prng.read(seed);
+
+  for (auto _ : state) {
+    ml_dsa_44::keygen(seed, pubkey, seckey);
+
+    benchmark::DoNotOptimize(seed);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+// Benchmark performance of ML-DSA-44 signing algorithm.
+void
+ml_dsa_44_sign(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_44::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_44::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_44::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_44::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_44::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<128> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_44::keygen(seed, pubkey, seckey);
+
+  for (auto _ : state) {
+    ml_dsa_44::sign(rnd, seckey, msg_span, sig);
+
+    benchmark::DoNotOptimize(rnd);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+  assert(ml_dsa_44::verify(pubkey, msg_span, sig));
+}
+
+// Benchmark performance of ML-DSA-44 signature verification algorithm.
+void
+ml_dsa_44_verify(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_44::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_44::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_44::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_44::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_44::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<128> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_44::keygen(seed, pubkey, seckey);
+  ml_dsa_44::sign(rnd, seckey, msg_span, sig);
+
+  for (auto _ : state) {
+    bool is_valid = ml_dsa_44::verify(pubkey, msg_span, sig);
+
+    benchmark::DoNotOptimize(is_valid);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+BENCHMARK(ml_dsa_44_keygen)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_44_sign)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_44_verify)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);

benchmarks/bench_ml_dsa_65.cpp

@@ -0,0 +1,102 @@
+#include "bench_helper.hpp"
+#include "ml_dsa/ml_dsa_65.hpp"
+#include <benchmark/benchmark.h>
+
+// Benchmark performance of ML-DSA-65 key generation algorithm.
+void
+ml_dsa_65_keygen(benchmark::State& state)
+{
+  std::array<uint8_t, ml_dsa_65::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_65::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_65::SecKeyByteLen> seckey{};
+
+  ml_dsa_prng::prng_t<192> prng;
+  prng.read(seed);
+
+  for (auto _ : state) {
+    ml_dsa_65::keygen(seed, pubkey, seckey);
+
+    benchmark::DoNotOptimize(seed);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+// Benchmark performance of ML-DSA-65 signing algorithm.
+void
+ml_dsa_65_sign(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_65::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_65::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_65::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_65::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_65::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<192> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_65::keygen(seed, pubkey, seckey);
+
+  for (auto _ : state) {
+    ml_dsa_65::sign(rnd, seckey, msg_span, sig);
+
+    benchmark::DoNotOptimize(rnd);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+  assert(ml_dsa_65::verify(pubkey, msg_span, sig));
+}
+
+// Benchmark performance of ML-DSA-65 signature verification algorithm.
+void
+ml_dsa_65_verify(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_65::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_65::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_65::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_65::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_65::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<192> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_65::keygen(seed, pubkey, seckey);
+  ml_dsa_65::sign(rnd, seckey, msg_span, sig);
+
+  for (auto _ : state) {
+    bool is_valid = ml_dsa_65::verify(pubkey, msg_span, sig);
+
+    benchmark::DoNotOptimize(is_valid);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+BENCHMARK(ml_dsa_65_keygen)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_65_sign)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_65_verify)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);

benchmarks/bench_ml_dsa_87.cpp

@@ -0,0 +1,102 @@
+#include "bench_helper.hpp"
+#include "ml_dsa/ml_dsa_87.hpp"
+#include <benchmark/benchmark.h>
+
+// Benchmark performance of ML-DSA-87 key generation algorithm.
+void
+ml_dsa_87_keygen(benchmark::State& state)
+{
+  std::array<uint8_t, ml_dsa_87::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_87::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_87::SecKeyByteLen> seckey{};
+
+  ml_dsa_prng::prng_t<256> prng;
+  prng.read(seed);
+
+  for (auto _ : state) {
+    ml_dsa_87::keygen(seed, pubkey, seckey);
+
+    benchmark::DoNotOptimize(seed);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+// Benchmark performance of ML-DSA-87 signing algorithm.
+void
+ml_dsa_87_sign(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_87::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_87::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_87::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_87::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_87::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<256> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_87::keygen(seed, pubkey, seckey);
+
+  for (auto _ : state) {
+    ml_dsa_87::sign(rnd, seckey, msg_span, sig);
+
+    benchmark::DoNotOptimize(rnd);
+    benchmark::DoNotOptimize(seckey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+  assert(ml_dsa_87::verify(pubkey, msg_span, sig));
+}
+
+// Benchmark performance of ML-DSA-87 signature verification algorithm.
+void
+ml_dsa_87_verify(benchmark::State& state)
+{
+  const size_t mlen = state.range(0);
+
+  std::vector<uint8_t> msg(mlen, 0);
+  auto msg_span = std::span(msg);
+
+  std::array<uint8_t, ml_dsa_87::KeygenSeedByteLen> seed{};
+  std::array<uint8_t, ml_dsa_87::PubKeyByteLen> pubkey{};
+  std::array<uint8_t, ml_dsa_87::SecKeyByteLen> seckey{};
+  std::array<uint8_t, ml_dsa_87::SigningSeedByteLen> rnd{};
+  std::array<uint8_t, ml_dsa_87::SigByteLen> sig{};
+
+  ml_dsa_prng::prng_t<256> prng;
+  prng.read(seed);
+  prng.read(rnd);
+  prng.read(msg_span);
+
+  ml_dsa_87::keygen(seed, pubkey, seckey);
+  ml_dsa_87::sign(rnd, seckey, msg_span, sig);
+
+  for (auto _ : state) {
+    bool is_valid = ml_dsa_87::verify(pubkey, msg_span, sig);
+
+    benchmark::DoNotOptimize(is_valid);
+    benchmark::DoNotOptimize(pubkey);
+    benchmark::DoNotOptimize(msg_span);
+    benchmark::DoNotOptimize(sig);
+    benchmark::ClobberMemory();
+  }
+
+  state.SetItemsProcessed(state.iterations());
+}
+
+BENCHMARK(ml_dsa_87_keygen)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_87_sign)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);
+BENCHMARK(ml_dsa_87_verify)->Arg(32)->ComputeStatistics("min", compute_min)->ComputeStatistics("max", compute_max);