verify: Switch to constant-time memcmp #750
Conversation
mkannwischer
force-pushed
the
verify-ct-memcmp
branch
from
0b8b1b6 to
db8359a
Compare
mldsa/src/sign.c
Outdated
| MLD_CT_TESTING_DECLASSIFY(&c_valid, sizeof(uint8_t)); | ||
| if (c_valid != 0) |
There was a problem hiding this comment.
You could keep this entirely CT by using mld_ct_sel_int32 here.
There was a problem hiding this comment.
I gave it a try - please take a look.
mkannwischer
force-pushed
the
verify-ct-memcmp
branch
2 times, most recently
from
8b33d35 to
92bd5f1
Compare
mkannwischer
force-pushed
the
verify-ct-memcmp
branch
from
92bd5f1 to
d81d737
Compare
ct_sel_int32 in mldsa-native previously had a precondition that the condition is either 0 or 0xFFFFFFFF. This is different from mlkem-native where any value is permitted for mlk_ct_sel_int16. This commit aligns ct_sel_int32 with mlkem-native. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
In the very end of verify one has to compare the input challenge to the re-computed challenge. If they are equal (and some previous checks on h and z passed), the signature is valid. Currently, our constant-time tests do not declassify the message and we, hence, need to declassify in this final step. Before thi commit, the declassification would happen on the recomputed challenge just before the memcmp. Now that a constant-time memcmp was added in #714, we might as well use that; that plus a constant-time selections allows us to not use any declassifications in verification, i.e., we do not leak the verification result through timing. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
mkannwischer
force-pushed
the
verify-ct-memcmp
branch
from
d81d737 to
9afc7b0
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Mac Mini (M1, 2020) benchmarks (opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
46388 cycles |
46386 cycles |
1.00 |
ML-DSA-44 sign |
132078 cycles |
131848 cycles |
1.00 |
ML-DSA-44 verify |
47795 cycles |
47790 cycles |
1.00 |
ML-DSA-65 keypair |
81340 cycles |
81335 cycles |
1.00 |
ML-DSA-65 sign |
218102 cycles |
218031 cycles |
1.00 |
ML-DSA-65 verify |
80097 cycles |
80059 cycles |
1.00 |
ML-DSA-87 keypair |
132452 cycles |
132448 cycles |
1.00 |
ML-DSA-87 sign |
279502 cycles |
279522 cycles |
1.00 |
ML-DSA-87 verify |
130360 cycles |
130407 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Mac Mini (M1, 2020) benchmarks (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
114790 cycles |
114333 cycles |
1.00 |
ML-DSA-44 sign |
442108 cycles |
428720 cycles |
1.03 |
ML-DSA-44 verify |
123276 cycles |
121512 cycles |
1.01 |
ML-DSA-65 keypair |
196920 cycles |
195898 cycles |
1.01 |
ML-DSA-65 sign |
714186 cycles |
697569 cycles |
1.02 |
ML-DSA-65 verify |
197848 cycles |
196439 cycles |
1.01 |
ML-DSA-87 keypair |
323487 cycles |
322710 cycles |
1.00 |
ML-DSA-87 sign |
897184 cycles |
879951 cycles |
1.02 |
ML-DSA-87 verify |
328414 cycles |
326659 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Mac Mini (M1, 2020) benchmarks (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 sign |
442108 cycles |
428720 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
34871 cycles |
35124 cycles |
0.99 |
ML-DSA-44 sign |
120877 cycles |
120549 cycles |
1.00 |
ML-DSA-44 verify |
38171 cycles |
38272 cycles |
1.00 |
ML-DSA-65 keypair |
61632 cycles |
61332 cycles |
1.00 |
ML-DSA-65 sign |
200914 cycles |
200602 cycles |
1.00 |
ML-DSA-65 verify |
63063 cycles |
62988 cycles |
1.00 |
ML-DSA-87 keypair |
93614 cycles |
94395 cycles |
0.99 |
ML-DSA-87 sign |
231006 cycles |
234758 cycles |
0.98 |
ML-DSA-87 verify |
94829 cycles |
95494 cycles |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 4th gen (c7i) (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
96029 cycles |
96199 cycles |
1.00 |
ML-DSA-44 sign |
358742 cycles |
348404 cycles |
1.03 |
ML-DSA-44 verify |
102697 cycles |
101624 cycles |
1.01 |
ML-DSA-65 keypair |
163738 cycles |
163420 cycles |
1.00 |
ML-DSA-65 sign |
576261 cycles |
563836 cycles |
1.02 |
ML-DSA-65 verify |
166934 cycles |
165468 cycles |
1.01 |
ML-DSA-87 keypair |
267471 cycles |
267007 cycles |
1.00 |
ML-DSA-87 sign |
733900 cycles |
722000 cycles |
1.02 |
ML-DSA-87 verify |
273951 cycles |
273090 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A55 (Snapdragon 888) benchmarks (opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
281086 cycles |
276251 cycles |
1.02 |
ML-DSA-44 sign |
835764 cycles |
831458 cycles |
1.01 |
ML-DSA-44 verify |
280809 cycles |
274264 cycles |
1.02 |
ML-DSA-65 keypair |
486020 cycles |
476770 cycles |
1.02 |
ML-DSA-65 sign |
1388453 cycles |
1371857 cycles |
1.01 |
ML-DSA-65 verify |
464933 cycles |
454992 cycles |
1.02 |
ML-DSA-87 keypair |
827315 cycles |
806377 cycles |
1.03 |
ML-DSA-87 sign |
1901256 cycles |
1852476 cycles |
1.03 |
ML-DSA-87 verify |
794494 cycles |
777062 cycles |
1.02 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
SpacemiT K1 8 (Banana Pi F3) benchmarks (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
830585 cycles |
828734 cycles |
1.00 |
ML-DSA-44 sign |
3391777 cycles |
3336995 cycles |
1.02 |
ML-DSA-44 verify |
932678 cycles |
918794 cycles |
1.02 |
ML-DSA-65 keypair |
1413143 cycles |
1405220 cycles |
1.01 |
ML-DSA-65 sign |
5543219 cycles |
5448286 cycles |
1.02 |
ML-DSA-65 verify |
1482443 cycles |
1470486 cycles |
1.01 |
ML-DSA-87 keypair |
2321432 cycles |
2313955 cycles |
1.00 |
ML-DSA-87 sign |
6918301 cycles |
6829627 cycles |
1.01 |
ML-DSA-87 verify |
2419079 cycles |
2412119 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
69349 cycles |
69305 cycles |
1.00 |
ML-DSA-44 sign |
184787 cycles |
184244 cycles |
1.00 |
ML-DSA-44 verify |
68848 cycles |
68922 cycles |
1.00 |
ML-DSA-65 keypair |
119492 cycles |
119403 cycles |
1.00 |
ML-DSA-65 sign |
295820 cycles |
295959 cycles |
1.00 |
ML-DSA-65 verify |
115551 cycles |
115678 cycles |
1.00 |
ML-DSA-87 keypair |
204663 cycles |
203712 cycles |
1.00 |
ML-DSA-87 sign |
388773 cycles |
387012 cycles |
1.00 |
ML-DSA-87 verify |
196009 cycles |
195252 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
57363 cycles |
56696 cycles |
1.01 |
ML-DSA-44 sign |
179667 cycles |
179594 cycles |
1.00 |
ML-DSA-44 verify |
61139 cycles |
61127 cycles |
1.00 |
ML-DSA-65 keypair |
99214 cycles |
99141 cycles |
1.00 |
ML-DSA-65 sign |
296112 cycles |
296029 cycles |
1.00 |
ML-DSA-65 verify |
101283 cycles |
100694 cycles |
1.01 |
ML-DSA-87 keypair |
153105 cycles |
153088 cycles |
1.00 |
ML-DSA-87 sign |
353274 cycles |
353865 cycles |
1.00 |
ML-DSA-87 verify |
153358 cycles |
152974 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton2
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
114545 cycles |
114323 cycles |
1.00 |
ML-DSA-44 sign |
361957 cycles |
361461 cycles |
1.00 |
ML-DSA-44 verify |
118503 cycles |
118186 cycles |
1.00 |
ML-DSA-65 keypair |
198404 cycles |
197778 cycles |
1.00 |
ML-DSA-65 sign |
596857 cycles |
596155 cycles |
1.00 |
ML-DSA-65 verify |
195006 cycles |
194939 cycles |
1.00 |
ML-DSA-87 keypair |
324863 cycles |
324605 cycles |
1.00 |
ML-DSA-87 sign |
762381 cycles |
763100 cycles |
1.00 |
ML-DSA-87 verify |
321005 cycles |
320929 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton4
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
68539 cycles |
68533 cycles |
1.00 |
ML-DSA-44 sign |
202719 cycles |
202745 cycles |
1.00 |
ML-DSA-44 verify |
70872 cycles |
70610 cycles |
1.00 |
ML-DSA-65 keypair |
121856 cycles |
121465 cycles |
1.00 |
ML-DSA-65 sign |
331803 cycles |
332044 cycles |
1.00 |
ML-DSA-65 verify |
117734 cycles |
117733 cycles |
1.00 |
ML-DSA-87 keypair |
198722 cycles |
198980 cycles |
1.00 |
ML-DSA-87 sign |
428655 cycles |
429135 cycles |
1.00 |
ML-DSA-87 verify |
194470 cycles |
195086 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
|
I'm not convinced we want to merge it as is. It comes with a noticable performance penalty due to the duplicate mask computation in the other callsites of |
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 3rd gen (c6a) (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
137596 cycles |
135904 cycles |
1.01 |
ML-DSA-44 sign |
559104 cycles |
540726 cycles |
1.03 |
ML-DSA-44 verify |
152798 cycles |
148979 cycles |
1.03 |
ML-DSA-65 keypair |
229175 cycles |
229703 cycles |
1.00 |
ML-DSA-65 sign |
900966 cycles |
892714 cycles |
1.01 |
ML-DSA-65 verify |
239650 cycles |
239108 cycles |
1.00 |
ML-DSA-87 keypair |
375354 cycles |
373079 cycles |
1.01 |
ML-DSA-87 sign |
1127244 cycles |
1105555 cycles |
1.02 |
ML-DSA-87 verify |
390984 cycles |
387552 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'AMD EPYC 3rd gen (c6a) (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 sign |
559104 cycles |
540726 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
41737 cycles |
40208 cycles |
1.04 |
ML-DSA-44 sign |
130144 cycles |
129176 cycles |
1.01 |
ML-DSA-44 verify |
44213 cycles |
43730 cycles |
1.01 |
ML-DSA-65 keypair |
72166 cycles |
72336 cycles |
1.00 |
ML-DSA-65 sign |
211410 cycles |
210801 cycles |
1.00 |
ML-DSA-65 verify |
72620 cycles |
72821 cycles |
1.00 |
ML-DSA-87 keypair |
107847 cycles |
110192 cycles |
0.98 |
ML-DSA-87 sign |
247795 cycles |
248784 cycles |
1.00 |
ML-DSA-87 verify |
108041 cycles |
110177 cycles |
0.98 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'AMD EPYC 4th gen (c7a)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
41737 cycles |
40208 cycles |
1.04 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Intel Xeon 3rd gen (c6i) (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
159962 cycles |
158499 cycles |
1.01 |
ML-DSA-44 sign |
583397 cycles |
566227 cycles |
1.03 |
ML-DSA-44 verify |
173162 cycles |
170373 cycles |
1.02 |
ML-DSA-65 keypair |
270382 cycles |
270554 cycles |
1.00 |
ML-DSA-65 sign |
946893 cycles |
930312 cycles |
1.02 |
ML-DSA-65 verify |
278768 cycles |
276804 cycles |
1.01 |
ML-DSA-87 keypair |
452632 cycles |
451821 cycles |
1.00 |
ML-DSA-87 sign |
1208326 cycles |
1182309 cycles |
1.02 |
ML-DSA-87 verify |
464245 cycles |
461246 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Intel Xeon 3rd gen (c6i) (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 sign |
583397 cycles |
566227 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton3
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
72664 cycles |
72769 cycles |
1.00 |
ML-DSA-44 sign |
213162 cycles |
213105 cycles |
1.00 |
ML-DSA-44 verify |
75740 cycles |
75567 cycles |
1.00 |
ML-DSA-65 keypair |
128464 cycles |
128501 cycles |
1.00 |
ML-DSA-65 sign |
353352 cycles |
351998 cycles |
1.00 |
ML-DSA-65 verify |
125693 cycles |
125556 cycles |
1.00 |
ML-DSA-87 keypair |
206855 cycles |
209469 cycles |
0.99 |
ML-DSA-87 sign |
446098 cycles |
451502 cycles |
0.99 |
ML-DSA-87 verify |
204889 cycles |
205522 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton4 (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
128692 cycles |
128117 cycles |
1.00 |
ML-DSA-44 sign |
467719 cycles |
456939 cycles |
1.02 |
ML-DSA-44 verify |
138353 cycles |
136316 cycles |
1.01 |
ML-DSA-65 keypair |
220789 cycles |
220454 cycles |
1.00 |
ML-DSA-65 sign |
759659 cycles |
746761 cycles |
1.02 |
ML-DSA-65 verify |
221809 cycles |
220696 cycles |
1.01 |
ML-DSA-87 keypair |
365825 cycles |
365292 cycles |
1.00 |
ML-DSA-87 sign |
956916 cycles |
943640 cycles |
1.01 |
ML-DSA-87 verify |
371271 cycles |
369274 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton2 (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
215195 cycles |
214052 cycles |
1.01 |
ML-DSA-44 sign |
801603 cycles |
782368 cycles |
1.02 |
ML-DSA-44 verify |
233495 cycles |
230174 cycles |
1.01 |
ML-DSA-65 keypair |
386657 cycles |
384937 cycles |
1.00 |
ML-DSA-65 sign |
1330941 cycles |
1309185 cycles |
1.02 |
ML-DSA-65 verify |
378830 cycles |
375584 cycles |
1.01 |
ML-DSA-87 keypair |
609908 cycles |
607146 cycles |
1.00 |
ML-DSA-87 sign |
1650652 cycles |
1626999 cycles |
1.01 |
ML-DSA-87 verify |
622898 cycles |
617748 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
AMD EPYC 4th gen (c7a) (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
120925 cycles |
121080 cycles |
1.00 |
ML-DSA-44 sign |
468153 cycles |
453678 cycles |
1.03 |
ML-DSA-44 verify |
132274 cycles |
131091 cycles |
1.01 |
ML-DSA-65 keypair |
205737 cycles |
205025 cycles |
1.00 |
ML-DSA-65 sign |
754721 cycles |
739822 cycles |
1.02 |
ML-DSA-65 verify |
212732 cycles |
210355 cycles |
1.01 |
ML-DSA-87 keypair |
338594 cycles |
341794 cycles |
0.99 |
ML-DSA-87 sign |
944980 cycles |
944953 cycles |
1.00 |
ML-DSA-87 verify |
348786 cycles |
352353 cycles |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'AMD EPYC 4th gen (c7a) (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 sign |
468153 cycles |
453678 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
oqs-bot
left a comment
oqs-bot
left a comment
There was a problem hiding this comment.
Graviton3 (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
139304 cycles |
138812 cycles |
1.00 |
ML-DSA-44 sign |
506110 cycles |
493897 cycles |
1.02 |
ML-DSA-44 verify |
150582 cycles |
148436 cycles |
1.01 |
ML-DSA-65 keypair |
242808 cycles |
242295 cycles |
1.00 |
ML-DSA-65 sign |
826910 cycles |
808822 cycles |
1.02 |
ML-DSA-65 verify |
242421 cycles |
240882 cycles |
1.01 |
ML-DSA-87 keypair |
397065 cycles |
396998 cycles |
1.00 |
ML-DSA-87 sign |
1045743 cycles |
1027164 cycles |
1.02 |
ML-DSA-87 verify |
403697 cycles |
401829 cycles |
1.00 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A76 (Raspberry Pi 5) benchmarks (opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
114054 cycles |
114242 cycles |
1.00 |
ML-DSA-44 sign |
361262 cycles |
361120 cycles |
1.00 |
ML-DSA-44 verify |
118133 cycles |
118141 cycles |
1.00 |
ML-DSA-65 keypair |
198098 cycles |
197737 cycles |
1.00 |
ML-DSA-65 sign |
596006 cycles |
595798 cycles |
1.00 |
ML-DSA-65 verify |
194635 cycles |
194902 cycles |
1.00 |
ML-DSA-87 keypair |
325929 cycles |
324148 cycles |
1.01 |
ML-DSA-87 sign |
767617 cycles |
761894 cycles |
1.01 |
ML-DSA-87 verify |
322322 cycles |
320638 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A76 (Raspberry Pi 5) benchmarks (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
215254 cycles |
213765 cycles |
1.01 |
ML-DSA-44 sign |
804046 cycles |
782819 cycles |
1.03 |
ML-DSA-44 verify |
233727 cycles |
229951 cycles |
1.02 |
ML-DSA-65 keypair |
386017 cycles |
384600 cycles |
1.00 |
ML-DSA-65 sign |
1330296 cycles |
1314424 cycles |
1.01 |
ML-DSA-65 verify |
378320 cycles |
375397 cycles |
1.01 |
ML-DSA-87 keypair |
608948 cycles |
606308 cycles |
1.00 |
ML-DSA-87 sign |
1647451 cycles |
1623982 cycles |
1.01 |
ML-DSA-87 verify |
622559 cycles |
617140 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A55 (Snapdragon 888) benchmarks (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
470835 cycles |
464707 cycles |
1.01 |
ML-DSA-44 sign |
2283679 cycles |
2208085 cycles |
1.03 |
ML-DSA-44 verify |
557520 cycles |
545680 cycles |
1.02 |
ML-DSA-65 keypair |
788410 cycles |
779063 cycles |
1.01 |
ML-DSA-65 sign |
3730911 cycles |
3615027 cycles |
1.03 |
ML-DSA-65 verify |
862696 cycles |
848250 cycles |
1.02 |
ML-DSA-87 keypair |
1269789 cycles |
1259720 cycles |
1.01 |
ML-DSA-87 sign |
4552424 cycles |
4516519 cycles |
1.01 |
ML-DSA-87 verify |
1380391 cycles |
1362480 cycles |
1.01 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Arm Cortex-A55 (Snapdragon 888) benchmarks (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 sign |
2283679 cycles |
2208085 cycles |
1.03 |
ML-DSA-65 sign |
3730911 cycles |
3615027 cycles |
1.03 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A72 (Raspberry Pi 4) benchmarks (opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
225185 cycles |
226215 cycles |
1.00 |
ML-DSA-44 sign |
622420 cycles |
638841 cycles |
0.97 |
ML-DSA-44 verify |
217961 cycles |
225810 cycles |
0.97 |
ML-DSA-65 keypair |
402361 cycles |
399957 cycles |
1.01 |
ML-DSA-65 sign |
1068757 cycles |
1048028 cycles |
1.02 |
ML-DSA-65 verify |
382260 cycles |
378836 cycles |
1.01 |
ML-DSA-87 keypair |
689016 cycles |
644916 cycles |
1.07 |
ML-DSA-87 sign |
1441004 cycles |
1353493 cycles |
1.06 |
ML-DSA-87 verify |
665157 cycles |
623222 cycles |
1.07 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Arm Cortex-A72 (Raspberry Pi 4) benchmarks (opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-87 keypair |
689016 cycles |
644916 cycles |
1.07 |
ML-DSA-87 sign |
1441004 cycles |
1353493 cycles |
1.06 |
ML-DSA-87 verify |
665157 cycles |
623222 cycles |
1.07 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Arm Cortex-A72 (Raspberry Pi 4) benchmarks (no-opt)
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
323163 cycles |
309584 cycles |
1.04 |
ML-DSA-44 sign |
1287488 cycles |
1200950 cycles |
1.07 |
ML-DSA-44 verify |
347960 cycles |
341198 cycles |
1.02 |
ML-DSA-65 keypair |
580856 cycles |
562019 cycles |
1.03 |
ML-DSA-65 sign |
2083764 cycles |
1983186 cycles |
1.05 |
ML-DSA-65 verify |
562482 cycles |
533765 cycles |
1.05 |
ML-DSA-87 keypair |
899918 cycles |
859674 cycles |
1.05 |
ML-DSA-87 sign |
2594894 cycles |
2459239 cycles |
1.06 |
ML-DSA-87 verify |
937023 cycles |
880770 cycles |
1.06 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Arm Cortex-A72 (Raspberry Pi 4) benchmarks (no-opt)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.
| Benchmark suite | Current: 9afc7b0 | Previous: 1915e47 | Ratio |
|---|---|---|---|
ML-DSA-44 keypair |
323163 cycles |
309584 cycles |
1.04 |
ML-DSA-44 sign |
1287488 cycles |
1200950 cycles |
1.07 |
ML-DSA-65 keypair |
580856 cycles |
562019 cycles |
1.03 |
ML-DSA-65 sign |
2083764 cycles |
1983186 cycles |
1.05 |
ML-DSA-65 verify |
562482 cycles |
533765 cycles |
1.05 |
ML-DSA-87 keypair |
899918 cycles |
859674 cycles |
1.05 |
ML-DSA-87 sign |
2594894 cycles |
2459239 cycles |
1.06 |
ML-DSA-87 verify |
937023 cycles |
880770 cycles |
1.06 |
This comment was automatically generated by workflow using github-action-benchmark.
In the very end of verify one has to compare the input challenge to the re-computed challenge. If they are equal (and some previous checks on h and z passed), the signature is valid.
Currently, our constant-time tests do not declassify the message and we, hence, need to declassify in this final step.
Before thi commit, the declassification would happen on the recomputed challenge just before the memcmp.
Now that a constant-time memcmp was added in
#714, we might as well use that and declassify only the result on the memcmp which feels a bit more naturual and is easier to justify.