Skip to content
/ faest-avx Public

FAEST implementation for AVX2 and other extensions on the x86-64 platform

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

faest-sign/faest-avx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
avx2
avx2
 
 
sha3
sha3
 
 
subprojects
subprojects
 
 
test
test
 
 
tools
tools
 
 
.clang-format
.clang-format
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
aes.hpp
aes.hpp
 
 
aes_defs.hpp
aes_defs.hpp
 
 
all.inc
all.inc
 
 
api.cpp.in
api.cpp.in
 
 
api.h.in
api.h.in
 
 
api.hpp
api.hpp
 
 
block.hpp
block.hpp
 
 
constants.hpp
constants.hpp
 
 
debug.hpp
debug.hpp
 
 
faest.cpp
faest.cpp
 
 
faest.hpp
faest.hpp
 
 
faest.inc
faest.inc
 
 
faest_keys.hpp
faest_keys.hpp
 
 
faest_keys.inc
faest_keys.inc
 
 
gfsmall.hpp
gfsmall.hpp
 
 
hash.hpp
hash.hpp
 
 
meson.build
meson.build
 
 
owf_proof.cpp
owf_proof.cpp
 
 
owf_proof.hpp
owf_proof.hpp
 
 
owf_proof.inc
owf_proof.inc
 
 
owf_proof_tools.hpp
owf_proof_tools.hpp
 
 
parameters.hpp
parameters.hpp
 
 
poly2d.hpp
poly2d.hpp
 
 
polynomials.hpp
polynomials.hpp
 
 
polynomials_constants.cpp
polynomials_constants.cpp
 
 
polynomials_constants.hpp
polynomials_constants.hpp
 
 
prgs.hpp
prgs.hpp
 
 
quicksilver.hpp
quicksilver.hpp
 
 
randomness.h
randomness.h
 
 
randomness_os.c
randomness_os.c
 
 
randomness_randombytes.c
randomness_randombytes.c
 
 
small_vole.cpp
small_vole.cpp
 
 
small_vole.hpp
small_vole.hpp
 
 
small_vole.inc
small_vole.inc
 
 
transpose.hpp
transpose.hpp
 
 
transpose_secpar.hpp
transpose_secpar.hpp
 
 
universal_hash.hpp
universal_hash.hpp
 
 
util.hpp
util.hpp
 
 
vector_com.cpp
vector_com.cpp
 
 
vector_com.hpp
vector_com.hpp
 
 
vector_com.inc
vector_com.inc
 
 
vole_check.hpp
vole_check.hpp
 
 
vole_commit.cpp
vole_commit.cpp
 
 
vole_commit.hpp
vole_commit.hpp
 
 
vole_commit.inc
vole_commit.inc
 
 
vole_key_index_permutation.hpp
vole_key_index_permutation.hpp
 
 

Repository files navigation

Platform Specific FAEST Implementation for x86-64 (With ISA Extensions)

Versions

This is the C++ implementation of FAEST. It is based on the previous C implementation, which you can find here.

The major version number of the FAEST implementation matches the major version number of the FAEST specification it implements. The implementation is currently at version 2.0.1.

Compilation

Building requires (tested versions in parentheses):

  • GCC (>= 14.2.0) or Clang (>= 19.1.7)
  • Meson (>= 1.7.0)
  • Ninja (>= 1.12.1)

The dependencies XKCP for SHAKE and Catch2 for tests/benchmarks are automatically downloaded during the build process.

Development

To compile a debug build:

meson setup build_debug --buildtype=debug
# alternatively use `--buildtype=debugoptimized` to compile with optimizations
# optionally add `-Db_sanitize=address` to enable AddressSanitizer
cd build_debug
meson compile
./test/tests  # to run tests

Benchmarking

To compile a version suitable for benchmarking:

meson setup build_bench --buildtype=release -Db_lto=true -Doptimization=3
cd build_bench
meson compile
./test/bench '[bench]'  # to run benchmarks

Submission Package and KATs

To create the submission package with separate directories for all FAEST version and to generate the KATs:

# create and enter build directory as above
meson compile prepare_nist

NB: This can take a while since it compiles FAEST twelve times.

Settings

There are many different settings of the FAEST implementation. A parameter set is defined by instantiating the template parameter_set in parameters.hpp. This defines compile-time constants for all the switches and sizes used throughout the implementation. By default, we include parameter sets that correspond to the FAEST v11 and the FAEST v2 variants.

A FAEST instance is defined by the following parameters:

  • The security parameter λ (128, 192, or 256).
  • The number of bits 𝜏 that need to be sent in the signature for each bit of the witness. Increasing 𝜏 gives faster but longer signatures.
  • The one-way function that the signer proves knowledge of a preimage to (ECB or Even-Mansour with different optimizations).
  • The PRG used to expand the seeds used to generate the VOLE correlation (AES-CTR or fixed-key Rijndael).
  • The PRG used to expand the nodes in the GGM trees (AES-CTR or fixed-key Rijndael).
  • The hash/PRG used to commit to the leaves of the GGM tree (PRG-based hashes or SHAKE).
  • The number of zero bits in Delta w_grind.
  • The Batch All-But-One Vector Commitment (BAVC) (forest of GGM trees, or the One-Tree BAVC with a opening size threshold T_open).

For more details, we refer to the FAEST v2 specification.

Platform Settings

Currently our implementation is using the following set of instruction set extensions:

  • AVX2: The AVX2, AES-NI, PCLMULQDQ, and BMI1 instruction set extensions.

Additionally, we plan to support also the following sets of extensions that the implementation can use:

  • AVX2_VAES: The above, plus VAES and VPCLMULQDQ.
  • AVX512: The above, plus AVX512F and AVX512BW.

Footnotes

  1. Note that the v1 variant are not bit-compatible to the FAEST v1 specification, since we changed some details of the signature scheme.

About

FAEST implementation for AVX2 and other extensions on the x86-64 platform

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages