[RFC] ML-KEM: Add AArch64 arithmetic backend (from s2n-bignum) #2500
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hanno-becker
force-pushed
the
mlkem_arith_backend_s2n_bignum
branch
2 times, most recently
from
752841e to
b8f2779
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2500 +/- ##
==========================================
- Coverage 78.86% 78.85% -0.01%
==========================================
Files 640 640
Lines 109560 109560
Branches 15522 15521 -1
==========================================
- Hits 86402 86394 -8
- Misses 22461 22468 +7
- Partials 697 698 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Context: The ML-KEM implementation in AWS-LC is imported from mlkem-native. mlkem-native comes in a "C-only" version, but also offers AArch64 and x86_64 backends for (a) arithmetic, and (b) FIPS-202. Currently, only the "C-only" version is imported into AWS-LC. This commit adds a custom AArch64 backend to AWS-LC. The backend is essentially the same as in mlkem-native, but its assembly sources are taken from s2n-bignum and its headers are written from scratch. The constant tables used in the backend are copied from mlkem-native. Compared to extending the mlkem-native->AWS-LC importer to include mlkem-native's AArch64 backend, this approach sticks to s2n-bignum as the sole source of verified assembly. It also provides greater flexibility in maintaining and adjusting the backend, both the assembly and the headers. For example, the assembly may be optimized for Graviton cores in the future, or the dispatch in the metadata files adjusted; the latter will mostly be relevant as we integrate x86_64 assembly, for which we aim to use the same methodology. To avoid a symbol clash with s2n-bignum, the mlkem-native namespace is changed from `mlkem` to `mlkem_native`. s2n-bignum is partially re-imported from the development branch https://github.com/jargh/s2n-bignum-dev/tree/mlkem/, restricting to the ML-KEM related files. Signed-off-by: Hanno Becker <[email protected]>
hanno-becker
force-pushed
the
mlkem_arith_backend_s2n_bignum
branch
from
b8f2779 to
c16676e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
The purpose of this PR is to demonstrate and gather feedback on one option for integrating an AArch64 arithmetic backend for mlkem-native into AWS-LC.
Alternative option: #2498
Context: The ML-KEM implementation in AWS-LC is imported from mlkem-native. mlkem-native comes in a "C-only" version, but also offers AArch64 and x86_64 backends for (a) arithmetic, and (b) FIPS-202. Currently, only the "C-only" version is imported into AWS-LC.
This commit adds a custom AArch64 backend to AWS-LC. The backend is essentially the same as in mlkem-native, but its assembly sources are taken from s2n-bignum and its headers are written from scratch. The constant tables used in the backend are copied from mlkem-native.
Compared to extending the mlkem-native->AWS-LC importer (see #2498) to include mlkem-native's AArch64 backend, this approach sticks to s2n-bignum as the sole source of verified assembly. It also provides greater flexibility in maintaining and adjusting the backend, both the assembly and the headers. For example, the assembly may be optimized for Graviton cores in the future, or the dispatch in the metadata files adjusted; the latter will mostly be relevant as we integrate x86_64 assembly, for which we aim to use the same methodology.
s2n-bignum is partially re-imported from @jargh's development branch https://github.com/jargh/s2n-bignum-dev/tree/mlkem/, restricting to the ML-KEM related files. Keeping this PR as Draft until John's work is merged into
mainof s2n-bignum, and the updated s2n-bignum has been re-imported in a separate PR.To avoid a symbol clash with s2n-bignum, the mlkem-native namespace is changed from
mlkemtomlkem_native.