Skip to content

ML-DSA: F*: add specs and proofs to the trait layer#1279

Draft
W95Psp wants to merge 46 commits intomainfrom
libcrux-ml-dsa-prove-trait-operations
Draft

ML-DSA: F*: add specs and proofs to the trait layer#1279
W95Psp wants to merge 46 commits intomainfrom
libcrux-ml-dsa-prove-trait-operations

Conversation

@W95Psp
Copy link
Contributor

@W95Psp W95Psp commented Jan 12, 2026

Libcrux's ML-DSA delegates lower-level operations to simd::trait::Operations, a trait that defines parallel operations that can be performed by various "backends": avx2 on Intel CPUs, or portable otherwise.

In this repo, the proofs are mostly about functions below that abstraction.
The Operations trait lacks specifications, and its portable and avx2 implementations lacks glue proofs.
Some of the higher-level operations lack proofs: they rely on this Operations trait, that are often lacking specifications.

This PR aims at propagating specifications and proofs from the lower-level concrete (e.g. avx2 or portable) operations to the Operations trait, and then to the higher-level operations.

This PR (mostly by @clementblaudeau) is a start. This PR:

  • adds some specifications to the trait
  • adds some glue proofs between the implementations of the traits and the concrete (already proven) operations
  • add a few proofs on higher-level operations, demonstrating that the proofs propagate correctly through the trait abstraction

This work is very partial, more specifications and proofs need to be added.

@clementblaudeau
ckAdd empty contracts on implementations for avx2 and portable
9b749a6
@clementblaudeau
Move spec for [zero]
032aaa8
@clementblaudeau
Move spec for [from_coefficient_array]
8e449bf
@clementblaudeau
Move spec for [to_coefficient_array]
6c7390e
@clementblaudeau
Move spec for [infinity_norm_exceeds]
4228edb
@clementblaudeau
Move spec for [decompose]
d101f72
@clementblaudeau
Move spec for [use_hint]
ae1e8d7
@clementblaudeau
Move spec for [montgomery_multiply]
a4b212c
@clementblaudeau
Move spec for [shift_left_then_reduce]
b9a94bb
@clementblaudeau
Move spec for [power2round]
d58bce3
@clementblaudeau
Move spec for [rejection_sample_less_than_field_modulus]
10758ec
@clementblaudeau
Move spec for [rejection_sample_less_than_eta_equals_2]
07e6c5d
@clementblaudeau
Move spec for [rejection_sample_less_than_eta_equals_4]
eb10565
@clementblaudeau
Move spec for [gamma1_serialize] and [gamma1_deserialize]
771b3f9
@clementblaudeau
Move spec for [commitment_serialize]
645668a
@clementblaudeau
Move spec for [error_serialize] and [error_deserialize]
9db4f8e
@clementblaudeau
Move spec for [t0_serialize] and [t0_deserialize]
19142ce
@clementblaudeau
Move spec for [t1_serialize] and [t1_deserialize]
721d6bc
@clementblaudeau
Move spec for [ntt]
8d575eb
@clementblaudeau
Move spec for [invert_ntt]
7cc8349
@clementblaudeau
Move spec for [reduce]
4705b2a
@clementblaudeau
Merge spec for [zero]
2d83043
@clementblaudeau
Merge spec for [from_coefficient_array]
4d5edab
@clementblaudeau
Merge spec for [to_coefficient_array]
276ac27
@clementblaudeau
Merge spec for [add]
5953010
@clementblaudeau
Merge spec for [subtract]
c83bc11
@clementblaudeau
Merge spec for [infinity_norm_exceeds_pre]
d97bad4
@clementblaudeau
Merge spec for [decompose]
1992f76
@clementblaudeau
Merge spec for [compute_hint]
e9ef2b2
@clementblaudeau
Merge spec for [use_hint]
a1a22c8
clementblaudeau and others added 16 commits October 28, 2025 19:04
@clementblaudeau
Merge spec for [montgomery_multiply]
9b8ee36
@clementblaudeau
Merge spec for [shift_left_then_reduce]
17325d3
@clementblaudeau
Merge spec for [power2round]
54f402b
@clementblaudeau
Merge spec for [rejection_sample_*]
18e9367
@clementblaudeau
Merge spec for [gamma1_serialize, gamma1_deserialize]
ddad175
@W95Psp
feat(libcrux-intrinsics): add a few missing preconditions on opaque i…
45266db 
…ntrinsics
@W95Psp
feat(intrinsics/models): model more intrinsics
26132cc
@W95Psp
fix(ml-dsa/simd/avx2): drop assume False on repr
d37a658 
The assume was particularly bad because this inserts `False` in VCs in every pre- and post-conditions, making every proof trivial.
@W95Psp
feat(ml-dsa/simd/avx2): proof for zero
5ac73e4
@W95Psp
feat(ml-dsa/simd/avx2): proof for from_coefficient_array
6aa1c09
@W95Psp
feat(ml-dsa/simd/avx2): proof for add, subtract, `infinity_norm_e…
8eba30b 
…xceeds`, `decompose`
@W95Psp
fix(ml-dsa/simd/avx2): fix bad pre/post on `rejection_sample_less_tha…
3e6cda0 
…n_eta_equals_4`
@W95Psp
fix(ml-dsa/simd/avx2): add assume false
4c815a3
@W95Psp
fix(ml-dsa/encoding/commitment): add precondition and proof annotatio…
23fcbc3 
…ns for `serialize_vector`
@W95Psp
fix(ml-dsa/encoding/commitment): add precondition and proof annotatio…
99a91f1 
…ns for `serialize`
@W95Psp
refactor(ml-dsa/F*): makefile: switch from allowlist to denylist
b73f055
@jschneider-bensch jschneider-bensch added the waiting-on-author Status: This is awaiting some action from the author. label Jan 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting-on-author Status: This is awaiting some action from the author.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@W95Psp @jschneider-bensch @clementblaudeau

Comments