Skip to content

[TEST] Reduce crypto_sign_verify_internal stack usage #751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mkannwischer wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

[TEST] Reduce crypto_sign_verify_internal stack usage #751

mkannwischer wants to merge 8 commits into from

Conversation

@mkannwischer
Copy link
Contributor

@mkannwischer mkannwischer commented Nov 29, 2025

This PR reduces the stack usage of crypto_sign_verify_internal based on top of #743 using simple restructuring and sharing buffers.

CBMC proofs are not yet adjusted.

@mkannwischer mkannwischer force-pushed the verify-internal-ram branch 2 times, most recently from e5c0a95 to a136a71 Compare November 29, 2025 04:56
@hanno-becker
Copy link
Contributor

hanno-becker commented Nov 30, 2025 

Runtime stack usage for verify, according to tests/stack:

| Level      |      main |    branch | Reduction |
|------------|----------:|----------:|----------:|
| ML-DSA-44  |  43,872 B |  18,288 B |      -58% |
| ML-DSA-65  |  69,024 B |  24,960 B |      -64% |
| ML-DSA-87  | 108,112 B |  33,328 B |      -69% |

@hanno-becker

This comment was marked as outdated.

Sign in to view
@hanno-becker hanno-becker mentioned this pull request Dec 10, 2025
Merged
hanno-becker and others added 8 commits December 17, 2025 16:42
@hanno-becker @mkannwischer
Introduce mld_polymat_get_row() helper function
c15215f 
- Add mld_polymat_get_row() to retrieve matrix row pointer
- Update mld_polyvec_matrix_pointwise_montgomery() to use helper

Addresses #738 (steps 2-3 of #736)

Signed-off-by: Hanno Becker <[email protected]>
@hanno-becker @mkannwischer
Add configuration option for reduced memory usage
4f2a1aa 
Signed-off-by: Hanno Becker <[email protected]>
@hanno-becker @mkannwischer
[TEST] Enable reduced RAM option by default
24a2d2a 
Signed-off-by: Hanno Becker <[email protected]>
@mkannwischer
verify stack usage: Reuse t1/w1 polyveck
d5f7fe6 
crypto_sign_verify_internal stack:

before: 26928/37232/49776
after: 22784/31040/41536

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer
verify stack usage: reuse mat/c2 buffer
33ae864 
crypto_sign_verify_internal stack: 21743/30016/40515

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer
verify stack usage: Unpack h on the fly
77b9c0c 
crypto_sign_verify_internal stack: 17664/24864/33312

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer
verify stack usage: unpack t1 on the fly + share tmp/mat buffer
5c3053b 
crypto_sign_verify_internal stack: 14592/19744/26144

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer
verify stack usage: reuse z/cp buffer
90a2202 
crypto_sign_verify_internal stack: 13568/18720/25120

Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer added a commit that referenced this pull request Jan 9, 2026
@mkannwischer
verify memory usage: Re-use t1/w1 buffer
1492e9c 
This commit is the first of a series of commits reducing the stack usage of
verification.
It is hoisted out from #751

This commit places the t1 and w1 buffers into a union saving K KiB of memory.
As CBMC struggles with unions (issue 8813), we use the same workaround
present in signing: Use a struct by default, and a union when
MLD_CONFIG_REDUCE_RAM is set.

Signed-off-by: Matthias J. Kannwischer <[email protected]>
mkannwischer added a commit that referenced this pull request Jan 9, 2026
@mkannwischer
Verify memory usage: Re-use t1/w1 buffer
d324b92 
This commit is the first of a series of commits reducing the stack usage of
verification.
It is hoisted out from #751

This commit places the t1 and w1 buffers into a union saving K KiB of memory.
Operations using it are slightly reordered such that their lifetime does not
overlap.
As CBMC struggles with unions (issue 8813), we use the same workaround
present in signing: Use a struct by default, and a union when
MLD_CONFIG_REDUCE_RAM is set.

Signed-off-by: Matthias J. Kannwischer <[email protected]>
@mkannwischer mkannwischer mentioned this pull request Jan 9, 2026
Open
mkannwischer added a commit that referenced this pull request Jan 9, 2026
@mkannwischer
Verify memory usage: Re-use t1/w1 buffer
099669a 
This commit is the first of a series of commits reducing the stack usage of
verification.
It is hoisted out from #751

This commit places the t1 and w1 buffers into a union saving K KiB of memory.
Operations using it are slightly reordered such that their lifetime does not
overlap.
As CBMC struggles with unions (issue 8813), we use the same workaround
present in signing: Use a struct by default, and a union when
MLD_CONFIG_REDUCE_RAM is set.

Signed-off-by: Matthias J. Kannwischer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mkannwischer @hanno-becker