Skip to content

ML-DSA: F*: add specs and proofs to the trait layer#1279

Draft
W95Psp wants to merge 50 commits intomainfrom
libcrux-ml-dsa-prove-trait-operations
Draft

ML-DSA: F*: add specs and proofs to the trait layer#1279
W95Psp wants to merge 50 commits intomainfrom
libcrux-ml-dsa-prove-trait-operations

Conversation

@W95Psp
Copy link
Contributor

@W95Psp W95Psp commented Jan 12, 2026

Libcrux's ML-DSA delegates lower-level operations to simd::trait::Operations, a trait that defines parallel operations that can be performed by various "backends": avx2 on Intel CPUs, or portable otherwise.

In this repo, the proofs are mostly about functions below that abstraction.
The Operations trait lacks specifications, and its portable and avx2 implementations lacks glue proofs.
Some of the higher-level operations lack proofs: they rely on this Operations trait, that are often lacking specifications.

This PR aims at propagating specifications and proofs from the lower-level concrete (e.g. avx2 or portable) operations to the Operations trait, and then to the higher-level operations.

This PR (mostly by @clementblaudeau) is a start. This PR:

  • adds some specifications to the trait
  • adds some glue proofs between the implementations of the traits and the concrete (already proven) operations
  • add a few proofs on higher-level operations, demonstrating that the proofs propagate correctly through the trait abstraction

This work is very partial, more specifications and proofs need to be added.

@jschneider-bensch jschneider-bensch added the waiting-on-author Status: This is awaiting some action from the author. label Jan 20, 2026
@clementblaudeau
Add empty contracts on implementations for avx2 and portable
6b2cecf
@clementblaudeau
Move spec for [zero]
bf61fbc
@clementblaudeau
Move spec for [from_coefficient_array]
12c787c
@clementblaudeau
Move spec for [to_coefficient_array]
55e8c73
@clementblaudeau
Move spec for [infinity_norm_exceeds]
49e5823
@clementblaudeau
Move spec for [decompose]
e90f185
@clementblaudeau
Move spec for [use_hint]
d101b7e
@clementblaudeau
Move spec for [montgomery_multiply]
2033838
@clementblaudeau
Move spec for [shift_left_then_reduce]
3d93369
@clementblaudeau
Move spec for [power2round]
42840aa
@clementblaudeau
Move spec for [rejection_sample_less_than_field_modulus]
4ca796a
@clementblaudeau
Move spec for [rejection_sample_less_than_eta_equals_2]
4d52647
@clementblaudeau
Move spec for [rejection_sample_less_than_eta_equals_4]
a89515f
@clementblaudeau
Move spec for [gamma1_serialize] and [gamma1_deserialize]
8232493
@clementblaudeau
Move spec for [commitment_serialize]
b570cba
@clementblaudeau
Move spec for [error_serialize] and [error_deserialize]
ab76f80
@clementblaudeau
Move spec for [t0_serialize] and [t0_deserialize]
7b3780d
@clementblaudeau
Move spec for [t1_serialize] and [t1_deserialize]
e8a90f4
@clementblaudeau
Move spec for [ntt]
5e8b9d5
@clementblaudeau
Move spec for [invert_ntt]
1d7a188
@clementblaudeau
Move spec for [reduce]
569ade8
@clementblaudeau
Merge spec for [zero]
0eb5133
@clementblaudeau
Merge spec for [from_coefficient_array]
162b888
@clementblaudeau
Merge spec for [to_coefficient_array]
454c647
@clementblaudeau
Merge spec for [add]
4aa63fc
@clementblaudeau
Merge spec for [subtract]
4ec3121
@clementblaudeau
Merge spec for [infinity_norm_exceeds_pre]
5e4a243
@clementblaudeau
Merge spec for [decompose]
8c99acc
@clementblaudeau
Merge spec for [compute_hint]
19a8178
clementblaudeau and others added 21 commits March 3, 2026 11:04
@clementblaudeau
Merge spec for [use_hint]
367750d
@clementblaudeau
Merge spec for [montgomery_multiply]
82c2c03
@clementblaudeau
Merge spec for [shift_left_then_reduce]
1d1fe06
@clementblaudeau
Merge spec for [power2round]
2cb7f38
@clementblaudeau
Merge spec for [rejection_sample_*]
c5b52c3
@clementblaudeau
Merge spec for [gamma1_serialize, gamma1_deserialize]
393711d
@W95Psp @clementblaudeau
feat(libcrux-intrinsics): add a few missing preconditions on opaque i…
15c1d4d 
…ntrinsics
@W95Psp @clementblaudeau
feat(intrinsics/models): model more intrinsics
082b4f4
@W95Psp @clementblaudeau
fix(ml-dsa/simd/avx2): drop assume False on repr
5c1f782 
The assume was particularly bad because this inserts `False` in VCs in every pre- and post-conditions, making every proof trivial.
@W95Psp @clementblaudeau
feat(ml-dsa/simd/avx2): proof for zero
71fcd2b
@W95Psp @clementblaudeau
feat(ml-dsa/simd/avx2): proof for from_coefficient_array
9095a1a
@W95Psp @clementblaudeau
feat(ml-dsa/simd/avx2): proof for add, subtract, `infinity_norm_e…
c2d24f7 
…xceeds`, `decompose`
@W95Psp @clementblaudeau
fix(ml-dsa/simd/avx2): fix bad pre/post on `rejection_sample_less_tha…
29b3ba3 
…n_eta_equals_4`
@W95Psp @clementblaudeau
fix(ml-dsa/simd/avx2): add assume false
faa1012
@W95Psp @clementblaudeau
fix(ml-dsa/encoding/commitment): add precondition and proof annotatio…
6625761 
…ns for `serialize_vector`
@W95Psp @clementblaudeau
fix(ml-dsa/encoding/commitment): add precondition and proof annotatio…
772d541 
…ns for `serialize`
@W95Psp @clementblaudeau
refactor(ml-dsa/F*): makefile: switch from allowlist to denylist
1138764
@clementblaudeau
feat(spec): Updates [simd/traits/spec.rs].
2ae4535 
Added some pre-conditions in the definitions of post-conditions. It broke a
proof in the [avx2] implementation
@clementblaudeau
feat(ml-dsa/simd): add proo
3d60658
@clementblaudeau
feat(ml-dsa/proofs): Update spec for [commitment_serialize]
bc0e51e
@clementblaudeau
feat(ml-dsa): added missing specs in [simd/portable] and [simd/avx2]
36a8c7b
@clementblaudeau clementblaudeau force-pushed the libcrux-ml-dsa-prove-trait-operations branch from b73f055 to 36a8c7b Compare March 13, 2026 03:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting-on-author Status: This is awaiting some action from the author.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@W95Psp @jschneider-bensch @clementblaudeau