Browse Source

adds frodo decaps bench

blog/frodo_constant_time_issue
Henry Case 3 years ago
parent
commit
286414feca
1 changed files with 31 additions and 0 deletions
  1. +31
    -0
      test/bench/kyber.cc

+ 31
- 0
test/bench/kyber.cc View File

@@ -5,6 +5,10 @@
#include <benchmark/benchmark.h>
#include <benchmark/../../src/statistics.h>
#include <benchmark/../../src/cycleclock.h>

#include <pqc/pqc.h>
#include <common/ct_check.h>

#include "kem/kyber/kyber512/avx2/polyvec.h"

extern "C" {
@@ -117,6 +121,32 @@ static void BenchKyberNttAVX(benchmark::State &st) {
cpucycle(st, total);
}

static void BenchFrodoDecaps(benchmark::State &st) {
const pqc_ctx_t *p = pqc_kem_alg_by_id(PQC_ALG_KEM_FRODOKEM640SHAKE);
std::vector<uint8_t> ct(pqc_ciphertext_bsz(p));
std::vector<uint8_t> ss1(pqc_shared_secret_bsz(p));
std::vector<uint8_t> ss2(pqc_shared_secret_bsz(p));
std::vector<uint8_t> sk(pqc_private_key_bsz(p));
std::vector<uint8_t> pk(pqc_public_key_bsz(p));

// Generate keys & perform encapsulation
pqc_keygen(p, pk.data(), sk.data());
pqc_kem_encapsulate(p, ct.data(), ss1.data(), pk.data());

// Poison & Decapsulate
ct_poison(sk.data(), 16);
ct_poison((unsigned char*)sk.data()+16+9616, 2*640*8 /*CRYPTO_SECRETBYTES*/);
ct_expect_uum();
for (auto _ : st) {
pqc_kem_decapsulate(p, ss2.data(), ct.data(), sk.data());
}
ct_require_uum();
benchmark::DoNotOptimize(ss2);
benchmark::DoNotOptimize(ct);
benchmark::DoNotOptimize(sk);
}


BENCHMARK(BenchKyberMatK2);
BENCHMARK(BenchKyberRejSampling);
BENCHMARK(BenchKyberKeygen);
@@ -126,3 +156,4 @@ BENCHMARK(BenchKyberNttAVX);
// TODO: not sure why but memcheck fails in INDCPA encryption
BENCHMARK(BenchKyberEncaps);
BENCHMARK(BenchKyberDecaps);
BENCHMARK(BenchFrodoDecaps);

Loading…
Cancel
Save