Example PR for FALCON-DET512#1
Draft
nullun wants to merge 4 commits into
Draft
Conversation
Mechanical, no functional change. This rewrites deterministic.c into the
form that the build's code generator emits, so that the next commit can
generate it from a template without the resulting diff being swamped by
formatting noise:
- the file-local convenience macros (FALCON_DET1024_TMPSIZE_*, the
SALTED_SIG_* sizes) are expanded inline and their #define lines removed;
- the "#define Q 12289" is hoisted to the top of the file;
- one comment that hard-coded "1024" is made parameter-agnostic;
- a handful of lines that were space-indented are normalized to tabs, so
the file matches the tab indentation the generator emits (and the rest
of the tree).
Verified that the full preprocessor output is identical to the previous
deterministic.c -- there is no functional change.
Review this commit with `git show -w` (ignore whitespace): the diff then
collapses to just the inlined macros, the hoisted Q, and the one reworded
comment, making clear the executable code is untouched.
nullun
force-pushed
the
det512-build
branch
2 times, most recently
from
e32464b to
95fc3e6
Compare
Rename the existing hand-written deterministic implementation to deterministic1024.c ahead of introducing the template, so the n=1024 and n=512 parameter sets are named symmetrically (deterministic1024.c / deterministic512.c). This is a pure rename of the source-of-truth file plus its Makefile object reference; git detects it as a 100% rename. No content or functional change.
Introduces the deterministic Falcon variant for n=512 (logn=9) alongside the
existing n=1024 variant, without duplicating the algorithm. Both variants are
generated from one template, deterministic.c.tmpl, so they cannot diverge.
Build process (the reviewable artifacts are the generated .c files):
- deterministic.c.tmpl: the Deterministic Falcon algorithm, parameterized by
DET_N. The falcon_det1024_* / falcon_det512_* function families and their
parameter sets are selected by DET_N (1024 or 512).
- scripts/gen_deterministic.sh: expands the template's tabs so the
indentation survives the C preprocessor, copies the #include prologue
verbatim, runs the rest through the preprocessor once per variant, and
restores tab indentation with unexpand.
- deterministic1024.c (n=1024) and deterministic512.c (n=512) are the
generated outputs, committed so reviewers read concrete C. The previous
commit renamed the hand-written file to deterministic1024.c, so this commit
shows it is byte-for-byte that file plus the generated-from banner -- i.e.
the template reproduces the existing code exactly. deterministic512.c is the
new n=512 instantiation.
- Makefile: "make gen" regenerates both files from the template; "make
check-gen" verifies the committed files are in sync with it (for CI). A
normal build just compiles the committed generated files.
API and tests:
- deterministic.h: appends the FALCON_DET512_* constants and falcon_det512_*
declarations; the det1024 section is unchanged.
- tests/test_deterministic512.c + tests/test_deterministic512_kat.h: a KAT
runner and 512+32 known-answer vectors for the n=512 variant, mirroring
the existing det1024 test.
How to review:
- The only change to the existing deterministic1024.c is the one-line
generated-from banner; everything else in this commit is new files.
- To confirm det1024 and det512 are the same algorithm, diff the two
generated files: `diff deterministic512.c deterministic1024.c`. The only
differences are the falcon_det1024_/falcon_det512_ prefixes and the
FALCON_DET1024_/FALCON_DET512_ parameter macros.
- Run `make check-gen` to confirm both generated files match the template.
Exposes the new det512 C API (n=512) as a parallel set of Det512-prefixed
types and functions alongside the existing unprefixed (det1024) bindings,
which remain unchanged. Mirrors the existing binding style.
New exports:
- Constants: Det512PublicKeySize, Det512PrivateKeySize,
Det512CurrentSaltVersion, Det512CTSignatureSize, Det512SignatureMaxSize,
Det512N (= 512).
- Types: Det512PublicKey, Det512PrivateKey, Det512CompressedSignature,
Det512CTSignature.
- Functions: Det512GenerateKey, Det512S1Coefficients,
Det512HashToPointCoefficients.
- Methods: Det512PrivateKey.SignCompressed;
Det512CompressedSignature.{ConvertToCT, SaltVersion};
Det512CTSignature.{SaltVersion, S2Coefficients};
Det512PublicKey.{Verify, VerifyCTSignature, Coefficients}.
Adds Go tests mirroring the existing det1024 suite: TestKATs512 verifies
compressed signing against the reference known-answer vectors, TestDet512
covers the keygen/sign/verify round trip (compressed and CT), salt version,
bad-message and bad-key rejection, and h/c/s1/s2 coefficient recomputation,
plus signature-size, nil-message, distinct-seed, nil-signature, nil-seed,
and salt-version edge cases.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is simply for demonstration purposes, to see how it would look for reviewer.
How each commit is best viewed (for the PR description)
git show -w <sha>; whitespace-ignored, it's a handful of mechanical lines.deterministic.c.tmpl(source of truth) anddeterministic512.cas new files; the existingdeterministic.cdiff is the banner only; the variant cross-diff +make check-genare the faithfulness proofs.git show <sha>renders it as a 100% rename.Det512*block paralleling the existing det1024 API.Across the whole
main..HEADrange,git diff --statshowsdeterministic.cas a delete +deterministic1024.cas an add rather than one rename - because the file was reformatted in commit 1 and renamed in commit 3. Reviewing commit-by-commit (where the rename shows cleanly as R100) avoids that artifact.