RubyGems - pq_crypto - Versions diffs - 0.6.1 → 0.6.2 - Mend

pq_crypto 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

data/ext/pqcrypto/vendor/mldsa-native/mldsa/src/native/aarch64/src/arith_native_aarch64.h CHANGED Viewed

@@ -18,21 +18,32 @@
 #define mld_aarch64_intt_zetas_layer123456 \
   MLD_NAMESPACE(aarch64_intt_zetas_layer123456)
-extern const int32_t mld_aarch64_ntt_zetas_layer123456[];
-extern const int32_t mld_aarch64_ntt_zetas_layer78[];
+MLD_INTERNAL_DATA_DECLARATION const int32_t
+    mld_aarch64_ntt_zetas_layer123456[144];
+MLD_INTERNAL_DATA_DECLARATION const int32_t mld_aarch64_ntt_zetas_layer78[384];
-extern const int32_t mld_aarch64_intt_zetas_layer78[];
-extern const int32_t mld_aarch64_intt_zetas_layer123456[];
+MLD_INTERNAL_DATA_DECLARATION const int32_t mld_aarch64_intt_zetas_layer78[384];
+MLD_INTERNAL_DATA_DECLARATION const int32_t
+    mld_aarch64_intt_zetas_layer123456[160];
 #define mld_rej_uniform_table MLD_NAMESPACE(rej_uniform_table)
-extern const uint8_t mld_rej_uniform_table[];
+MLD_INTERNAL_DATA_DECLARATION const uint8_t mld_rej_uniform_table[256];
+#if !defined(MLD_CONFIG_NO_KEYPAIR_API)
 #define mld_rej_uniform_eta_table MLD_NAMESPACE(rej_uniform_eta_table)
-extern const uint8_t mld_rej_uniform_eta_table[];
+MLD_INTERNAL_DATA_DECLARATION const uint8_t mld_rej_uniform_eta_table[4096];
+#endif
+#if !defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API)
+#if defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLD_CONFIG_PARAMETER_SET == 44
 #define mld_polyz_unpack_17_indices MLD_NAMESPACE(polyz_unpack_17_indices)
-extern const uint8_t mld_polyz_unpack_17_indices[];
+MLD_INTERNAL_DATA_DECLARATION const uint8_t mld_polyz_unpack_17_indices[64];
+#endif
+#if defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || \
+    (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87)
 #define mld_polyz_unpack_19_indices MLD_NAMESPACE(polyz_unpack_19_indices)
-extern const uint8_t mld_polyz_unpack_19_indices[];
+MLD_INTERNAL_DATA_DECLARATION const uint8_t mld_polyz_unpack_19_indices[64];
+#endif
+#endif /* !MLD_CONFIG_NO_SIGN_API || !MLD_CONFIG_NO_VERIFY_API */
 /*
@@ -49,11 +60,11 @@ extern const uint8_t mld_polyz_unpack_19_indices[];
  */
 #define MLD_AARCH64_REJ_UNIFORM_ETA4_BUFLEN (2 * 136)
-#define mld_ntt_asm MLD_NAMESPACE(ntt_asm)
-void mld_ntt_asm(int32_t *r, const int32_t *zetas_l123456,
-                 const int32_t *zetas_l78)
+#define mld_ntt_aarch64_asm MLD_NAMESPACE(ntt_aarch64_asm)
+void mld_ntt_aarch64_asm(int32_t *r, const int32_t *zetas_l123456,
+                         const int32_t *zetas_l78)
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/aarch64/proofs/mldsa_ntt.ml */
+ * in proofs/hol_light/aarch64/proofs/ntt_aarch64_asm.ml */
 __contract__(
   requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
   requires(array_abs_bound(r, 0, MLDSA_N, 8380417))
@@ -65,34 +76,94 @@ __contract__(
   /* check-magic: on */
 );
-#define mld_intt_asm MLD_NAMESPACE(intt_asm)
-void mld_intt_asm(int32_t *, const int32_t *, const int32_t *);
+#define mld_intt_aarch64_asm MLD_NAMESPACE(intt_aarch64_asm)
+void mld_intt_aarch64_asm(int32_t *r, const int32_t *zetas_l78,
+                          const int32_t *zetas_l123456)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/intt_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(array_abs_bound(r, 0, MLDSA_N, 8380417))
+  requires(zetas_l78 == mld_aarch64_intt_zetas_layer78)
+  requires(zetas_l123456 == mld_aarch64_intt_zetas_layer123456)
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  /* check-magic: off */
+  ensures(array_abs_bound(r, 0, MLDSA_N, 8380417))
+  /* check-magic: on */
+);
-#define mld_rej_uniform_asm MLD_NAMESPACE(rej_uniform_asm)
+#define mld_rej_uniform_aarch64_asm MLD_NAMESPACE(rej_uniform_aarch64_asm)
 MLD_MUST_CHECK_RETURN_VALUE
-uint64_t mld_rej_uniform_asm(int32_t *r, const uint8_t *buf, unsigned buflen,
-                             const uint8_t *table);
+uint64_t mld_rej_uniform_aarch64_asm(int32_t *r, const uint8_t *buf,
+                                     unsigned buflen, const uint8_t *table)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/rej_uniform_aarch64_asm.ml. */
+__contract__(
+  requires(buflen % 24 == 0)
+  requires(memory_no_alias(buf, buflen))
+  requires(table == mld_rej_uniform_table)
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(return_value <= MLDSA_N)
+  ensures(array_bound(r, 0, (unsigned) return_value, 0, MLDSA_Q))
+);
-#define mld_rej_uniform_eta2_asm MLD_NAMESPACE(rej_uniform_eta2_asm)
+#if !defined(MLD_CONFIG_NO_KEYPAIR_API)
+#define mld_rej_uniform_eta2_aarch64_asm \
+  MLD_NAMESPACE(rej_uniform_eta2_aarch64_asm)
 MLD_MUST_CHECK_RETURN_VALUE
-uint64_t mld_rej_uniform_eta2_asm(int32_t *r, const uint8_t *buf,
-                                  unsigned buflen, const uint8_t *table);
+uint64_t mld_rej_uniform_eta2_aarch64_asm(int32_t *r, const uint8_t *buf,
+                                          unsigned buflen,
+                                          const uint8_t *table);
-#define mld_rej_uniform_eta4_asm MLD_NAMESPACE(rej_uniform_eta4_asm)
+#define mld_rej_uniform_eta4_aarch64_asm \
+  MLD_NAMESPACE(rej_uniform_eta4_aarch64_asm)
 MLD_MUST_CHECK_RETURN_VALUE
-uint64_t mld_rej_uniform_eta4_asm(int32_t *r, const uint8_t *buf,
-                                  unsigned buflen, const uint8_t *table);
+uint64_t mld_rej_uniform_eta4_aarch64_asm(int32_t *r, const uint8_t *buf,
+                                          unsigned buflen,
+                                          const uint8_t *table);
+#endif /* !MLD_CONFIG_NO_KEYPAIR_API */
-#define mld_poly_decompose_32_asm MLD_NAMESPACE(poly_decompose_32_asm)
-void mld_poly_decompose_32_asm(int32_t *a1, int32_t *a0);
+#if !defined(MLD_CONFIG_NO_SIGN_API)
+#define mld_poly_decompose_32_aarch64_asm \
+  MLD_NAMESPACE(poly_decompose_32_aarch64_asm)
+void mld_poly_decompose_32_aarch64_asm(int32_t *a1, int32_t *a0)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/poly_decompose_32_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(a1, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(a0, sizeof(int32_t) * MLDSA_N))
+  requires(array_bound(a0, 0, MLDSA_N, 0, MLDSA_Q))
+  assigns(memory_slice(a1, sizeof(int32_t) * MLDSA_N))
+  assigns(memory_slice(a0, sizeof(int32_t) * MLDSA_N))
+  /* check-magic: 16 == (MLDSA_Q - 1) / (2 * ((MLDSA_Q - 1) / 32)) */
+  ensures(array_bound(a1, 0, MLDSA_N, 0, 16))
+  /* check-magic: 261889 == (MLDSA_Q - 1) / 32 + 1 */
+  ensures(array_abs_bound(a0, 0, MLDSA_N, 261889))
+);
-#define mld_poly_decompose_88_asm MLD_NAMESPACE(poly_decompose_88_asm)
-void mld_poly_decompose_88_asm(int32_t *a1, int32_t *a0);
+#define mld_poly_decompose_88_aarch64_asm \
+  MLD_NAMESPACE(poly_decompose_88_aarch64_asm)
+void mld_poly_decompose_88_aarch64_asm(int32_t *a1, int32_t *a0)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/poly_decompose_88_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(a1, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(a0, sizeof(int32_t) * MLDSA_N))
+  requires(array_bound(a0, 0, MLDSA_N, 0, MLDSA_Q))
+  assigns(memory_slice(a1, sizeof(int32_t) * MLDSA_N))
+  assigns(memory_slice(a0, sizeof(int32_t) * MLDSA_N))
+  /* check-magic: 44 == (MLDSA_Q - 1) / (2 * ((MLDSA_Q - 1) / 88)) */
+  ensures(array_bound(a1, 0, MLDSA_N, 0, 44))
+  /* check-magic: 95233 == (MLDSA_Q - 1) / 88 + 1 */
+  ensures(array_abs_bound(a0, 0, MLDSA_N, 95233))
+);
+#endif /* !MLD_CONFIG_NO_SIGN_API */
-#define mld_poly_caddq_asm MLD_NAMESPACE(poly_caddq_asm)
-void mld_poly_caddq_asm(int32_t *a)
+#define mld_poly_caddq_aarch64_asm MLD_NAMESPACE(poly_caddq_aarch64_asm)
+void mld_poly_caddq_aarch64_asm(int32_t *a)
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/aarch64/proofs/mldsa_poly_caddq.ml */
+ * in proofs/hol_light/aarch64/proofs/poly_caddq_aarch64_asm.ml */
 __contract__(
   requires(memory_no_alias(a, sizeof(int32_t) * MLDSA_N))
   requires(array_abs_bound(a, 0, MLDSA_N, MLDSA_Q))
@@ -100,17 +171,41 @@ __contract__(
   ensures(array_bound(a, 0, MLDSA_N, 0, MLDSA_Q))
 );
-#define mld_poly_use_hint_32_asm MLD_NAMESPACE(poly_use_hint_32_asm)
-void mld_poly_use_hint_32_asm(int32_t *b, const int32_t *a, const int32_t *h);
+#if !defined(MLD_CONFIG_NO_VERIFY_API)
+#define mld_poly_use_hint_32_aarch64_asm \
+  MLD_NAMESPACE(poly_use_hint_32_aarch64_asm)
+void mld_poly_use_hint_32_aarch64_asm(int32_t *a, const int32_t *h)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/poly_use_hint_32_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(a, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(h, sizeof(int32_t) * MLDSA_N))
+  requires(array_bound(a, 0, MLDSA_N, 0, MLDSA_Q))
+  requires(array_bound(h, 0, MLDSA_N, 0, 2))
+  assigns(memory_slice(a, sizeof(int32_t) * MLDSA_N))
+  ensures(array_bound(a, 0, MLDSA_N, 0, 16))
+);
-#define mld_poly_use_hint_88_asm MLD_NAMESPACE(poly_use_hint_88_asm)
-void mld_poly_use_hint_88_asm(int32_t *b, const int32_t *a, const int32_t *h);
+#define mld_poly_use_hint_88_aarch64_asm \
+  MLD_NAMESPACE(poly_use_hint_88_aarch64_asm)
+void mld_poly_use_hint_88_aarch64_asm(int32_t *a, const int32_t *h)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/poly_use_hint_88_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(a, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(h, sizeof(int32_t) * MLDSA_N))
+  requires(array_bound(a, 0, MLDSA_N, 0, MLDSA_Q))
+  requires(array_bound(h, 0, MLDSA_N, 0, 2))
+  assigns(memory_slice(a, sizeof(int32_t) * MLDSA_N))
+  ensures(array_bound(a, 0, MLDSA_N, 0, 44))
+);
+#endif /* !MLD_CONFIG_NO_VERIFY_API */
-#define mld_poly_chknorm_asm MLD_NAMESPACE(poly_chknorm_asm)
+#define mld_poly_chknorm_aarch64_asm MLD_NAMESPACE(poly_chknorm_aarch64_asm)
 MLD_MUST_CHECK_RETURN_VALUE
-int mld_poly_chknorm_asm(const int32_t *a, int32_t B)
+int mld_poly_chknorm_aarch64_asm(const int32_t *a, int32_t B)
 /* This must be kept in sync with the HOL-Light specification
- * in proofs/hol_light/aarch64/proofs/mldsa_poly_chknorm.ml */
+ * in proofs/hol_light/aarch64/proofs/poly_chknorm_aarch64_asm.ml */
 __contract__(
   requires(memory_no_alias(a, sizeof(int32_t) * MLDSA_N))
   /* HOL Light precondition: abs(ival(x i)) < 2^31, i.e., a[i] != INT32_MIN */
@@ -119,32 +214,121 @@ __contract__(
   ensures((return_value == 0) == array_abs_bound(a, 0, MLDSA_N, B))
 );
-#define mld_polyz_unpack_17_asm MLD_NAMESPACE(polyz_unpack_17_asm)
-void mld_polyz_unpack_17_asm(int32_t *r, const uint8_t *buf,
-                             const uint8_t *indices);
-#define mld_polyz_unpack_19_asm MLD_NAMESPACE(polyz_unpack_19_asm)
-void mld_polyz_unpack_19_asm(int32_t *r, const uint8_t *buf,
-                             const uint8_t *indices);
-#define mld_poly_pointwise_montgomery_asm \
-  MLD_NAMESPACE(poly_pointwise_montgomery_asm)
-void mld_poly_pointwise_montgomery_asm(int32_t *, const int32_t *,
-                                       const int32_t *);
-#define mld_polyvecl_pointwise_acc_montgomery_l4_asm \
-  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l4_asm)
-void mld_polyvecl_pointwise_acc_montgomery_l4_asm(int32_t *, const int32_t *,
-                                                  const int32_t *);
-#define mld_polyvecl_pointwise_acc_montgomery_l5_asm \
-  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l5_asm)
-void mld_polyvecl_pointwise_acc_montgomery_l5_asm(int32_t *, const int32_t *,
-                                                  const int32_t *);
-#define mld_polyvecl_pointwise_acc_montgomery_l7_asm \
-  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l7_asm)
-void mld_polyvecl_pointwise_acc_montgomery_l7_asm(int32_t *, const int32_t *,
-                                                  const int32_t *);
+#if !defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API)
+#if defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || MLD_CONFIG_PARAMETER_SET == 44
+#define mld_polyz_unpack_17_aarch64_asm \
+  MLD_NAMESPACE(polyz_unpack_17_aarch64_asm)
+void mld_polyz_unpack_17_aarch64_asm(int32_t *r, const uint8_t *buf,
+                                     const uint8_t *indices)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/polyz_unpack_17_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(buf, 576))
+  requires(indices == mld_polyz_unpack_17_indices)
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(array_bound(r, 0, MLDSA_N, -((1 << 17) - 1), (1 << 17) + 1))
+);
+#endif /* MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 44 \
+        */
+#if defined(MLD_CONFIG_MULTILEVEL_WITH_SHARED) || \
+    (MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_PARAMETER_SET == 87)
+#define mld_polyz_unpack_19_aarch64_asm \
+  MLD_NAMESPACE(polyz_unpack_19_aarch64_asm)
+void mld_polyz_unpack_19_aarch64_asm(int32_t *r, const uint8_t *buf,
+                                     const uint8_t *indices)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/polyz_unpack_19_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(buf, 640))
+  requires(indices == mld_polyz_unpack_19_indices)
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(array_bound(r, 0, MLDSA_N, -((1 << 19) - 1), (1 << 19) + 1))
+);
+#endif /* MLD_CONFIG_MULTILEVEL_WITH_SHARED || MLD_CONFIG_PARAMETER_SET == 65 \
+          || MLD_CONFIG_PARAMETER_SET == 87 */
+#endif /* !MLD_CONFIG_NO_SIGN_API || !MLD_CONFIG_NO_VERIFY_API */
+#if !defined(MLD_CONFIG_NO_SIGN_API) || !defined(MLD_CONFIG_NO_VERIFY_API) || \
+    defined(MLD_CONFIG_REDUCE_RAM) || defined(MLD_UNIT_TEST)
+#define mld_poly_pointwise_montgomery_aarch64_asm \
+  MLD_NAMESPACE(poly_pointwise_montgomery_aarch64_asm)
+void mld_poly_pointwise_montgomery_aarch64_asm(int32_t *a, const int32_t *b)
+/* This must be kept in sync with the HOL-Light specification
+ * in proofs/hol_light/aarch64/proofs/pointwise_montgomery_aarch64_asm.ml */
+__contract__(
+  requires(memory_no_alias(a, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(b, sizeof(int32_t) * MLDSA_N))
+  /* check-magic: off */
+  requires(array_abs_bound(a, 0, MLDSA_N, 75423753))
+  requires(array_abs_bound(b, 0, MLDSA_N, 75423753))
+  assigns(memory_slice(a, sizeof(int32_t) * MLDSA_N))
+  ensures(array_abs_bound(a, 0, MLDSA_N, 8380417))
+  /* check-magic: on */
+);
+#endif /* !MLD_CONFIG_NO_SIGN_API || !MLD_CONFIG_NO_VERIFY_API || \
+          MLD_CONFIG_REDUCE_RAM || MLD_UNIT_TEST */
+#define mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm \
+  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l4_aarch64_asm)
+void mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm(
+    int32_t *r, const int32_t a[4][MLDSA_N], const int32_t b[4][MLDSA_N])
+/* This must be kept in sync with the HOL-Light specification
+ * in
+ * proofs/hol_light/aarch64/proofs/mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm.ml
+ */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(a, sizeof(int32_t) * 4 * MLDSA_N))
+  requires(memory_no_alias(b, sizeof(int32_t) * 4 * MLDSA_N))
+  /* check-magic: off */
+  requires(forall(l0, 0, 4, array_abs_bound(a[l0], 0, MLDSA_N, 8380417)))
+  requires(forall(l1, 0, 4, array_abs_bound(b[l1], 0, MLDSA_N, 75423753)))
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(array_abs_bound(r, 0, MLDSA_N, 8380417))
+  /* check-magic: on */
+);
+#define mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm \
+  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l5_aarch64_asm)
+void mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm(
+    int32_t *r, const int32_t a[5][MLDSA_N], const int32_t b[5][MLDSA_N])
+/* This must be kept in sync with the HOL-Light specification
+ * in
+ * proofs/hol_light/aarch64/proofs/mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm.ml
+ */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(a, sizeof(int32_t) * 5 * MLDSA_N))
+  requires(memory_no_alias(b, sizeof(int32_t) * 5 * MLDSA_N))
+  /* check-magic: off */
+  requires(forall(l0, 0, 5, array_abs_bound(a[l0], 0, MLDSA_N, 8380417)))
+  requires(forall(l1, 0, 5, array_abs_bound(b[l1], 0, MLDSA_N, 75423753)))
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(array_abs_bound(r, 0, MLDSA_N, 8380417))
+  /* check-magic: on */
+);
+#define mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm \
+  MLD_NAMESPACE(polyvecl_pointwise_acc_montgomery_l7_aarch64_asm)
+void mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm(
+    int32_t *r, const int32_t a[7][MLDSA_N], const int32_t b[7][MLDSA_N])
+/* This must be kept in sync with the HOL-Light specification
+ * in
+ * proofs/hol_light/aarch64/proofs/mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm.ml
+ */
+__contract__(
+  requires(memory_no_alias(r, sizeof(int32_t) * MLDSA_N))
+  requires(memory_no_alias(a, sizeof(int32_t) * 7 * MLDSA_N))
+  requires(memory_no_alias(b, sizeof(int32_t) * 7 * MLDSA_N))
+  /* check-magic: off */
+  requires(forall(l0, 0, 7, array_abs_bound(a[l0], 0, MLDSA_N, 8380417)))
+  requires(forall(l1, 0, 7, array_abs_bound(b[l1], 0, MLDSA_N, 75423753)))
+  assigns(memory_slice(r, sizeof(int32_t) * MLDSA_N))
+  ensures(array_abs_bound(r, 0, MLDSA_N, 8380417))
+  /* check-magic: on */
+);
 #endif /* !MLD_NATIVE_AARCH64_SRC_ARITH_NATIVE_AARCH64_H */