@@ -380,6 +380,12 @@ int mlk_kem_enc(uint8_t ct[MLKEM_INDCCA_CIPHERTEXTBYTES],
380380 * Coefficients in [-ETA2, ETA2] are stored as (ETA2 - x), fitting in 4 bits.
381381 * Two coefficients per byte (low nibble first). */
382382static void mlk_serialize_epp (uint8_t out [MLKEM_EPP_BYTES ], const mlk_poly * p )
383+ __contract__ (
384+ requires (memory_no_alias (out , MLKEM_EPP_BYTES ))
385+ requires (memory_no_alias (p , sizeof (mlk_poly )))
386+ requires (array_abs_bound (p - > coeffs , 0 , MLKEM_N , MLKEM_ETA2 + 1 ))
387+ assigns (memory_slice (out , MLKEM_EPP_BYTES ))
388+ )
383389{
384390 unsigned j ;
385391 for (j = 0 ; j < MLKEM_N / 2 ; j ++ )
@@ -395,6 +401,11 @@ static void mlk_serialize_epp(uint8_t out[MLKEM_EPP_BYTES], const mlk_poly *p)
395401}
396402
397403static void mlk_deserialize_epp (mlk_poly * p , const uint8_t in [MLKEM_EPP_BYTES ])
404+ __contract__ (
405+ requires (memory_no_alias (in , MLKEM_EPP_BYTES ))
406+ requires (memory_no_alias (p , sizeof (mlk_poly )))
407+ assigns (memory_slice (p , sizeof (mlk_poly )))
408+ )
398409{
399410 unsigned j ;
400411 for (j = 0 ; j < MLKEM_N / 2 ; j ++ )
@@ -415,6 +426,11 @@ static void mlk_deserialize_epp(mlk_poly *p, const uint8_t in[MLKEM_EPP_BYTES])
415426 * Coefficients must be non-negative (e.g., after reduce). */
416427static void mlk_serialize_polyvec_16le (uint8_t out [MLKEM_POLYVEC16_BYTES ],
417428 const mlk_polyvec * v )
429+ __contract__ (
430+ requires (memory_no_alias (out , MLKEM_POLYVEC16_BYTES ))
431+ requires (memory_no_alias (v , sizeof (mlk_polyvec )))
432+ assigns (memory_slice (out , MLKEM_POLYVEC16_BYTES ))
433+ )
418434{
419435 unsigned i , j ;
420436 for (i = 0 ; i < MLKEM_K ; i ++ )
@@ -427,9 +443,9 @@ static void mlk_serialize_polyvec_16le(uint8_t out[MLKEM_POLYVEC16_BYTES],
427443 __loop__ (
428444 assigns (j , memory_slice (out , MLKEM_POLYVEC16_BYTES ))
429445 invariant (j <= MLKEM_N )
430- decreases (MLKEM_K - j ))
446+ decreases (MLKEM_N - j ))
431447 {
432- uint16_t c = ( uint16_t ) v -> vec [i ].coeffs [j ];
448+ uint16_t c = mlk_cast_int16_to_uint16 ( v -> vec [i ].coeffs [j ]) ;
433449 out [i * MLKEM_POLY16_BYTES + 2 * j ] = (uint8_t )(c & 0xFF );
434450 out [i * MLKEM_POLY16_BYTES + 2 * j + 1 ] = (uint8_t )(c >> 8 );
435451 }
@@ -438,6 +454,11 @@ static void mlk_serialize_polyvec_16le(uint8_t out[MLKEM_POLYVEC16_BYTES],
438454
439455static void mlk_deserialize_polyvec_16le (
440456 mlk_polyvec * v , const uint8_t in [MLKEM_POLYVEC16_BYTES ])
457+ __contract__ (
458+ requires (memory_no_alias (in , MLKEM_POLYVEC16_BYTES ))
459+ requires (memory_no_alias (v , sizeof (mlk_polyvec )))
460+ assigns (memory_slice (v , sizeof (mlk_polyvec )))
461+ )
441462{
442463 unsigned i , j ;
443464 for (i = 0 ; i < MLKEM_K ; i ++ )
@@ -450,7 +471,7 @@ static void mlk_deserialize_polyvec_16le(
450471 __loop__ (
451472 assigns (j , memory_slice (v , sizeof (mlk_polyvec )))
452473 invariant (j <= MLKEM_N )
453- decreases (MLKEM_K - j ))
474+ decreases (MLKEM_N - j ))
454475 {
455476 v -> vec [i ].coeffs [j ] = mlk_cast_uint16_to_int16 (
456477 (uint16_t )((unsigned )in [i * MLKEM_POLY16_BYTES + 2 * j ] |
0 commit comments