diff --git a/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv b/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv index 83e4d9a..7c821eb 100644 --- a/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv +++ b/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv @@ -510,6 +510,7 @@ end sib_mem_inst ( .clk_i(clk), + .rst_b(rst_b), .zeroize(zeroize_sib_mem), .cs_i(sib_mem_cs_mux), .we_i(sib_mem_we), diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index 789b67e..b4512ec 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -136,6 +136,8 @@ module mldsa_ctrl output logic lfsr_enable_o, output logic [1:0][LFSR_W-1:0] lfsr_seed_o, + output mem_if_t zeroize_mem_o, + `ifdef CALIPTRA // KV interface output kv_read_t kv_read, @@ -219,15 +221,25 @@ module mldsa_ctrl ); always_ff @(posedge clk or negedge rst_b) begin : mldsa_kv_reg - if (!rst_b) begin + if (!rst_b) kv_seed_data_present <= '0; - end else begin + else if (zeroize) + kv_seed_data_present <= '0; + else begin kv_seed_data_present <= kv_seed_data_present_set ? '1 : kv_seed_data_present_reset ? '0 : kv_seed_data_present; end end -always_comb mldsa_privkey_lock = kv_seed_data_present; +always_ff @(posedge clk or negedge rst_b) begin : mldsa_privkey_lock_reg + if (!rst_b) + mldsa_privkey_lock <= '0; + else if (zeroize) + mldsa_privkey_lock <= '0; + else if (kv_seed_data_present_set) + mldsa_privkey_lock <= '1; +end + always_comb pcr_sign_mode = mldsa_reg_hwif_out.MLDSA_CTRL.PCR_SIGN.value; `else @@ -256,6 +268,7 @@ always_comb mldsa_privkey_lock = '0; logic keygen_done; logic signature_done; logic verify_done; + logic signature_validity_chk_done; //assign appropriate data to msg interface logic [MLDSA_OPR_WIDTH-1:0] sampler_src; @@ -321,12 +334,18 @@ always_comb mldsa_privkey_lock = '0; logic set_entropy; logic [7:0][63:0] lfsr_entropy_reg; logic [MsgWidth-1:0] counter_reg; + + logic zeroize_mem_we; + logic [MLDSA_MEM_ADDR_WIDTH-1:0] zeroize_mem_addr; + logic [MLDSA_MEM_DATA_WIDTH-1:0] zeroize_mem_wr_data; + logic zeroize_mem_done; assign mldsa_reg_hwif_in_o = mldsa_reg_hwif_in; assign mldsa_reg_hwif_out = mldsa_reg_hwif_out_i; always_comb mldsa_ready = (prim_prog_cntr == MLDSA_RESET); + //without zeroize to make it more complex always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) counter_reg <= '0; @@ -471,15 +490,17 @@ always_comb mldsa_privkey_lock = '0; pwr2rnd_keymem_we_bank[i] = (pwr2rnd_keymem_if_i[i].rd_wr_en == RW_WRITE); api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_sk_mem_waddr[0] == i); - sk_ram_we_bank[i] = skencode_keymem_we_bank[i] | pwr2rnd_keymem_we_bank[i] | api_keymem_we_bank[i]; + sk_ram_we_bank[i] = skencode_keymem_we_bank[i] | pwr2rnd_keymem_we_bank[i] | api_keymem_we_bank[i] | zeroize_mem_we; sk_ram_waddr_bank[i] = ({SK_MEM_ADDR_W{skencode_keymem_we_bank[i]}} & skencode_keymem_if_i.addr[SK_MEM_ADDR_W:1]) | ({SK_MEM_ADDR_W{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_keymem_if_i[i].addr[SK_MEM_ADDR_W:1] ) | - ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_sk_mem_waddr[SK_MEM_ADDR_W:1]); + ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_sk_mem_waddr[SK_MEM_ADDR_W:1]) | + ({SK_MEM_ADDR_W{zeroize_mem_we}} & zeroize_mem_addr[SK_MEM_ADDR_W-1:0]); sk_ram_wdata[i] = ({DATA_WIDTH{skencode_keymem_we_bank[i]}} & skencode_wr_data_i) | ({DATA_WIDTH{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_wr_data_i[i]) | - ({DATA_WIDTH{api_keymem_we_bank[i]}} & mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data); + ({DATA_WIDTH{api_keymem_we_bank[i]}} & mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data) | + ({DATA_WIDTH{zeroize_mem_we}} & zeroize_mem_wr_data[DATA_WIDTH-1:0]); end end @@ -596,6 +617,11 @@ always_comb mldsa_privkey_lock = '0; signature_rd_ack <= 0; pubkey_rd_ack <= 0; end + else if (zeroize) begin + privkey_out_rd_ack <= 0; + signature_rd_ack <= 0; + pubkey_rd_ack <= 0; + end else begin privkey_out_rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; signature_rd_ack <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; @@ -623,9 +649,11 @@ always_comb mldsa_privkey_lock = '0; always_ff @(posedge clk or negedge rst_b) begin - if (!rst_b) begin + if (!rst_b) api_sig_z_re_f <= '0; - end else begin + else if (zeroize) + api_sig_z_re_f <= '0; + else begin api_sig_z_re_f <= api_sig_z_re; end end @@ -668,16 +696,19 @@ always_comb mldsa_privkey_lock = '0; always_comb mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_data = api_sig_z_re_f ? sig_z_ram_rdata[api_sig_z_addr.offset] : signature_reg_rdata; //write requests - always_comb sig_z_ram_we = (sigencode_wr_req_i.rd_wr_en == RW_WRITE) | api_sig_z_we; + always_comb sig_z_ram_we = (sigencode_wr_req_i.rd_wr_en == RW_WRITE) | api_sig_z_we | zeroize_mem_we; always_comb sig_z_ram_waddr = ({SIG_Z_MEM_ADDR_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}} & sigencode_wr_req_i.addr[SIG_Z_MEM_ADDR_W:1]) | - ({SIG_Z_MEM_ADDR_W{api_sig_z_we}} & api_sig_z_addr.addr); + ({SIG_Z_MEM_ADDR_W{api_sig_z_we}} & api_sig_z_addr.addr) | + ({SIG_Z_MEM_ADDR_W{zeroize_mem_we}} & zeroize_mem_addr[SIG_Z_MEM_ADDR_W-1:0]); always_comb sig_z_ram_wstrobe = ({SIG_Z_MEM_WSTROBE_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}}) | - ({SIG_Z_MEM_WSTROBE_W{api_sig_z_we}} & ('hF << api_sig_z_addr.offset*4)); + ({SIG_Z_MEM_WSTROBE_W{api_sig_z_we}} & ('hF << api_sig_z_addr.offset*4)) | + ({SIG_Z_MEM_WSTROBE_W{zeroize_mem_we}}); always_comb sig_z_ram_wdata = ({SIG_Z_MEM_DATA_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}} & sigencode_wr_data_i) | - ({SIG_Z_MEM_DATA_W{(api_sig_z_we)}} & SIG_Z_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_sig_z_addr.offset*32)); + ({SIG_Z_MEM_DATA_W{(api_sig_z_we)}} & SIG_Z_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_sig_z_addr.offset*32)) | + ({SIG_Z_MEM_DATA_W{zeroize_mem_we}} & SIG_Z_MEM_DATA_W'(zeroize_mem_wr_data)) ; //signature reg read flop always_ff @(posedge clk or negedge rst_b) begin @@ -750,6 +781,11 @@ always_comb mldsa_privkey_lock = '0; sampler_pk_rd_en_f <= '0; sampler_src_offset_f <= '0; pkdecode_rd_offset_f <= '0; + end else if (zeroize) begin + api_pubkey_re_f <= '0; + sampler_pk_rd_en_f <= '0; + sampler_src_offset_f <= '0; + pkdecode_rd_offset_f <= '0; end else begin api_pubkey_re_f <= api_pubkey_re; sampler_pk_rd_en_f <= msg_hold ? sampler_pk_rd_en_f : sampler_pk_rd_en; @@ -812,16 +848,19 @@ always_comb mldsa_privkey_lock = '0; always_comb mldsa_reg_hwif_in.MLDSA_PUBKEY.rd_data = api_pubkey_re_f ? pubkey_ram_rdata[api_pubkey_mem_addr.offset] : pk_reg_rdata; //write requests - always_comb pubkey_ram_we = (pk_t1_wren_i) | api_pubkey_we; + always_comb pubkey_ram_we = (pk_t1_wren_i) | api_pubkey_we | zeroize_mem_we; always_comb pubkey_ram_waddr = ({PK_MEM_ADDR_W{pk_t1_wren_i}} & pk_t1_wr_addr_i[PK_MEM_ADDR_W+1:2]) | - ({PK_MEM_ADDR_W{api_pubkey_we}} & api_pubkey_mem_addr.addr); + ({PK_MEM_ADDR_W{api_pubkey_we}} & api_pubkey_mem_addr.addr) | + ({PK_MEM_ADDR_W{zeroize_mem_we}} & zeroize_mem_addr[PK_MEM_ADDR_W-1:0]); always_comb pubkey_ram_wstrobe = ({PK_MEM_WSTROBE_W{pk_t1_wren_i}} & 'h3FF << pk_t1_wr_addr_i[1:0]*10) | - ({PK_MEM_WSTROBE_W{api_pubkey_we}} & ('hF << api_pubkey_mem_addr.offset*4)); + ({PK_MEM_WSTROBE_W{api_pubkey_we}} & ('hF << api_pubkey_mem_addr.offset*4)) | + ({PK_MEM_WSTROBE_W{zeroize_mem_we}}); always_comb pubkey_ram_wdata = ({PK_MEM_DATA_W{pk_t1_wren_i}} & PK_MEM_DATA_W'(pk_t1_wrdata_i << pk_t1_wr_addr_i[1:0]*80)) | - ({PK_MEM_DATA_W{(api_pubkey_we)}} & PK_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_pubkey_mem_addr.offset*32)); + ({PK_MEM_DATA_W{(api_pubkey_we)}} & PK_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_pubkey_mem_addr.offset*32)) | + ({PK_MEM_DATA_W{zeroize_mem_we}} & PK_MEM_DATA_W'(zeroize_mem_wr_data)); //pk reg read flop @@ -861,6 +900,8 @@ always_comb mldsa_privkey_lock = '0; always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin msg_data <= '0; + end else if (zeroize) begin + msg_data <= '0; end else begin if (msg_hold) begin msg_data <= msg_data; @@ -1030,7 +1071,7 @@ always_comb mldsa_privkey_lock = '0; prim_prog_cntr <= MLDSA_RESET; end else if(zeroize) begin - prim_prog_cntr <= MLDSA_RESET; + prim_prog_cntr <= MLDSA_ZEROIZE; end else begin if (error_flag_edge) begin @@ -1048,6 +1089,7 @@ always_comb mldsa_privkey_lock = '0; verifying_process_nxt = 0; keygen_signing_process_nxt = 0; keygen_done = 0; + signature_done = 0; verify_done = 0; set_y_valid = 0; set_w0_valid = 0; @@ -1056,7 +1098,7 @@ always_comb mldsa_privkey_lock = '0; set_verify_valid = 0; set_entropy = 0; prim_prog_cntr_nxt = MLDSA_RESET; - prim_seq_en = 1; + prim_seq_en = !zeroize; unique case (prim_prog_cntr) inside MLDSA_RESET : begin @@ -1087,7 +1129,14 @@ always_comb mldsa_privkey_lock = '0; prim_seq_en = 0; end endcase - end + end + MLDSA_ZEROIZE : begin + if (zeroize_mem_done) + prim_prog_cntr_nxt = MLDSA_RESET; + else + prim_prog_cntr_nxt = MLDSA_ZEROIZE; + prim_seq_en = 0; + end MLDSA_KG_JUMP_SIGN : begin //Jump to signing process if (keygen_signing_process) begin @@ -1104,7 +1153,9 @@ always_comb mldsa_privkey_lock = '0; end //START of Y access - check if Y is still valid MLDSA_SIGN_CHECK_Y_CLR : begin - if (y_valid | w0_valid) begin //Stalled until Y and w0 can be overwritten + if (signature_validity_chk_done) + prim_prog_cntr_nxt = MLDSA_SIGN_E; + else if (y_valid | w0_valid) begin //Stalled until Y and w0 can be overwritten prim_prog_cntr_nxt = prim_prog_cntr; end else begin @@ -1118,7 +1169,9 @@ always_comb mldsa_privkey_lock = '0; end //START of W0 access - check if W0 is still valid MLDSA_SIGN_CHECK_W0_CLR : begin - if (w0_valid) begin //Stalled until W0 can be overwritten + if (signature_validity_chk_done) + prim_prog_cntr_nxt = MLDSA_SIGN_E; + else if (w0_valid) begin //Stalled until W0 can be overwritten prim_prog_cntr_nxt = prim_prog_cntr; end else begin @@ -1144,17 +1197,26 @@ always_comb mldsa_privkey_lock = '0; set_c_valid = 1; prim_prog_cntr_nxt = prim_prog_cntr + 1; end - MLDSA_SIGN_E : begin // end of challenge generation - //increment kappa value - update_kappa = 1; - //restart challenge generation - prim_prog_cntr_nxt = MLDSA_SIGN_CHECK_Y_CLR; + MLDSA_SIGN_CHL_E : begin // end of challenge generation + if (signature_validity_chk_done) + prim_prog_cntr_nxt = MLDSA_SIGN_E; + else begin + //increment kappa value + update_kappa = 1; + //restart challenge generation + prim_prog_cntr_nxt = MLDSA_SIGN_CHECK_Y_CLR; + end + end + MLDSA_SIGN_E : begin // end of signature + signature_done = 1; end MLDSA_VERIFY_E : begin // end of verify flow verify_done = 1; end default : begin - if (subcomponent_busy) begin //Stalled until sub-component is done + if (signature_validity_chk_done) + prim_prog_cntr_nxt = MLDSA_SIGN_E; + else if (subcomponent_busy) begin //Stalled until sub-component is done prim_prog_cntr_nxt = prim_prog_cntr; end else begin @@ -1351,8 +1413,6 @@ end mldsa_seq_prim mldsa_seq_prim_inst ( .clk(clk), - .rst_b(rst_b), - .zeroize(zeroize), .en_i(prim_seq_en), .addr_i(prim_prog_cntr_nxt), @@ -1368,7 +1428,7 @@ mldsa_seq_prim mldsa_seq_prim_inst sec_prog_cntr <= MLDSA_RESET; end else if(zeroize) begin - sec_prog_cntr <= MLDSA_RESET; + sec_prog_cntr <= MLDSA_ZEROIZE; end else begin if (error_flag_edge) begin @@ -1387,8 +1447,8 @@ mldsa_seq_prim mldsa_seq_prim_inst clear_y_valid = 0; clear_w0_valid = 0; set_signature_valid = 0; - signature_done = 0; - sec_seq_en = 1; + signature_validity_chk_done = 0; + sec_seq_en = !zeroize; unique case (sec_prog_cntr) inside MLDSA_RESET : begin @@ -1415,9 +1475,15 @@ mldsa_seq_prim mldsa_seq_prim_inst endcase if (keygen_signing_process & (prim_prog_cntr == MLDSA_KG_JUMP_SIGN)) begin sec_prog_cntr_nxt = MLDSA_SIGN_INIT_S; - sec_seq_en = 1; end end + MLDSA_ZEROIZE : begin + if (zeroize_mem_done) + sec_prog_cntr_nxt = MLDSA_RESET; + else + sec_prog_cntr_nxt = MLDSA_ZEROIZE; + sec_seq_en = 0; + end //START of C access - check if C is valid MLDSA_SIGN_CHECK_C_VLD : begin if (c_valid) begin @@ -1472,7 +1538,11 @@ mldsa_seq_prim mldsa_seq_prim_inst end end MLDSA_SIGN_GEN_E : begin // Successful signature generation - signature_done = 1; + signature_validity_chk_done = 1; + if (signature_done) + sec_prog_cntr_nxt = MLDSA_RESET; + else + sec_prog_cntr_nxt = sec_prog_cntr; end default : begin if (sign_subcomponent_busy) begin //Stalled until sub-component is done @@ -1575,15 +1645,39 @@ end mldsa_seq_sec mldsa_seq_sec_inst ( .clk(clk), - .rst_b(rst_b), - .zeroize(zeroize), .en_i(sec_seq_en), .addr_i(sec_prog_cntr_nxt), .data_o(sec_instr) ); +always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + zeroize_mem_addr <= 0; + zeroize_mem_done <= 0; + end + else if (zeroize) begin + zeroize_mem_addr <= 0; + zeroize_mem_done <= 0; + end + else if (prim_prog_cntr == MLDSA_ZEROIZE) begin + if (zeroize_mem_addr == MLDSA_MEM_MAX_DEPTH) begin + zeroize_mem_addr <= 0; + zeroize_mem_done <= 1; + end else begin + zeroize_mem_addr <= zeroize_mem_addr + 1; + end + end else begin + zeroize_mem_addr <= 0; + zeroize_mem_done <= 0; + end +end + +always_comb zeroize_mem_we = (prim_prog_cntr == MLDSA_ZEROIZE); +always_comb zeroize_mem_wr_data = '0; +always_comb zeroize_mem_o.rd_wr_en = zeroize_mem_we? RW_WRITE : RW_IDLE; +always_comb zeroize_mem_o.addr = zeroize_mem_addr; `ifdef RV_FPGA_SCA //=========================================================================== diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv index b61a643..f4ba535 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv @@ -404,7 +404,8 @@ package mldsa_ctrl_pkg; // MLDSA Subroutine listing //KG localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_RESET = 'd0; - localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_S = MLDSA_RESET + 2; + localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_ZEROIZE = MLDSA_RESET + 2; + localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_S = MLDSA_ZEROIZE + 2; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_JUMP_SIGN = MLDSA_KG_S + 101; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_E = MLDSA_KG_JUMP_SIGN + 1; //Signing @@ -421,7 +422,8 @@ package mldsa_ctrl_pkg; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHECK_C_CLR = MLDSA_SIGN_SET_W0+ 1; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_C = MLDSA_SIGN_CHECK_C_CLR+ 1; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_SET_C = MLDSA_SIGN_MAKE_C+ 2; - localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_E = MLDSA_SIGN_SET_C + 1; + localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHL_E = MLDSA_SIGN_SET_C + 1; + localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_E = MLDSA_SIGN_CHL_E + 1; //Verify localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_VERIFY_S = MLDSA_SIGN_E + 2; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_VERIFY_H_TR = MLDSA_VERIFY_S + 9; @@ -437,7 +439,7 @@ package mldsa_ctrl_pkg; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_ERROR = '1; //Signing Sequencer Subroutine listing - localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_INIT_S = MLDSA_RESET + 2; + localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_INIT_S = MLDSA_ZEROIZE + 2; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHECK_C_VLD = MLDSA_SIGN_INIT_S + 24; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_VALID_S = MLDSA_SIGN_CHECK_C_VLD + 1; localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHECK_Y_VLD = MLDSA_SIGN_VALID_S + 1; diff --git a/src/mldsa_top/rtl/mldsa_params_pkg.sv b/src/mldsa_top/rtl/mldsa_params_pkg.sv index b95700a..5fc2c76 100644 --- a/src/mldsa_top/rtl/mldsa_params_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_params_pkg.sv @@ -39,7 +39,7 @@ package mldsa_params_pkg; parameter COEFF_PER_CLK = 4; //Memory interface - FIXME calculate the width based on depth not the other way - parameter MLDSA_MEM_MAX_DEPTH = 1664; //FIXME + parameter MLDSA_MEM_MAX_DEPTH = 1408; //FIXME parameter MLDSA_MEM_DATA_WIDTH = COEFF_PER_CLK * MLDSA_Q_WIDTH; parameter MLDSA_MEM_ADDR_WIDTH = $clog2(MLDSA_MEM_MAX_DEPTH) + 3; //+ 3 bits for bank selection @@ -52,6 +52,8 @@ package mldsa_params_pkg; parameter MLDSA_MEM_INST3_DEPTH = 128; //1.5 KB parameter MLDSA_MEM_INST3_ADDR_W = $clog2(MLDSA_MEM_INST3_DEPTH); parameter MLDSA_MEM_W1_DEPTH = 512; + parameter MLDSA_MEM_W1_ADDR_WIDTH = $clog2(MLDSA_MEM_W1_DEPTH); + parameter MLDSA_MEM_W1_DATA_WIDTH = 4; parameter MLDSA_KEYGEN = 3'b001; parameter MLDSA_SIGN = 3'b010; diff --git a/src/mldsa_top/rtl/mldsa_seq_prim.sv b/src/mldsa_top/rtl/mldsa_seq_prim.sv index a9c9829..151a32a 100644 --- a/src/mldsa_top/rtl/mldsa_seq_prim.sv +++ b/src/mldsa_top/rtl/mldsa_seq_prim.sv @@ -24,8 +24,6 @@ module mldsa_seq_prim import mldsa_ctrl_pkg::*; ( input logic clk, - input logic rst_b, - input logic zeroize, input logic en_i, input logic [MLDSA_PROG_ADDR_W-1 : 0] addr_i, @@ -45,420 +43,423 @@ module mldsa_seq_prim //---------------------------------------------------------------- always_ff @(posedge clk) begin - if (en_i) begin - unique case(addr_i) - //RESET - MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + if (en_i) begin + unique case(addr_i) + //RESET + MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + //ZEROIZE + MLDSA_ZEROIZE : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + //KEYGEN + //rnd_seed=Keccak(entropy||counter) + MLDSA_KG_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; + MLDSA_KG_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //(p,p',K)=Keccak(seed) + // //SHAKE256 operation //SRC //SRC2 //DEST + MLDSA_KG_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0708, length:'d34, operand1:MLDSA_SEED_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_K_RHO_REG_ID}; + //s1=expandS + // //Rej Bounded op //SRC imm //SRC1 //SRC2 //DEST + MLDSA_KG_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; + MLDSA_KG_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_1_BASE}; + MLDSA_KG_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_2_BASE}; + MLDSA_KG_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_3_BASE}; + MLDSA_KG_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_4_BASE}; + MLDSA_KG_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_5_BASE}; + MLDSA_KG_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_6_BASE}; + //s1=expandS + MLDSA_KG_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0007, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_0_BASE}; + MLDSA_KG_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0008, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_1_BASE}; + MLDSA_KG_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0009, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_2_BASE}; + MLDSA_KG_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000A, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_3_BASE}; + MLDSA_KG_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000B, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_4_BASE}; + MLDSA_KG_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000C, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_5_BASE}; + MLDSA_KG_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000D, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_6_BASE}; + MLDSA_KG_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000E, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_7_BASE}; + //NTT(s1) + MLDSA_KG_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_NTT_BASE}; + MLDSA_KG_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_NTT_BASE}; + MLDSA_KG_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_NTT_BASE}; + MLDSA_KG_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_NTT_BASE}; + MLDSA_KG_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_NTT_BASE}; + MLDSA_KG_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_NTT_BASE}; + MLDSA_KG_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_NTT_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_T0_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_T1_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_T2_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_T3_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_T4_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_T5_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 80 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 81 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 82 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 83 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 84 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 85 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 86 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 87 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 88 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_T6_BASE}; + //ExpandA(ρ) AND Aˆ NTT(s1) + MLDSA_KG_S+ 89 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 90 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 91 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 92 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 93 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 94 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 95 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + //NTT−1(Aˆ ◦NTT(s1)) + MLDSA_KG_S+ 96 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + //t ←NTT−1(Aˆ ◦NTT(s1))+s2 + MLDSA_KG_S+ 97 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_T7_BASE}; + //(t1,t0)←Power2Round(t,d) AND pk ←pkEncode(ρ,t1) + MLDSA_KG_S+ 98 : data_o_rom <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_SK_T0_OFFSET}; + //tr ←H(BytesToBits(pk),512) + MLDSA_KG_S+ 99 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; + //sk ←skEncode(ρ,K,tr,s1,s2,t0) + MLDSA_KG_S+ 100 : data_o_rom <= '{opcode:MLDSA_UOP_SKENCODE, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_JUMP_SIGN : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //KG end + MLDSA_KG_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //KEYGEN - //rnd_seed=Keccak(entropy||counter) - MLDSA_KG_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_KG_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; - MLDSA_KG_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //(p,p',K)=Keccak(seed) - // //SHAKE256 operation //SRC //SRC2 //DEST - MLDSA_KG_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0708, length:'d34, operand1:MLDSA_SEED_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_K_RHO_REG_ID}; - //s1=expandS - // //Rej Bounded op //SRC imm //SRC1 //SRC2 //DEST - MLDSA_KG_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; - MLDSA_KG_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_1_BASE}; - MLDSA_KG_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_2_BASE}; - MLDSA_KG_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_3_BASE}; - MLDSA_KG_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_4_BASE}; - MLDSA_KG_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_5_BASE}; - MLDSA_KG_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_6_BASE}; - //s1=expandS - MLDSA_KG_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0007, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_0_BASE}; - MLDSA_KG_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0008, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_1_BASE}; - MLDSA_KG_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0009, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_2_BASE}; - MLDSA_KG_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000A, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_3_BASE}; - MLDSA_KG_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000B, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_4_BASE}; - MLDSA_KG_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000C, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_5_BASE}; - MLDSA_KG_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000D, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_6_BASE}; - MLDSA_KG_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000E, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_7_BASE}; - //NTT(s1) - MLDSA_KG_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_NTT_BASE}; - MLDSA_KG_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_NTT_BASE}; - MLDSA_KG_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_NTT_BASE}; - MLDSA_KG_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_NTT_BASE}; - MLDSA_KG_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_NTT_BASE}; - MLDSA_KG_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_NTT_BASE}; - MLDSA_KG_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_NTT_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_T0_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_T1_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_T2_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_T3_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_T4_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_T5_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 80 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 81 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 82 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 83 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 84 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 85 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 86 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 87 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 88 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_T6_BASE}; - //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 89 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 90 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 91 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 92 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 93 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 94 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 95 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; - //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 96 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d01, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; - //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 97 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_T7_BASE}; - //(t1,t0)←Power2Round(t,d) AND pk ←pkEncode(ρ,t1) - MLDSA_KG_S+ 98 : data_o_rom <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_SK_T0_OFFSET}; - //tr ←H(BytesToBits(pk),512) - MLDSA_KG_S+ 99 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; - //sk ←skEncode(ρ,K,tr,s1,s2,t0) - MLDSA_KG_S+ 100 : data_o_rom <= '{opcode:MLDSA_UOP_SKENCODE, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_KG_JUMP_SIGN : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //KG end - MLDSA_KG_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //Signing start + //rnd_seed=Keccak(entropy||counter) + MLDSA_SIGN_RND_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_RND_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; + MLDSA_SIGN_RND_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //μ ←H(tr||M,512) + MLDSA_SIGN_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d66, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; + //ρ′=Keccak(K||rnd|| μ) + MLDSA_SIGN_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_K_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_SIGN_RND_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_RHO_P_REG_ID}; + //Check Y valid + MLDSA_SIGN_CHECK_Y_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //lfsr_seed=Keccak(re_entropy||counter) + MLDSA_SIGN_LFSR_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_LFSR_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; + MLDSA_SIGN_LFSR_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //y=ExpandMask(ρ’ ,κ) + MLDSA_SIGN_MAKE_Y_S : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_0_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_1_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_2_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_3_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_4_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_5_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_6_BASE}; + //NTT(Y) + MLDSA_SIGN_MAKE_Y_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_0_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_1_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_2_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_3_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_4_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_5_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_6_NTT_BASE}; + //Check W0 clear + MLDSA_SIGN_CHECK_W0_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(y) + MLDSA_SIGN_MAKE_W_S : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - //Signing start - //rnd_seed=Keccak(entropy||counter) - MLDSA_SIGN_RND_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_RND_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; - MLDSA_SIGN_RND_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //μ ←H(tr||M,512) - MLDSA_SIGN_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d66, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; - //ρ′=Keccak(K||rnd|| μ) - MLDSA_SIGN_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_K_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_SIGN_RND_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_RHO_P_REG_ID}; - //Check Y valid - MLDSA_SIGN_CHECK_Y_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //lfsr_seed=Keccak(re_entropy||counter) - MLDSA_SIGN_LFSR_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_ENTROPY_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_LFSR_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d08, operand1:MLDSA_CNT_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_LFSR_SEED_REG_ID}; - MLDSA_SIGN_LFSR_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LFSR, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //y=ExpandMask(ρ’ ,κ) - MLDSA_SIGN_MAKE_Y_S : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_0_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_1_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_2_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_3_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_4_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_5_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_6_BASE}; - //NTT(Y) - MLDSA_SIGN_MAKE_Y_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_0_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_1_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_2_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_3_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_4_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_5_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0001, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_6_NTT_BASE}; - //Check W0 clear - MLDSA_SIGN_CHECK_W0_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(y) - MLDSA_SIGN_MAKE_W_S : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_1_BASE}; + + MLDSA_SIGN_MAKE_W_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_1_BASE}; - - MLDSA_SIGN_MAKE_W_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_2_BASE}; - MLDSA_SIGN_MAKE_W_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_2_BASE}; + MLDSA_SIGN_MAKE_W_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_3_BASE}; - MLDSA_SIGN_MAKE_W_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_3_BASE}; + MLDSA_SIGN_MAKE_W_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_4_BASE}; - MLDSA_SIGN_MAKE_W_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_4_BASE}; - - MLDSA_SIGN_MAKE_W_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_5_BASE}; - - MLDSA_SIGN_MAKE_W_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_5_BASE}; + + MLDSA_SIGN_MAKE_W_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_6_BASE}; - - MLDSA_SIGN_MAKE_W_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_6_BASE}; + + MLDSA_SIGN_MAKE_W_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_7_BASE}; + MLDSA_SIGN_MAKE_W_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0001, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_7_BASE}; - //Set Y valid //FIXME this can move before MAKE_W if we opt accumulator to not have to read dest - MLDSA_SIGN_SET_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //(w1,w0) ←Decompose(w) AND c˜←H(μ||w1Encode(w1),2λ) - MLDSA_SIGN_MAKE_W_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_MAKE_W : data_o_rom <= '{opcode:MLDSA_UOP_DECOMP, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_W0_0_BASE}; - MLDSA_SIGN_SET_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - // c ←SampleInBall(c˜1) - //Check C clear - MLDSA_SIGN_CHECK_C_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_SIG_C_REG_ID}; - MLDSA_SIGN_MAKE_C+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_SET_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //Set Y valid //FIXME this can move before MAKE_W if we opt accumulator to not have to read dest + MLDSA_SIGN_SET_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //(w1,w0) ←Decompose(w) AND c˜←H(μ||w1Encode(w1),2λ) + MLDSA_SIGN_MAKE_W_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_MAKE_W : data_o_rom <= '{opcode:MLDSA_UOP_DECOMP, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_W0_0_BASE}; + MLDSA_SIGN_SET_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + // c ←SampleInBall(c˜1) + //Check C clear + MLDSA_SIGN_CHECK_C_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_SIG_C_REG_ID}; + MLDSA_SIGN_MAKE_C+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_SET_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CHL_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //Verify flow - //(ρ,t1)←pkDecode(pk) - MLDSA_VERIFY_S : data_o_rom <= '{opcode:MLDSA_UOP_PKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_T0_BASE}; - //(c˜,z,h)←sigDecode(σ) - MLDSA_VERIFY_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_Z, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_Z_0_BASE}; - //||z||∞ ≥ γ1 −β - MLDSA_VERIFY_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //tr ←H(pk,512) - MLDSA_VERIFY_H_TR : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; - //μ ←H(tr||M,512) - MLDSA_VERIFY_H_MU : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_H_MU+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d66, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; - //c ←SampleInBall(c˜1) - MLDSA_VERIFY_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //cˆ ←NTT(c) - MLDSA_VERIFY_NTT_C : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; - //t1 ←NTT(t1) - MLDSA_VERIFY_NTT_T1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; - MLDSA_VERIFY_NTT_T1+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; - MLDSA_VERIFY_NTT_T1+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; - MLDSA_VERIFY_NTT_T1+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; - MLDSA_VERIFY_NTT_T1+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; - MLDSA_VERIFY_NTT_T1+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; - MLDSA_VERIFY_NTT_T1+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; - MLDSA_VERIFY_NTT_T1+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; + //Verify flow + //(ρ,t1)←pkDecode(pk) + MLDSA_VERIFY_S : data_o_rom <= '{opcode:MLDSA_UOP_PKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_T0_BASE}; + //(c˜,z,h)←sigDecode(σ) + MLDSA_VERIFY_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_Z, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_Z_0_BASE}; + //||z||∞ ≥ γ1 −β + MLDSA_VERIFY_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //tr ←H(pk,512) + MLDSA_VERIFY_H_TR : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; + //μ ←H(tr||M,512) + MLDSA_VERIFY_H_MU : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_H_MU+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d66, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; + //c ←SampleInBall(c˜1) + MLDSA_VERIFY_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //cˆ ←NTT(c) + MLDSA_VERIFY_NTT_C : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; + //t1 ←NTT(t1) + MLDSA_VERIFY_NTT_T1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; + MLDSA_VERIFY_NTT_T1+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; + MLDSA_VERIFY_NTT_T1+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; + MLDSA_VERIFY_NTT_T1+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; + MLDSA_VERIFY_NTT_T1+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; + MLDSA_VERIFY_NTT_T1+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; + MLDSA_VERIFY_NTT_T1+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; + MLDSA_VERIFY_NTT_T1+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; - //z ←NTT(z) - MLDSA_VERIFY_NTT_Z : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_0_BASE}; - MLDSA_VERIFY_NTT_Z+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_1_BASE}; - MLDSA_VERIFY_NTT_Z+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_2_BASE}; - MLDSA_VERIFY_NTT_Z+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_3_BASE}; - MLDSA_VERIFY_NTT_Z+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_4_BASE}; - MLDSA_VERIFY_NTT_Z+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_5_BASE}; - MLDSA_VERIFY_NTT_Z+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_6_BASE}; - //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(z) - MLDSA_VERIFY_EXP_A+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_0_BASE}; - - MLDSA_VERIFY_EXP_A+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_1_BASE}; - - MLDSA_VERIFY_EXP_A+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_2_BASE}; - - MLDSA_VERIFY_EXP_A+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_3_BASE}; - - MLDSA_VERIFY_EXP_A+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_4_BASE}; - - MLDSA_VERIFY_EXP_A+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_5_BASE}; - - MLDSA_VERIFY_EXP_A+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_6_BASE}; + //z ←NTT(z) + MLDSA_VERIFY_NTT_Z : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_0_BASE}; + MLDSA_VERIFY_NTT_Z+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_1_BASE}; + MLDSA_VERIFY_NTT_Z+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_2_BASE}; + MLDSA_VERIFY_NTT_Z+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_3_BASE}; + MLDSA_VERIFY_NTT_Z+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_4_BASE}; + MLDSA_VERIFY_NTT_Z+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_5_BASE}; + MLDSA_VERIFY_NTT_Z+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_6_BASE}; + //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(z) + MLDSA_VERIFY_EXP_A+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_0_BASE}; - MLDSA_VERIFY_EXP_A+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_7_BASE}; - - MLDSA_VERIFY_RES+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_H, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_HINT_R_0_BASE}; - MLDSA_VERIFY_RES+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_RES+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_USEHINT, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_HINT_R_0_BASE, operand3:MLDSA_NOP}; - MLDSA_VERIFY_RES+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_VERIFY_RES_REG_ID}; - MLDSA_VERIFY_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_EXP_A+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_1_BASE}; + + MLDSA_VERIFY_EXP_A+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_2_BASE}; + + MLDSA_VERIFY_EXP_A+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_3_BASE}; + + MLDSA_VERIFY_EXP_A+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_4_BASE}; + + MLDSA_VERIFY_EXP_A+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_5_BASE}; + + MLDSA_VERIFY_EXP_A+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_6_BASE}; + + MLDSA_VERIFY_EXP_A+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_7_BASE}; + + MLDSA_VERIFY_RES+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_H, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_HINT_R_0_BASE}; + MLDSA_VERIFY_RES+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_RES+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_USEHINT, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_HINT_R_0_BASE, operand3:MLDSA_NOP}; + MLDSA_VERIFY_RES+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_VERIFY_RES_REG_ID}; + MLDSA_VERIFY_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - endcase + default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + endcase end else begin data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; diff --git a/src/mldsa_top/rtl/mldsa_seq_sec.sv b/src/mldsa_top/rtl/mldsa_seq_sec.sv index cabb40e..cb3df27 100644 --- a/src/mldsa_top/rtl/mldsa_seq_sec.sv +++ b/src/mldsa_top/rtl/mldsa_seq_sec.sv @@ -24,8 +24,6 @@ module mldsa_seq_sec import mldsa_ctrl_pkg::*; ( input logic clk, - input logic rst_b, - input logic zeroize, input logic en_i, input logic [MLDSA_PROG_ADDR_W-1 : 0] addr_i, @@ -46,152 +44,155 @@ module mldsa_seq_sec //---------------------------------------------------------------- always_ff @(posedge clk) begin - if (en_i) begin - unique case(addr_i) - //RESET - MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - //Signing initial steps start - MLDSA_SIGN_INIT_S : data_o_rom <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; - //NTT(t0) - MLDSA_SIGN_INIT_S+1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; - MLDSA_SIGN_INIT_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; - MLDSA_SIGN_INIT_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; - MLDSA_SIGN_INIT_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; - MLDSA_SIGN_INIT_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; - MLDSA_SIGN_INIT_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; - MLDSA_SIGN_INIT_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; - MLDSA_SIGN_INIT_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; - //NTT(s1) - MLDSA_SIGN_INIT_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_BASE}; - MLDSA_SIGN_INIT_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_BASE}; - MLDSA_SIGN_INIT_S+11: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_BASE}; - MLDSA_SIGN_INIT_S+12: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_BASE}; - MLDSA_SIGN_INIT_S+13: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_BASE}; - MLDSA_SIGN_INIT_S+14: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_BASE}; - MLDSA_SIGN_INIT_S+15: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_BASE}; - //NTT(s2) - MLDSA_SIGN_INIT_S+16: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_0_BASE}; - MLDSA_SIGN_INIT_S+17: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_1_BASE}; - MLDSA_SIGN_INIT_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_2_BASE}; - MLDSA_SIGN_INIT_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_3_BASE}; - MLDSA_SIGN_INIT_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_4_BASE}; - MLDSA_SIGN_INIT_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_5_BASE}; - MLDSA_SIGN_INIT_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_6_BASE}; - MLDSA_SIGN_INIT_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_7_BASE}; - //Signing validity checks - MLDSA_SIGN_CHECK_C_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - //NTT(C) - MLDSA_SIGN_VALID_S : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; - - //Compute Z and perform norm check - MLDSA_SIGN_CHECK_Y_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h000}; - - MLDSA_SIGN_VALID_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_1_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h040}; - - MLDSA_SIGN_VALID_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_2_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+11 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+12 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+13 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h080}; - - MLDSA_SIGN_VALID_S+14 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_3_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+15 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+16 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+17 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h0C0}; - - MLDSA_SIGN_VALID_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_4_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h100}; - - MLDSA_SIGN_VALID_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_5_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+24 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+25 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h140}; - - MLDSA_SIGN_VALID_S+26 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_6_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+27 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+28 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+29 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h180}; - - MLDSA_SIGN_CLEAR_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - MLDSA_SIGN_VALID_S+31 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_0_BASE}; - MLDSA_SIGN_VALID_S+32 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_1_BASE}; - MLDSA_SIGN_VALID_S+33 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_2_BASE}; - MLDSA_SIGN_VALID_S+34 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_3_BASE}; - MLDSA_SIGN_VALID_S+35 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_4_BASE}; - MLDSA_SIGN_VALID_S+36 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_5_BASE}; - MLDSA_SIGN_VALID_S+37 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_6_BASE}; - MLDSA_SIGN_VALID_S+38 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_7_BASE}; - - MLDSA_SIGN_CHECK_W0_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - //Make R0, CT0 and Hint_r - MLDSA_SIGN_VALID_S+40 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+41 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_0_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+42 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+43 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+44 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_0_BASE, operand3:MLDSA_HINT_R_0_BASE}; - - MLDSA_SIGN_VALID_S+45 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+46 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_1_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+47 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+48 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+49 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_1_BASE, operand3:MLDSA_HINT_R_1_BASE}; - - MLDSA_SIGN_VALID_S+50 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+51 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_2_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+52 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+53 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+54 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_2_BASE, operand3:MLDSA_HINT_R_2_BASE}; - - MLDSA_SIGN_VALID_S+55 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+56 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_3_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+57 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+58 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+59 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_3_BASE, operand3:MLDSA_HINT_R_3_BASE}; - - MLDSA_SIGN_VALID_S+60 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+61 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_4_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+62 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+63 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+64 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_4_BASE, operand3:MLDSA_HINT_R_4_BASE}; - - MLDSA_SIGN_VALID_S+65 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+66 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_5_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+67 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+68 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+69 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_5_BASE, operand3:MLDSA_HINT_R_5_BASE}; - - MLDSA_SIGN_VALID_S+70 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+71 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_6_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+72 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+73 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+74 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_6_BASE, operand3:MLDSA_HINT_R_6_BASE}; - - MLDSA_SIGN_VALID_S+75 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+76 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_7_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+77 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+78 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+79 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_7_BASE, operand3:MLDSA_HINT_R_7_BASE}; + if (en_i) begin + unique case(addr_i) + //RESET + MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + //ZEROIZE + MLDSA_ZEROIZE : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + //Signing initial steps start + MLDSA_SIGN_INIT_S : data_o_rom <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; + //NTT(t0) + MLDSA_SIGN_INIT_S+1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; + MLDSA_SIGN_INIT_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; + MLDSA_SIGN_INIT_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; + MLDSA_SIGN_INIT_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; + MLDSA_SIGN_INIT_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; + MLDSA_SIGN_INIT_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; + MLDSA_SIGN_INIT_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; + MLDSA_SIGN_INIT_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; + //NTT(s1) + MLDSA_SIGN_INIT_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_BASE}; + MLDSA_SIGN_INIT_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_BASE}; + MLDSA_SIGN_INIT_S+11: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_BASE}; + MLDSA_SIGN_INIT_S+12: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_BASE}; + MLDSA_SIGN_INIT_S+13: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_BASE}; + MLDSA_SIGN_INIT_S+14: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_BASE}; + MLDSA_SIGN_INIT_S+15: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_BASE}; + //NTT(s2) + MLDSA_SIGN_INIT_S+16: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_0_BASE}; + MLDSA_SIGN_INIT_S+17: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_1_BASE}; + MLDSA_SIGN_INIT_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_2_BASE}; + MLDSA_SIGN_INIT_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_3_BASE}; + MLDSA_SIGN_INIT_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_4_BASE}; + MLDSA_SIGN_INIT_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_5_BASE}; + MLDSA_SIGN_INIT_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_6_BASE}; + MLDSA_SIGN_INIT_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_7_BASE}; + //Signing validity checks + MLDSA_SIGN_CHECK_C_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + //NTT(C) + MLDSA_SIGN_VALID_S : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; + + //Compute Z and perform norm check + MLDSA_SIGN_CHECK_Y_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h000}; + + MLDSA_SIGN_VALID_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_1_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h040}; + + MLDSA_SIGN_VALID_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_2_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+11 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+12 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+13 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h080}; + + MLDSA_SIGN_VALID_S+14 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_3_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+15 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+16 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+17 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h0C0}; + + MLDSA_SIGN_VALID_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_4_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h100}; + + MLDSA_SIGN_VALID_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_5_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+24 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+25 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h140}; + + MLDSA_SIGN_VALID_S+26 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_6_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+27 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+28 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+29 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h180}; - MLDSA_SIGN_CLEAR_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - MLDSA_SIGN_VALID_S+81 : data_o_rom <= '{opcode:MLDSA_UOP_MAKEHINT, imm:'h0000, length:'d00, operand1:MLDSA_HINT_R_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - MLDSA_SIGN_GEN_S : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_CLEAR_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_GEN_E : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - endcase + MLDSA_SIGN_CLEAR_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + MLDSA_SIGN_VALID_S+31 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_0_BASE}; + MLDSA_SIGN_VALID_S+32 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_1_BASE}; + MLDSA_SIGN_VALID_S+33 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_2_BASE}; + MLDSA_SIGN_VALID_S+34 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_3_BASE}; + MLDSA_SIGN_VALID_S+35 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_4_BASE}; + MLDSA_SIGN_VALID_S+36 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_5_BASE}; + MLDSA_SIGN_VALID_S+37 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_6_BASE}; + MLDSA_SIGN_VALID_S+38 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_7_BASE}; + + MLDSA_SIGN_CHECK_W0_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + //Make R0, CT0 and Hint_r + MLDSA_SIGN_VALID_S+40 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+41 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_0_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+42 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+43 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+44 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_0_BASE, operand3:MLDSA_HINT_R_0_BASE}; + + MLDSA_SIGN_VALID_S+45 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+46 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_1_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+47 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+48 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+49 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_1_BASE, operand3:MLDSA_HINT_R_1_BASE}; + + MLDSA_SIGN_VALID_S+50 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+51 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_2_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+52 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+53 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+54 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_2_BASE, operand3:MLDSA_HINT_R_2_BASE}; + + MLDSA_SIGN_VALID_S+55 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+56 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_3_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+57 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+58 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+59 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_3_BASE, operand3:MLDSA_HINT_R_3_BASE}; + + MLDSA_SIGN_VALID_S+60 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+61 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_4_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+62 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+63 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+64 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_4_BASE, operand3:MLDSA_HINT_R_4_BASE}; + + MLDSA_SIGN_VALID_S+65 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+66 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_5_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+67 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+68 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+69 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_5_BASE, operand3:MLDSA_HINT_R_5_BASE}; + + MLDSA_SIGN_VALID_S+70 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+71 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_6_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+72 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+73 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+74 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_6_BASE, operand3:MLDSA_HINT_R_6_BASE}; + + MLDSA_SIGN_VALID_S+75 : data_o_rom <= '{opcode:MLDSA_UOP_MASKED_PWM_INTT, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+76 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_7_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+77 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+78 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+79 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_7_BASE, operand3:MLDSA_HINT_R_7_BASE}; + + MLDSA_SIGN_CLEAR_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + MLDSA_SIGN_VALID_S+81 : data_o_rom <= '{opcode:MLDSA_UOP_MAKEHINT, imm:'h0000, length:'d00, operand1:MLDSA_HINT_R_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + MLDSA_SIGN_GEN_S : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CLEAR_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_GEN_E : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + endcase end else begin data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; diff --git a/src/mldsa_top/rtl/mldsa_top.sv b/src/mldsa_top/rtl/mldsa_top.sv index 37bd763..895120f 100644 --- a/src/mldsa_top/rtl/mldsa_top.sv +++ b/src/mldsa_top/rtl/mldsa_top.sv @@ -124,9 +124,9 @@ module mldsa_top logic [1:0] ntt_masking_en; mem_if_t w1_mem_wr_req; - logic [3:0] w1_mem_wr_data; + logic [MLDSA_MEM_W1_DATA_WIDTH-1:0] w1_mem_wr_data; mem_if_t w1_mem_rd_req; - logic [3:0] w1_mem_rd_data; + logic [MLDSA_MEM_W1_DATA_WIDTH-1:0] w1_mem_rd_data; logic decomp_msg_valid; logic [MsgWidth-1:0] decomp_msg_data[Sha3Share]; @@ -226,6 +226,11 @@ module mldsa_top mldsa_reg__in_t mldsa_reg_hwif_in; mldsa_reg__out_t mldsa_reg_hwif_out; + mem_if_t zeroize_mem; + logic zeroize_mem_we; + logic [MLDSA_MEM_ADDR_WIDTH-1:0] zeroize_mem_addr; + logic [MLDSA_MEM_DATA_WIDTH-1:0] zeroize_mem_wr_data; + `ifdef MLDSA_MASKING assign ntt_rand_bits = rand_bits[RND_W-1:6]; `else @@ -396,11 +401,18 @@ mldsa_ctrl mldsa_ctrl_inst .lfsr_enable_o(lfsr_enable), .lfsr_seed_o(lfsr_seed), + .zeroize_mem_o(zeroize_mem), + .error_intr(error_intr), .notif_intr(notif_intr), .* //custom interface connects by name ); + +always_comb zeroize_mem_we = (zeroize_mem.rd_wr_en == RW_WRITE); +always_comb zeroize_mem_addr = zeroize_mem.addr; +always_comb zeroize_mem_wr_data = '0; + logic [MsgWidth-1:0] msg_data_i[Sha3Share]; assign msg_data_i = decomp_msg_valid ? decomp_msg_data : msg_data; @@ -838,16 +850,26 @@ abr_prim_lfsr .state_o(rand_bits[RND_W-1 : LFSR_W]) ); +logic w1_mem_we; +logic [MLDSA_MEM_W1_ADDR_WIDTH-1:0] w1_mem_waddr; +logic [MLDSA_MEM_W1_DATA_WIDTH-1:0] w1_mem_wdata; + +always_comb w1_mem_we = (w1_mem_wr_req.rd_wr_en == RW_WRITE) | zeroize_mem_we; +always_comb w1_mem_waddr = ({MLDSA_MEM_W1_ADDR_WIDTH{w1_mem_we}} & w1_mem_wr_req.addr[MLDSA_MEM_W1_ADDR_WIDTH-1:0]) | + ({MLDSA_MEM_W1_ADDR_WIDTH{zeroize_mem_we}} & zeroize_mem_addr[MLDSA_MEM_W1_ADDR_WIDTH-1:0]); +always_comb w1_mem_wdata = w1_mem_wr_data | + ({MLDSA_MEM_W1_DATA_WIDTH{zeroize_mem_we}} & zeroize_mem_wr_data[MLDSA_MEM_W1_DATA_WIDTH-1:0]); + //w1 memory -`ABR_MEM_TEST(512, 4) +`ABR_MEM_TEST(512, 4) //FIXME mldsa_w1_mem_inst ( .clk_i(clk), - .we_i(w1_mem_wr_req.rd_wr_en == RW_WRITE), - .waddr_i(w1_mem_wr_req.addr[8:0]), //FIXME params - .wdata_i(w1_mem_wr_data), + .we_i(w1_mem_we), + .waddr_i(w1_mem_waddr), + .wdata_i(w1_mem_wdata), .re_i(w1_mem_rd_req.rd_wr_en == RW_READ), - .raddr_i(w1_mem_rd_req.addr[8:0]), + .raddr_i(w1_mem_rd_req.addr[MLDSA_MEM_W1_ADDR_WIDTH-1:0]), .rdata_o(w1_mem_rd_data) ); @@ -922,7 +944,7 @@ always_comb begin mldsa_mem_we0_bank[bank] = sampler_mem_we0_bank[bank] | ntt_mem_we0_bank[0][bank] | ntt_mem_we0_bank[1][bank] | decomp_mem_we0_bank[bank] | skdecode_mem_we0_bank[bank] | pkdecode_mem_we0_bank[bank] | - sigdecode_h_mem_we0_bank[bank] | sigdecode_z_mem_we0_bank[bank] ; + sigdecode_h_mem_we0_bank[bank] | sigdecode_z_mem_we0_bank[bank] | zeroize_mem_we; mldsa_mem_waddr0_bank[bank] = ({MLDSA_MEM_ADDR_WIDTH-3{sampler_mem_we0_bank[bank] }} & sampler_mem_addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{ntt_mem_we0_bank[0][bank] }} & ntt_mem_wr_req[0].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | @@ -931,7 +953,8 @@ always_comb begin ({MLDSA_MEM_ADDR_WIDTH-3{sigdecode_h_mem_we0_bank[bank] }} & sigdecode_h_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{skdecode_mem_we0_bank[bank]}} & skdecode_mem_wr_req[bank].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{pkdecode_mem_we0_bank[bank]}} & pkdecode_mem_wr_req[bank].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | - ({MLDSA_MEM_ADDR_WIDTH-3{sigdecode_z_mem_we0_bank[bank]}} & sigdecode_z_mem_wr_req[bank].addr[MLDSA_MEM_ADDR_WIDTH-4:0]); + ({MLDSA_MEM_ADDR_WIDTH-3{sigdecode_z_mem_we0_bank[bank]}} & sigdecode_z_mem_wr_req[bank].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | + ({MLDSA_MEM_ADDR_WIDTH-3{zeroize_mem_we}} & ({zeroize_mem_addr[MLDSA_MEM_ADDR_WIDTH-5:0], 1'b0})); mldsa_mem_wdata0_bank[bank] = ({MLDSA_MEM_DATA_WIDTH{sampler_mem_we0_bank[bank] }} & sampler_mem_data) | ({MLDSA_MEM_DATA_WIDTH{ntt_mem_we0_bank[0][bank] }} & ntt_mem_wr_data[0]) | @@ -940,7 +963,8 @@ always_comb begin ({MLDSA_MEM_DATA_WIDTH{sigdecode_h_mem_we0_bank[bank]}} & sigdecode_h_mem_wr_data) | ({MLDSA_MEM_DATA_WIDTH{skdecode_mem_we0_bank[bank]}} & skdecode_mem_wr_data[bank]) | ({MLDSA_MEM_DATA_WIDTH{pkdecode_mem_we0_bank[bank]}} & pkdecode_mem_wr_data[bank]) | - ({MLDSA_MEM_DATA_WIDTH{sigdecode_z_mem_we0_bank[bank]}} & sigdecode_z_mem_wr_data[bank]); + ({MLDSA_MEM_DATA_WIDTH{sigdecode_z_mem_we0_bank[bank]}} & sigdecode_z_mem_wr_data[bank]) | + ({MLDSA_MEM_DATA_WIDTH{zeroize_mem_we}} & zeroize_mem_wr_data); end end else begin sampler_mem_we[i] = sampler_mem_dv & (sampler_mem_addr[MLDSA_MEM_ADDR_WIDTH-1:MLDSA_MEM_ADDR_WIDTH-3] == i[2:0]); @@ -949,18 +973,20 @@ always_comb begin decomp_mem_we[i] = (decomp_mem_wr_req.rd_wr_en == RW_WRITE) & (decomp_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-1:MLDSA_MEM_ADDR_WIDTH-3] == i[2:0]); sigdecode_h_mem_we[i] = (sigdecode_h_mem_wr_req.rd_wr_en == RW_WRITE) & (sigdecode_h_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-1:MLDSA_MEM_ADDR_WIDTH-3] == i[2:0]); - mldsa_mem_we[i] = sampler_mem_we[i] | ntt_mem_we[0][i] | ntt_mem_we[1][i] | decomp_mem_we[i] | sigdecode_h_mem_we[i]; + mldsa_mem_we[i] = sampler_mem_we[i] | ntt_mem_we[0][i] | ntt_mem_we[1][i] | decomp_mem_we[i] | sigdecode_h_mem_we[i] | zeroize_mem_we; mldsa_mem_waddr[i] = ({MLDSA_MEM_ADDR_WIDTH-3{sampler_mem_we[i]}} & sampler_mem_addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{ntt_mem_we[0][i]}} & ntt_mem_wr_req[0].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{ntt_mem_we[1][i]}} & ntt_mem_wr_req[1].addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | ({MLDSA_MEM_ADDR_WIDTH-3{decomp_mem_we[i]}} & decomp_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | - ({MLDSA_MEM_ADDR_WIDTH-3{sigdecode_h_mem_we[i]}} & sigdecode_h_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-4:0]); + ({MLDSA_MEM_ADDR_WIDTH-3{sigdecode_h_mem_we[i]}} & sigdecode_h_mem_wr_req.addr[MLDSA_MEM_ADDR_WIDTH-4:0]) | + ({MLDSA_MEM_ADDR_WIDTH-3{zeroize_mem_we}} & zeroize_mem_addr[MLDSA_MEM_ADDR_WIDTH-4:0]); mldsa_mem_wdata[i] = ({MLDSA_MEM_DATA_WIDTH{sampler_mem_we[i]}} & sampler_mem_data) | ({MLDSA_MEM_DATA_WIDTH{ntt_mem_we[0][i]}} & ntt_mem_wr_data[0]) | ({MLDSA_MEM_DATA_WIDTH{ntt_mem_we[1][i]}} & ntt_mem_wr_data[1]) | ({MLDSA_MEM_DATA_WIDTH{decomp_mem_we[i]}} & decomp_mem_wr_data) | - ({MLDSA_MEM_DATA_WIDTH{sigdecode_h_mem_we[i]}} & sigdecode_h_mem_wr_data); + ({MLDSA_MEM_DATA_WIDTH{sigdecode_h_mem_we[i]}} & sigdecode_h_mem_wr_data) | + ({MLDSA_MEM_DATA_WIDTH{zeroize_mem_we}} & zeroize_mem_wr_data); end end end @@ -1050,6 +1076,19 @@ always_ff @(posedge clk or negedge rst_b) begin : read_mux_flops normcheck_mem_re0_bank_f <= 0; sib_mem_re_f <= 0; end + else if (zeroize_reg) begin + ntt_mem_re_f <= 0; + pwo_a_mem_re_f <= 0; + pwo_b_mem_re_f <= 0; + decomp_mem_re_f <= 0; + normcheck_mem_re_f <= 0; + ntt_mem_re0_bank_f <= 0; + pwo_a_mem_re0_bank_f <= 0; + pwo_b_mem_re0_bank_f <= 0; + decomp_mem_re0_bank_f <= 0; + normcheck_mem_re0_bank_f <= 0; + sib_mem_re_f <= 0; + end else begin ntt_mem_re_f <= ntt_mem_re; pwo_a_mem_re_f<= pwo_a_mem_re; diff --git a/src/sample_in_ball/rtl/sib_mem.sv b/src/sample_in_ball/rtl/sib_mem.sv index c7b29c5..b0ae102 100644 --- a/src/sample_in_ball/rtl/sib_mem.sv +++ b/src/sample_in_ball/rtl/sib_mem.sv @@ -21,6 +21,7 @@ module sib_mem #( ) ( input logic clk_i, + input logic rst_b, input logic zeroize, input logic [NUM_PORTS-1:0] cs_i, @@ -33,8 +34,11 @@ module sib_mem #( //storage element logic [DEPTH-1:0][DATA_WIDTH-1:0] mem; - always @(posedge clk_i) begin - if (zeroize) begin + always @(posedge clk_i or negedge rst_b) begin + if (!rst_b) begin + mem <= '0; + end + else if (zeroize) begin mem <= '0; end else begin for (int port = 0; port < NUM_PORTS; port++) begin @@ -45,12 +49,19 @@ module sib_mem #( end end - always @(posedge clk_i) begin - for (int port = 0; port < NUM_PORTS; port++) begin - if (cs_i[port] & ~we_i[port]) begin - rdata_o[port] <= mem[addr_i[port]]; - end - end + always @(posedge clk_i or negedge rst_b) begin + if (!rst_b) begin + rdata_o <= '0; + end + else if (zeroize) begin + rdata_o <= '0; + end else begin + for (int port = 0; port < NUM_PORTS; port++) begin + if (cs_i[port] & ~we_i[port]) begin + rdata_o[port] <= mem[addr_i[port]]; + end + end + end end endmodule