Skip to content

99 verify mul #845

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1,629 commits into
base: main
Choose a base branch
from
Open

99 verify mul #845

wants to merge 1,629 commits into from

Conversation

@nelionel
Copy link

@nelionel nelionel commented Nov 10, 2025

Replaced assume(false) with actual proofs in three functions (scalar.rs):

  • mul(a, b): Scalar multiplication via two-step Montgomery reduction
  • square(self): Scalar squaring using same Montgomery pattern
  • as_montgomery(self): Convert to Montgomery form

Verification approach:

  • Treats montgomery_reduce specification as axiom (intentional)
  • Uses lemma_mul_montgomery_chain to prove ((a×b)/R × R²)/R = a×b mod L
  • Proves algorithm structure correct via modular arithmetic

Introduces 3 axioms in scalar_lemmas.rs (tested necessary):

  1. lemma_modular_cancellation_power_of_2: Number theory theorem (requires Extended Euclidean)
  2. lemma_r_value: R = 2^260 mod L (Verus by(compute_only) failed)
  3. lemma_rr_equals_r_squared: RR = R² mod L (Verus by(compute_only) failed)

Plus lemma_rr_limbs_bounded (Verus visibility workaround)

Adds vstd::arithmetic::mul import in scalar.rs for proven modular arithmetic lemmas.

astefano and others added 30 commits October 25, 2025 06:30
@astefano
remove useless lemma_add_preserves_bound
8de5324
@astefano
remove wrapper lemma_shr_mono_u64
b31ecf3
@astefano
Claude has a proof for lemma_compute_q and lemma_to_bytes_reduction
219141e 
Claude eliminated the assume from lemma_carry_propagation_is_division

no cleaning done yet, it is possible that there are redundancies, unused lemmas/asserts

Claude proposes a refactoring for lemma_carry_propagation_is_division

rm redundancies part 1

rm redundancies part 2

mv unused lemmas

simplify lemma_small_div

no more assumes in telescoping div

rm redundant lemma_u64_shr_is_div

simplify lemma_div_converse

mv div lemmas to common_verus

no assumes in lemma_to_bytes_reduction, cleaning comes next
@astefano
add blueprint for to_bytes
62d2598
@astefano
add explanation from Claude
3d57bc2
@astefano
upd verus version in toml and fix conflicts wrt main
42d11fb
@Kukovec @astefano
proof simplification using pow2_mul_general
24b2e5a
@astefano
run cargo fmt --all
f484c4e
@astefano
split to_bytes_lemmas.rs in 3 files for the 3 main lemmas
541cefc
@astefano
eliminate 2 more assumes
be7a862
@astefano
fix errors from cargo fmt --all --check
41730f0
@astefano
use a longer hash for verus version
c48f31d
@astefano
getting closer to finishing lemma_boundary_byte_combines
251a3f5
@astefano
lemma_boundary_byte_combines is finished except one assume as u8 = % 256
f2aad7c
@astefano
lemma_byte_extraction_commutes_with_mod done, remains 1 assume in to_…
b8396f4 
…bytes
@astefano
rm redundant asserts with verus-cleaner
1de8b14
@astefano
more simplifications
f9e0144
@astefano
add doc for review
3934b2a
@astefano
run cargo fmt
b26c160
@astefano
add call graph for lemma_limbs_to_bytes
2fda17b
@astefano
clean up lemma_sum_equals_byte_nat and eliminate the remaining assume
dd6d172
@astefano
remove no longer used lemma
620dc2d
@github-actions @astefano
Bot: Update count of Verus proofs/specs
7432cd7
@Kukovec @astefano
add lemma_u8_cast_is_mod_256
24684fb
@astefano
more simplifications
d2380d0
@astefano
rm broadcast use
54aef26
@astefano
fix conflicts after rebase on main
3527c14
@github-actions @astefano
Bot: Update count of Verus proofs/specs
080cc0d
@astefano
run cargo fmt
4969411
@Kukovec @astefano
https://github.com/Beneficial-AI-Foundation/dalek-lite/pull/63\#pullr…
ce23a4f 
…equestreview-3364595858
Kukovec and others added 26 commits November 5, 2025 12:35
@Kukovec
pow2k migration
15b95ee
@Kukovec
fmt
76fd905
@Kukovec
fmtskip
f863f3d
@github-actions
Bot: Update count of Verus proofs/specs
5daf0c0
@Kukovec
extra fmt call
4e9bac9
@Kukovec
pow2k proof refactor (#227)
9af61ec 
<!-- Please ensure that your PR includes the following, as needed -->

- [ ] Source code modifications **highlighted and justified**
- [ ] Proof cheats (`assume(false)`, `sorry`, etc.) **highlighted and
justified**

closes #173
@astefano
rm 2 unused lemmas
e62c7f4
@astefano
create backend_64_core
bed0a28
@github-actions @astefano
Bot: Update count of Verus proofs/specs
c882c23
@astefano
make verusfmt happy
23b1568
@astefano
rm ugly formatting from verusfmt
f2e1255
@github-actions
Bot: Update count of Verus proofs/specs
e3383bf
@astefano
La/cleanup as bytes (#226)
c1bcdcb 
<!-- Please ensure that your PR includes the following, as needed -->

- [ ] Source code modifications **highlighted and justified**
- [ ] Proof cheats (`assume(false)`, `sorry`, etc.) **highlighted and
justified**

Removes 2 unused lemmas and creates backend_u64_core.

Closes #205.
@sergiubur
Fix 'Counts Over Time' chart to better reflect latest state
3e4a1bb
@sergiubur
Improve chart info: add reference lines, labeled boxes, and module to…
ba4b8d6 
…tals
@sergiubur
Apply ruff formatting
c0e8ebc
@sergiubur
Remove pycache files
ec4c5ae
@sergiubur
Fix count over time chart (#235)
cc9d27c 
For the "Counts Over Time" chart: 

- improved visibility of latest commits: the jump to a new plateau was
not clearly visible
- excluded external body specs from green line

<!-- Please ensure that your PR includes the following, as needed -->

- [ n/a] Source code modifications **highlighted and justified**
- [ n/a] Proof cheats (`assume(false)`, `sorry`, etc.) **highlighted and
justified**
@Kukovec
format skip for readability
13c48a5
@Kukovec
mod formulation of as_bytes
4deb16a
@github-actions
Bot: Update count of Verus proofs/specs
a47403f
@Kukovec
undoc canonical
3f5e138
@Kukovec
Fixes Scalar52::as_bytes postcondition (#237)
8c3d0ac 
<!-- Please ensure that your PR includes the following, as needed -->

- [ ] Source code modifications **highlighted and justified**
- [ ] Proof cheats (`assume(false)`, `sorry`, etc.) **highlighted and
justified**

Cascades a few proofs in tolevel `scalar.rs`.

closes #183
@nelionel
Update scalar_lemmas.rs
e1aab6d 
Initial commit for solving the mul(a: &Scalar52, b: &Scalar52)
@nelionel
Update scalar_lemmas.rs
c238381 
I had some issues using that limbs_bound lemma, claude suggested that work-around.
@nelionel
Update scalar.rs
84c9fca 
Replaced assume(false) with actual proofs in three functions:
- mul(a, b): Scalar multiplication via two-step Montgomery reduction
- square(self): Scalar squaring using same Montgomery pattern
- as_montgomery(self): Convert to Montgomery form

Verification approach:
- Treats montgomery_reduce specification as axiom
- Uses lemma_mul_montgomery_chain to prove ((a×b)/R × R²)/R = a×b mod L
- Proves algorithm structure correct via modular arithmetic

Introduces 3 axioms in scalar_lemmas.rs (tested necessary):
1. lemma_modular_cancellation_power_of_2: Number theory basic result
2. lemma_r_value: R = 2^260 mod L (Verus by(compute_only) failed)
3. lemma_rr_equals_r_squared: RR = R² mod L (Verus by(compute_only) failed)

Plus lemma_rr_limbs_bounded (Verus visibility workaround)

Adds vstd::arithmetic::mul import in scalar.rs for proven modular arithmetic lemmas.
@TheodoreEhrenborg
Copy link

TheodoreEhrenborg commented Nov 10, 2025

Whoops, I think this PR should be opened against https://github.com/Beneficial-AI-Foundation/dalek-lite instead

@TheodoreEhrenborg TheodoreEhrenborg mentioned this pull request Nov 10, 2025
Open
2 tasks
@TheodoreEhrenborg
Copy link

TheodoreEhrenborg commented Nov 10, 2025

I've opened Beneficial-AI-Foundation#242

Anyone with the permissions to close this PR (i.e. #845), feel free to do so

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nelionel @TheodoreEhrenborg @astefano @Kukovec @sergiubur