)]}'
{
  "commit": "21544c52bb7e46bfb77c6e8d8273395af2ea3318",
  "tree": "83e05b9d0a017bca788dd9a06fff8b2386baf011",
  "parents": [
    "706742e482d89214f13a642ccfcdad596a24a32f"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Tue Sep 30 12:47:33 2025 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Thu Oct 02 08:56:05 2025 -0700"
  },
  "message": "Rework ML-DSA modular operations\n\nMost of the uses of constant_time_lt were unnecessary and can be\nsimpler. constant_time_lt needs to perform extra operations because the\ninputs may use the full bit width of the input, but these values are\nknown to be smaller. We largely only need to select by the MSB of some\nvalues.\n\nAdd a constant_time_select_32 so we don\u0027t have to implicitly cast\nto/from int.\n\nRemove a comment about unary minus and MSVC. We do that throughout the\ncodebase already.\n\nFinally, matching the ML-KEM implementation, remove a\nvectorization-impeding value barrier. This is... disappointing, but\nseems to be a significant performance difference. Like in ML-KEM, this\nwas broadly okay except where we sample some value, where Clang was\ntempted too far into misbehaving.\n\nApple M1 Pro, Clang:\nBefore:\nDid 38824 MLDSA key generation operations in 4021430us (9654.3 ops/sec)\nDid 7950 MLDSA sign (randomized) operations in 4072620us (1952.1 ops/sec)\nDid 1163000 MLDSA parse (valid) public key operations in 4001540us (290638.1 ops/sec)\nDid 40320 MLDSA verify (valid signature) operations in 4024830us (10017.8 ops/sec)\nDid 40180 MLDSA verify (invalid signature) operations in 4009297us (10021.7 ops/sec)\nAfter:\nDid 48655 MLDSA key generation operations in 4020313us (12102.3 ops/sec) [+25.4%]\nDid 13361 MLDSA sign (randomized) operations in 4078864us (3275.7 ops/sec) [+67.8%]\nDid 1158000 MLDSA parse (valid) public key operations in 4000017us (289498.8 ops/sec) [-0.4%]\nDid 56000 MLDSA verify (valid signature) operations in 4051698us (13821.4 ops/sec) [+38.0%]\nDid 56000 MLDSA verify (invalid signature) operations in 4062468us (13784.7 ops/sec) [+37.5%]\n\nIntel(R) Xeon(R) Gold 6154 CPU @ 3.00GHz, GCC:\nBefore:\nDid 17346 MLDSA key generation operations in 4019390us (4315.6 ops/sec)\nDid 3444 MLDSA sign (randomized) operations in 4066107us (847.0 ops/sec)\nDid 494000 MLDSA parse (valid) public key operations in 4004318us (123366.8 ops/sec)\nDid 16842 MLDSA verify (valid signature) operations in 4093079us (4114.8 ops/sec)\nDid 17220 MLDSA verify (invalid signature) operations in 4089998us (4210.3 ops/sec)\nAfter:\nDid 23058 MLDSA key generation operations in 4030723us (5720.6 ops/sec) [+32.6%]\nDid 6534 MLDSA sign (randomized) operations in 4061126us (1608.9 ops/sec) [+90.0%]\nDid 494000 MLDSA parse (valid) public key operations in 4002108us (123434.9 ops/sec) [+0.1%]\nDid 26180 MLDSA verify (valid signature) operations in 4045953us (6470.7 ops/sec) [+57.3%]\nDid 25800 MLDSA verify (invalid signature) operations in 4009973us (6434.0 ops/sec) [+52.8%]\n\nIntel(R) Xeon(R) Gold 6154 CPU @ 3.00GHz, Clang:\nBefore:\nDid 17499 MLDSA key generation operations in 4059819us (4310.3 ops/sec)\nDid 3520 MLDSA sign (randomized) operations in 4070484us (864.8 ops/sec)\nDid 494000 MLDSA parse (valid) public key operations in 4003764us (123383.9 ops/sec)\nDid 16926 MLDSA verify (valid signature) operations in 4029917us (4200.1 ops/sec)\nDid 17220 MLDSA verify (invalid signature) operations in 4099146us (4200.9 ops/sec)\nAfter:\nDid 23104 MLDSA key generation operations in 4036297us (5724.1 ops/sec) [+32.8%]\nDid 6336 MLDSA sign (randomized) operations in 4006447us (1581.5 ops/sec) [+82.9%]\nDid 494000 MLDSA parse (valid) public key operations in 4005244us (123338.3 ops/sec) [-0.0%]\nDid 26460 MLDSA verify (valid signature) operations in 4081059us (6483.6 ops/sec) [+54.4%]\nDid 26120 MLDSA verify (invalid signature) operations in 4021846us (6494.5 ops/sec) [+54.6%]\n\nChange-Id: I9f010ca1dde37a306e4a207caa12ec4feb920716\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82527\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "630d77ec8c95050cc21337f7e9a4a151125ea0eb",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/mldsa/mldsa.cc.inc",
      "new_id": "f63c0b2f739d2adff19e0aca6ad8688c500117a2",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/mldsa/mldsa.cc.inc"
    },
    {
      "type": "modify",
      "old_id": "dc504b4dd34c52e9bdc244fe10fcb43a61f4147e",
      "old_mode": 33188,
      "old_path": "crypto/internal.h",
      "new_id": "30ec7df168422212e4bd7e19e178125a82329dad",
      "new_mode": 33188,
      "new_path": "crypto/internal.h"
    }
  ]
}