Implementations

We provide two variants of Picnic3-L1 implementations:

• opt: a port of the optimized C implementation which is compatible with the
  Picnic specification, modified to use less memory, so as to fit in the
  available RAM of the STM32F4 (128KB)
• masked: This is the masked implementation designed and analyzed in the paper
  Side-Channel Protections for Picnic Signatures.
  It aims to provide first order protection against probing side-channel attacks. See
  the paper for description and analysis of the countermeasures. Modify file config.h
  for selecting the masking approach (default is selective half-masking).

There are two possibilities to execute the implementations, both requiring the pqm4 framework. Copy the crypto_sign/picnic3l1 folder inside pqm4/crypto_sign, and after that:
* For x64 platforms, use the Makefile inside opt/ or masked/ to build the corresponding version.
Tests can be built and executed with make kats and by running the produced binary. Benchmarks can be executed after make bench by running the binary with instance number 7.
* For ARM Cortex-M4, the whole pqm4 functionality will be available (test, benchmarks, testvectors, etc). We refer to pqm4 for additional usage documentation.

Our formal verification scripts can be validated with maskVerif. Check the README inside crypto_sign/picnic3l1/masked/formal_verification for instructions.