nix: bump to nixpkgs 26.05 by mkannwischer · Pull Request #1711 · pq-code-package/mlkem-native

mkannwischer · 2026-05-30T08:23:06Z

Update the nixpkgs input from nixos-25.11 to nixos-26.05 and adjust the
flake to the new package set:

Default gcc changed from 14.3.0 to 15.2.0
slothy: use the new pkgs.slothy from nixpkgs instead of the custom
build; nix/slothy/default.nix now just re-exports it with a commented
override for pinning a specific upstream revision. Drops the
python3-for-slothy (unstable ortools) workaround.
hol_light: hol_light is now taken directly from nixpkgs, as I have
upstreamed a recent version and made the necessary adjustments to
make it directly usable. Similar as for slothy, we keep a separate
package to make it easier to overwrite the version in the future.
python: provide script dependencies (pyparsing, sympy, ...) via
python3.withPackages instead of bare python3Packages entries in a
symlinkJoin, which no longer reach sys.path. Fixes autogen's
"No module named 'pyparsing'".
autogen: use the snake_case pyparsing API (parse_string/parse_all) to
silence the deprecation warning from the newer pyparsing.
cbmc: bitwuzla version 0.8.2 -> 0.9.0.
autogen: Reformatted with newer ruff version
platform tests: Increase disk on x86 from 20 GiB to 30 GiB as nix derivation
does not fit anymore otherwise.
clang 18: Clang 18 from 26.05 no longer compiles on MacOS - take it from
the 24.05 channel instead.
- Resolves Nix: Update to nixpkgs 26.05 #1719

oqs-bot

Intel Xeon 4th gen (c7i)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`11895` cycles	`11697` cycles	`1.02`
`ML-KEM-512 encaps`	`13177` cycles	`13394` cycles	`0.98`
`ML-KEM-512 decaps`	`17039` cycles	`17580` cycles	`0.97`
`ML-KEM-768 keypair`	`19366` cycles	`20078` cycles	`0.96`
`ML-KEM-768 encaps`	`20648` cycles	`21670` cycles	`0.95`
`ML-KEM-768 decaps`	`26297` cycles	`27917` cycles	`0.94`
`ML-KEM-1024 keypair`	`28035` cycles	`28749` cycles	`0.98`
`ML-KEM-1024 encaps`	`30145` cycles	`30707` cycles	`0.98`
`ML-KEM-1024 decaps`	`37449` cycles	`38533` cycles	`0.97`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Mac Mini (M1, 2020) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`12320` cycles	`12325` cycles	`1.00`
`ML-KEM-512 encaps`	`14999` cycles	`15004` cycles	`1.00`
`ML-KEM-512 decaps`	`19555` cycles	`19559` cycles	`1.00`
`ML-KEM-768 keypair`	`21269` cycles	`21276` cycles	`1.00`
`ML-KEM-768 encaps`	`23866` cycles	`23883` cycles	`1.00`
`ML-KEM-768 decaps`	`30416` cycles	`30431` cycles	`1.00`
`ML-KEM-1024 keypair`	`30333` cycles	`30463` cycles	`1.00`
`ML-KEM-1024 encaps`	`34569` cycles	`34721` cycles	`1.00`
`ML-KEM-1024 decaps`	`44189` cycles	`44405` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

ppc64le (POWER10) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`70626` cycles	`59410` cycles	`1.19`
`ML-KEM-512 encaps`	`84636` cycles	`72138` cycles	`1.17`
`ML-KEM-512 decaps`	`108532` cycles	`91875` cycles	`1.18`
`ML-KEM-768 keypair`	`99071` cycles	`97619` cycles	`1.01`
`ML-KEM-768 encaps`	`115510` cycles	`114161` cycles	`1.01`
`ML-KEM-768 decaps`	`141205` cycles	`139887` cycles	`1.01`
`ML-KEM-1024 keypair`	`154005` cycles	`152571` cycles	`1.01`
`ML-KEM-1024 encaps`	`173418` cycles	`172025` cycles	`1.01`
`ML-KEM-1024 decaps`	`205417` cycles	`203748` cycles	`1.01`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Intel Xeon 4th gen (c7i) (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`27700` cycles	`28122` cycles	`0.98`
`ML-KEM-512 encaps`	`35618` cycles	`36611` cycles	`0.97`
`ML-KEM-512 decaps`	`44400` cycles	`45129` cycles	`0.98`
`ML-KEM-768 keypair`	`44233` cycles	`46311` cycles	`0.96`
`ML-KEM-768 encaps`	`55156` cycles	`55565` cycles	`0.99`
`ML-KEM-768 decaps`	`68366` cycles	`69899` cycles	`0.98`
`ML-KEM-1024 keypair`	`67946` cycles	`70308` cycles	`0.97`
`ML-KEM-1024 encaps`	`78992` cycles	`82412` cycles	`0.96`
`ML-KEM-1024 decaps`	`96295` cycles	`99469` cycles	`0.97`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

AMD EPYC 3rd gen (c6a)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`14456` cycles	`13915` cycles	`1.04`
`ML-KEM-512 encaps`	`15934` cycles	`15690` cycles	`1.02`
`ML-KEM-512 decaps`	`21334` cycles	`21255` cycles	`1.00`
`ML-KEM-768 keypair`	`23787` cycles	`23714` cycles	`1.00`
`ML-KEM-768 encaps`	`25238` cycles	`25167` cycles	`1.00`
`ML-KEM-768 decaps`	`32962` cycles	`33023` cycles	`1.00`
`ML-KEM-1024 keypair`	`33489` cycles	`33180` cycles	`1.01`
`ML-KEM-1024 encaps`	`35910` cycles	`35651` cycles	`1.01`
`ML-KEM-1024 decaps`	`46172` cycles	`46225` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'AMD EPYC 3rd gen (c6a)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`14456` cycles	`13915` cycles	`1.04`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

AMD EPYC 4th gen (c7a)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`12820` cycles	`12719` cycles	`1.01`
`ML-KEM-512 encaps`	`14218` cycles	`14192` cycles	`1.00`
`ML-KEM-512 decaps`	`18987` cycles	`19056` cycles	`1.00`
`ML-KEM-768 keypair`	`21561` cycles	`21849` cycles	`0.99`
`ML-KEM-768 encaps`	`22738` cycles	`22951` cycles	`0.99`
`ML-KEM-768 decaps`	`29712` cycles	`29927` cycles	`0.99`
`ML-KEM-1024 keypair`	`30623` cycles	`30743` cycles	`1.00`
`ML-KEM-1024 encaps`	`32717` cycles	`32865` cycles	`1.00`
`ML-KEM-1024 decaps`	`41878` cycles	`42211` cycles	`0.99`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Intel Xeon 3rd gen (c6i)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`17902` cycles	`17529` cycles	`1.02`
`ML-KEM-512 encaps`	`20093` cycles	`19948` cycles	`1.01`
`ML-KEM-512 decaps`	`26598` cycles	`26553` cycles	`1.00`
`ML-KEM-768 keypair`	`30013` cycles	`30898` cycles	`0.97`
`ML-KEM-768 encaps`	`33316` cycles	`31293` cycles	`1.06`
`ML-KEM-768 decaps`	`41436` cycles	`41743` cycles	`0.99`
`ML-KEM-1024 keypair`	`42925` cycles	`42502` cycles	`1.01`
`ML-KEM-1024 encaps`	`44968` cycles	`46208` cycles	`0.97`
`ML-KEM-1024 decaps`	`58031` cycles	`59600` cycles	`0.97`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Intel Xeon 3rd gen (c6i)'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-768 encaps`	`33316` cycles	`31293` cycles	`1.06`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

AMD EPYC 4th gen (c7a) (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`37035` cycles	`36626` cycles	`1.01`
`ML-KEM-512 encaps`	`42845` cycles	`43097` cycles	`0.99`
`ML-KEM-512 decaps`	`55602` cycles	`55728` cycles	`1.00`
`ML-KEM-768 keypair`	`58009` cycles	`58701` cycles	`0.99`
`ML-KEM-768 encaps`	`66916` cycles	`67571` cycles	`0.99`
`ML-KEM-768 decaps`	`83592` cycles	`84486` cycles	`0.99`
`ML-KEM-1024 keypair`	`88555` cycles	`89061` cycles	`0.99`
`ML-KEM-1024 encaps`	`99065` cycles	`99303` cycles	`1.00`
`ML-KEM-1024 decaps`	`120553` cycles	`120896` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

AMD EPYC 3rd gen (c6a) (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`40258` cycles	`40294` cycles	`1.00`
`ML-KEM-512 encaps`	`48383` cycles	`48431` cycles	`1.00`
`ML-KEM-512 decaps`	`62051` cycles	`62627` cycles	`0.99`
`ML-KEM-768 keypair`	`62834` cycles	`63745` cycles	`0.99`
`ML-KEM-768 encaps`	`75321` cycles	`74964` cycles	`1.00`
`ML-KEM-768 decaps`	`92278` cycles	`93665` cycles	`0.99`
`ML-KEM-1024 keypair`	`94977` cycles	`95142` cycles	`1.00`
`ML-KEM-1024 encaps`	`110242` cycles	`109342` cycles	`1.01`
`ML-KEM-1024 decaps`	`132502` cycles	`132124` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton4

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`17669` cycles	`17644` cycles	`1.00`
`ML-KEM-512 encaps`	`20544` cycles	`20595` cycles	`1.00`
`ML-KEM-512 decaps`	`26997` cycles	`27068` cycles	`1.00`
`ML-KEM-768 keypair`	`29864` cycles	`29904` cycles	`1.00`
`ML-KEM-768 encaps`	`32682` cycles	`32769` cycles	`1.00`
`ML-KEM-768 decaps`	`41910` cycles	`41963` cycles	`1.00`
`ML-KEM-1024 keypair`	`43768` cycles	`43741` cycles	`1.00`
`ML-KEM-1024 encaps`	`48612` cycles	`48732` cycles	`1.00`
`ML-KEM-1024 decaps`	`61404` cycles	`61383` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Intel Xeon 3rd gen (c6i) (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`46810` cycles	`46222` cycles	`1.01`
`ML-KEM-512 encaps`	`55611` cycles	`54864` cycles	`1.01`
`ML-KEM-512 decaps`	`71207` cycles	`70613` cycles	`1.01`
`ML-KEM-768 keypair`	`74446` cycles	`75155` cycles	`0.99`
`ML-KEM-768 encaps`	`85970` cycles	`87045` cycles	`0.99`
`ML-KEM-768 decaps`	`107208` cycles	`107960` cycles	`0.99`
`ML-KEM-1024 keypair`	`111421` cycles	`113795` cycles	`0.98`
`ML-KEM-1024 encaps`	`126170` cycles	`126226` cycles	`1.00`
`ML-KEM-1024 decaps`	`152294` cycles	`152759` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton4 (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`35228` cycles	`35409` cycles	`0.99`
`ML-KEM-512 encaps`	`40043` cycles	`40111` cycles	`1.00`
`ML-KEM-512 decaps`	`50567` cycles	`51134` cycles	`0.99`
`ML-KEM-768 keypair`	`56693` cycles	`56672` cycles	`1.00`
`ML-KEM-768 encaps`	`64089` cycles	`65146` cycles	`0.98`
`ML-KEM-768 decaps`	`78429` cycles	`79297` cycles	`0.99`
`ML-KEM-1024 keypair`	`87315` cycles	`87864` cycles	`0.99`
`ML-KEM-1024 encaps`	`96612` cycles	`96877` cycles	`1.00`
`ML-KEM-1024 decaps`	`114938` cycles	`115822` cycles	`0.99`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton3

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`18662` cycles	`18639` cycles	`1.00`
`ML-KEM-512 encaps`	`21845` cycles	`21877` cycles	`1.00`
`ML-KEM-512 decaps`	`28832` cycles	`28870` cycles	`1.00`
`ML-KEM-768 keypair`	`31526` cycles	`31542` cycles	`1.00`
`ML-KEM-768 encaps`	`34749` cycles	`34776` cycles	`1.00`
`ML-KEM-768 decaps`	`44773` cycles	`44781` cycles	`1.00`
`ML-KEM-1024 keypair`	`46180` cycles	`46075` cycles	`1.00`
`ML-KEM-1024 encaps`	`51407` cycles	`51489` cycles	`1.00`
`ML-KEM-1024 decaps`	`64993` cycles	`65015` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton3 (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`38824` cycles	`38892` cycles	`1.00`
`ML-KEM-512 encaps`	`44464` cycles	`44597` cycles	`1.00`
`ML-KEM-512 decaps`	`56092` cycles	`56673` cycles	`0.99`
`ML-KEM-768 keypair`	`62345` cycles	`62301` cycles	`1.00`
`ML-KEM-768 encaps`	`70576` cycles	`72319` cycles	`0.98`
`ML-KEM-768 decaps`	`86235` cycles	`87695` cycles	`0.98`
`ML-KEM-1024 keypair`	`95774` cycles	`96161` cycles	`1.00`
`ML-KEM-1024 encaps`	`106020` cycles	`106134` cycles	`1.00`
`ML-KEM-1024 decaps`	`126093` cycles	`126585` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Arm Cortex-A55 (Snapdragon 888) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`59809` cycles	`59719` cycles	`1.00`
`ML-KEM-512 encaps`	`67487` cycles	`67473` cycles	`1.00`
`ML-KEM-512 decaps`	`86464` cycles	`86030` cycles	`1.01`
`ML-KEM-768 keypair`	`97496` cycles	`97410` cycles	`1.00`
`ML-KEM-768 encaps`	`110942` cycles	`110906` cycles	`1.00`
`ML-KEM-768 decaps`	`138214` cycles	`137825` cycles	`1.00`
`ML-KEM-1024 keypair`	`154413` cycles	`154686` cycles	`1.00`
`ML-KEM-1024 encaps`	`172359` cycles	`171546` cycles	`1.00`
`ML-KEM-1024 decaps`	`208758` cycles	`207891` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton2

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`28203` cycles	`28270` cycles	`1.00`
`ML-KEM-512 encaps`	`34044` cycles	`34121` cycles	`1.00`
`ML-KEM-512 decaps`	`44480` cycles	`44375` cycles	`1.00`
`ML-KEM-768 keypair`	`47617` cycles	`47672` cycles	`1.00`
`ML-KEM-768 encaps`	`53835` cycles	`53905` cycles	`1.00`
`ML-KEM-768 decaps`	`68494` cycles	`68358` cycles	`1.00`
`ML-KEM-1024 keypair`	`70152` cycles	`70258` cycles	`1.00`
`ML-KEM-1024 encaps`	`78659` cycles	`78750` cycles	`1.00`
`ML-KEM-1024 decaps`	`98352` cycles	`98444` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Graviton2 (no-opt)

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`58729` cycles	`59148` cycles	`0.99`
`ML-KEM-512 encaps`	`68561` cycles	`68646` cycles	`1.00`
`ML-KEM-512 decaps`	`87410` cycles	`87362` cycles	`1.00`
`ML-KEM-768 keypair`	`94887` cycles	`95351` cycles	`1.00`
`ML-KEM-768 encaps`	`109235` cycles	`109904` cycles	`0.99`
`ML-KEM-768 decaps`	`134237` cycles	`134370` cycles	`1.00`
`ML-KEM-1024 keypair`	`151178` cycles	`147952` cycles	`1.02`
`ML-KEM-1024 encaps`	`165299` cycles	`163869` cycles	`1.01`
`ML-KEM-1024 decaps`	`199240` cycles	`195549` cycles	`1.02`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Arm Cortex-A76 (Raspberry Pi 5) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`28243` cycles	`28228` cycles	`1.00`
`ML-KEM-512 encaps`	`34083` cycles	`34115` cycles	`1.00`
`ML-KEM-512 decaps`	`44439` cycles	`44351` cycles	`1.00`
`ML-KEM-768 keypair`	`47617` cycles	`47627` cycles	`1.00`
`ML-KEM-768 encaps`	`53791` cycles	`53958` cycles	`1.00`
`ML-KEM-768 decaps`	`68471` cycles	`68394` cycles	`1.00`
`ML-KEM-1024 keypair`	`70245` cycles	`70267` cycles	`1.00`
`ML-KEM-1024 encaps`	`78715` cycles	`78749` cycles	`1.00`
`ML-KEM-1024 decaps`	`98303` cycles	`98471` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

mkannwischer · 2026-05-30T09:14:39Z

          devShells.linter = util.mkShellNoCC {
            packages = builtins.attrValues { inherit (config.packages) linters; };
          };
-          devShells.clang18 = util.mkShellWithCC' pkgs.clang_18;


Note that this compiler is not removed - it's just sourced from another channel (as it does not work on MacOS from the 26.05 channel) and, hence, moved to nix/legacy/

oqs-bot · 2026-05-30T09:20:37Z

CBMC Results (ML-KEM-1024)

⚠️ Attention Required

Proof	Status	Current	Previous	Change
`mlk_poly_reduce_native`	⚠️	38s	19s	+100%
`mlk_poly_rej_uniform`	⚠️	141s	30s	+370%

Full Results (191 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	1427s	1200s	+18.9%
`mlk_rej_uniform_c`	✅	156s	125s	+25%
`mlk_indcpa_enc`	✅	153s	135s	+13%
`mlk_poly_rej_uniform`	⚠️	141s	30s	+370%
`mlk_indcpa_keypair_derand`	✅	130s	116s	+12%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	77s	69s	+12%
`mlk_poly_reduce_native`	⚠️	38s	19s	+100%
`poly_ntt_native`	✅	37s	27s	+37%
`mlk_ntt_layer`	✅	35s	32s	+9%
`polyvec_basemul_acc_montgomery_cached_native`	✅	31s	39s	-21%
`mlk_keccak_squeezeblocks_x4`	✅	25s	26s	-4%
`mlk_poly_decompress_d11_native`	✅	17s	16s	+6%
`mlk_poly_decompress_d5_native`	✅	17s	13s	+31%
`keccakf1600x4_permute_native_x4`	✅	16s	16s	+0%
`mlk_fqmul`	✅	15s	17s	-12%
`mlk_poly_frombytes_native`	✅	12s	7s	+71%
`mlk_poly_frommsg`	✅	12s	8s	+50%
`mlk_polyvec_add`	✅	12s	11s	+9%
`mlk_indcpa_dec`	✅	9s	8s	+12%
`mlk_ntt_butterfly_block`	✅	9s	6s	+50%
`mlk_keccak_squeeze_once`	✅	8s	8s	+0%
`mlk_keccak_squeezeblocks`	✅	8s	9s	-11%
`mlk_poly_rej_uniform_x4`	✅	8s	8s	+0%
`mlk_polymat_permute_bitrev_to_custom`	✅	8s	6s	+33%
`mlk_invntt_layer`	✅	7s	4s	+75%
`poly_compress_d4_native_x86_64`	✅	7s	2s	+250%
`poly_decompress_d11_native_x86_64`	✅	7s	4s	+75%
`kem_enc_derand`	✅	6s	5s	+20%
`mlk_gen_matrix_serial`	✅	6s	6s	+0%
`mlk_keccak_absorb_once_x4`	✅	6s	7s	-14%
`mlk_keccakf1600_permute_c`	✅	6s	6s	+0%
`mlk_poly_compress_d11_c`	✅	6s	4s	+50%
`mlk_poly_ntt`	✅	6s	6s	+0%
`mlk_shake128_squeezeblocks`	✅	6s	1s	+500%
`rej_uniform_native_aarch64`	✅	6s	5s	+20%
`kem_check_pk`	✅	5s	3s	+67%
`mlk_poly_frombytes_c`	✅	5s	2s	+150%
`mlk_poly_getnoise_eta2`	✅	5s	3s	+67%
`mlk_scalar_compress_d1`	✅	5s	2s	+150%
`poly_decompress_d5_native_x86_64`	✅	5s	5s	+0%
`keccak_f1600_x1_native_aarch64`	✅	4s	2s	+100%
`keccakf1600_permute_native`	✅	4s	3s	+33%
`kem_dec`	✅	4s	5s	-20%
`mlk_ct_sel_int16`	✅	4s	1s	+300%
`mlk_enc_getnoise_eta1_eta2`	✅	4s	2s	+100%
`mlk_gen_matrix`	✅	4s	4s	+0%
`mlk_keccak_absorb_once`	✅	4s	3s	+33%
`mlk_keccakf1600x4_extract_bytes`	✅	4s	1s	+300%
`mlk_keccakf1600x4_xor_bytes`	✅	4s	2s	+100%
`mlk_matvec_mul`	✅	4s	3s	+33%
`mlk_poly_cbd_eta1`	✅	4s	4s	+0%
`mlk_poly_compress_d4_c`	✅	4s	4s	+0%
`mlk_poly_decompress_d11_c`	✅	4s	1s	+300%
`mlk_poly_invntt_tomont_c`	✅	4s	3s	+33%
`mlk_poly_ntt_c`	✅	4s	3s	+33%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	4s	4s	+0%
`mlk_polyvec_decompress_du`	✅	4s	5s	-20%
`mlk_polyvec_mulcache_compute`	✅	4s	4s	+0%
`mlk_polyvec_ntt`	✅	4s	3s	+33%
`mlk_polyvec_permute_bitrev_to_custom`	✅	4s	3s	+33%
`mlk_shake256x4`	✅	4s	4s	+0%
`poly_frombytes_native_x86_64`	✅	4s	5s	-20%
`poly_mulcache_compute_native_aarch64`	✅	4s	3s	+33%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	4s	2s	+100%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	4s	3s	+33%
`rej_uniform_native_x86_64`	✅	4s	5s	-20%
`intt_native_x86_64`	✅	3s	3s	+0%
`keccak_f1600_x1_native_aarch64_v84a`	✅	3s	2s	+50%
`keccakf1600x4_xor_bytes_native`	✅	3s	1s	+200%
`kem_check_sk`	✅	3s	2s	+50%
`kem_keypair_derand`	✅	3s	4s	-25%
`mlk_ct_cmov_zero`	✅	3s	3s	+0%
`mlk_keccakf1600x4_permute`	✅	3s	3s	+0%
`mlk_poly_cbd_eta2`	✅	3s	4s	-25%
`mlk_poly_compress_d10_native`	✅	3s	2s	+50%
`mlk_poly_compress_d5_c`	✅	3s	2s	+50%
`mlk_poly_compress_dv`	✅	3s	2s	+50%
`mlk_poly_decompress_d5`	✅	3s	4s	-25%
`mlk_poly_frombytes`	✅	3s	1s	+200%
`mlk_poly_getnoise_eta1122_4x`	✅	3s	2s	+50%
`mlk_poly_invntt_tomont`	✅	3s	3s	+0%
`mlk_poly_mulcache_compute_c`	✅	3s	2s	+50%
`mlk_poly_mulcache_compute_native`	✅	3s	3s	+0%
`mlk_poly_sub`	✅	3s	2s	+50%
`mlk_poly_tobytes`	✅	3s	2s	+50%
`mlk_poly_tobytes_c`	✅	3s	2s	+50%
`mlk_poly_tomont`	✅	3s	2s	+50%
`mlk_poly_tomont_native`	✅	3s	3s	+0%
`mlk_polyvec_frombytes`	✅	3s	3s	+0%
`mlk_scalar_compress_d4`	✅	3s	1s	+200%
`mlk_scalar_decompress_d11`	✅	3s	1s	+200%
`mlk_shake128x4_absorb_once`	✅	3s	2s	+50%
`mlk_value_barrier_u8`	✅	3s	3s	+0%
`ntt_native_x86_64`	✅	3s	3s	+0%
`nttunpack_native_x86_64`	✅	3s	3s	+0%
`poly_decompress_d10_native_x86_64`	✅	3s	3s	+0%
`poly_getnoise_eta1122_4x_native`	✅	3s	1s	+200%
`poly_invntt_tomont_native`	✅	3s	6s	-50%
`poly_reduce_native_x86_64`	✅	3s	4s	-25%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	3s	3s	+0%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	3s	1s	+200%
`rej_uniform_native`	✅	3s	4s	-25%
`keccak_f1600_x4_native_aarch64_v84a`	✅	2s	2s	+0%
`keccak_f1600_x4_native_avx2`	✅	2s	1s	+100%
`kem_enc`	✅	2s	3s	-33%
`kem_keypair`	✅	2s	2s	+0%
`mlk_barrett_reduce`	✅	2s	3s	-33%
`mlk_check_pct`	✅	2s	3s	-33%
`mlk_ct_cmask_nonzero_u8`	✅	2s	3s	-33%
`mlk_ct_get_optblocker_u32`	✅	2s	2s	+0%
`mlk_ct_sel_uint8`	✅	2s	1s	+100%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	2s	2s	+0%
`mlk_keccakf1600x4_xor_bytes_c`	✅	2s	3s	-33%
`mlk_montgomery_reduce`	✅	2s	3s	-33%
`mlk_poly_add`	✅	2s	1s	+100%
`mlk_poly_compress_d11`	✅	2s	3s	-33%
`mlk_poly_compress_d11_native`	✅	2s	2s	+0%
`mlk_poly_compress_d4`	✅	2s	1s	+100%
`mlk_poly_compress_d5`	✅	2s	3s	-33%
`mlk_poly_compress_du`	✅	2s	1s	+100%
`mlk_poly_decompress_d10`	✅	2s	2s	+0%
`mlk_poly_decompress_d10_c`	✅	2s	2s	+0%
`mlk_poly_decompress_d4`	✅	2s	4s	-50%
`mlk_poly_decompress_d4_native`	✅	2s	4s	-50%
`mlk_poly_decompress_d5_c`	✅	2s	1s	+100%
`mlk_poly_getnoise_eta1_4x`	✅	2s	3s	-33%
`mlk_poly_mulcache_compute`	✅	2s	2s	+0%
`mlk_poly_reduce`	✅	2s	1s	+100%
`mlk_poly_reduce_c`	✅	2s	3s	-33%
`mlk_poly_tobytes_native`	✅	2s	2s	+0%
`mlk_poly_tomont_c`	✅	2s	3s	-33%
`mlk_poly_tomsg`	✅	2s	3s	-33%
`mlk_polyvec_compress_du`	✅	2s	1s	+100%
`mlk_polyvec_invntt_tomont`	✅	2s	2s	+0%
`mlk_polyvec_reduce`	✅	2s	3s	-33%
`mlk_polyvec_tomont`	✅	2s	2s	+0%
`mlk_rej_uniform`	✅	2s	2s	+0%
`mlk_scalar_compress_d11`	✅	2s	3s	-33%
`mlk_scalar_compress_d5`	✅	2s	1s	+100%
`mlk_scalar_decompress_d4`	✅	2s	1s	+100%
`mlk_scalar_decompress_d5`	✅	2s	2s	+0%
`mlk_scalar_signed_to_unsigned_q`	✅	2s	1s	+100%
`mlk_sha3_256`	✅	2s	1s	+100%
`mlk_sha3_512`	✅	2s	2s	+0%
`mlk_shake128x4_squeezeblocks`	✅	2s	2s	+0%
`mlk_shake256`	✅	2s	1s	+100%
`mlk_value_barrier_i32`	✅	2s	2s	+0%
`ntt_native_aarch64`	✅	2s	2s	+0%
`poly_compress_d11_native_x86_64`	✅	2s	3s	-33%
`poly_compress_d5_native_x86_64`	✅	2s	2s	+0%
`poly_decompress_d4_native_x86_64`	✅	2s	3s	-33%
`poly_reduce_native_aarch64`	✅	2s	2s	+0%
`poly_tobytes_native_x86_64`	✅	2s	2s	+0%
`poly_tomont_native_aarch64`	✅	2s	2s	+0%
`poly_tomont_native_x86_64`	✅	2s	5s	-60%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	2s	1s	+100%
`sys_check_capability`	✅	2s	3s	-33%
`intt_native_aarch64`	✅	1s	3s	-67%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	1s	2s	-50%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	1s	3s	-67%
`keccakf1600x4_extract_bytes_native`	✅	1s	3s	-67%
`mlk_ct_cmask_neg_i16`	✅	1s	5s	-80%
`mlk_ct_cmask_nonzero_u16`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_i32`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_u8`	✅	1s	2s	-50%
`mlk_ct_memcmp`	✅	1s	4s	-75%
`mlk_keccakf1600_extract_bytes`	✅	1s	3s	-67%
`mlk_keccakf1600_permute`	✅	1s	3s	-67%
`mlk_keccakf1600_xor_bytes`	✅	1s	4s	-75%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	1s	1s	+0%
`mlk_keccakf1600x4_extract_bytes_c`	✅	1s	4s	-75%
`mlk_keypair_getnoise_eta1`	✅	1s	3s	-67%
`mlk_poly_compress_d10`	✅	1s	4s	-75%
`mlk_poly_compress_d10_c`	✅	1s	3s	-67%
`mlk_poly_compress_d4_native`	✅	1s	3s	-67%
`mlk_poly_compress_d5_native`	✅	1s	1s	+0%
`mlk_poly_decompress_d10_native`	✅	1s	2s	-50%
`mlk_poly_decompress_d11`	✅	1s	2s	-50%
`mlk_poly_decompress_d4_c`	✅	1s	1s	+0%
`mlk_poly_decompress_du`	✅	1s	2s	-50%
`mlk_poly_decompress_dv`	✅	1s	2s	-50%
`mlk_poly_getnoise_eta1_4x_native`	✅	1s	4s	-75%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	1s	3s	-67%
`mlk_polyvec_tobytes`	✅	1s	2s	-50%
`mlk_scalar_compress_d10`	✅	1s	2s	-50%
`mlk_scalar_decompress_d10`	✅	1s	2s	-50%
`mlk_shake128_absorb_once`	✅	1s	1s	+0%
`mlk_value_barrier_u32`	✅	1s	4s	-75%
`poly_compress_d10_native_x86_64`	✅	1s	2s	-50%
`poly_mulcache_compute_native_x86_64`	✅	1s	2s	-50%
`poly_tobytes_native_aarch64`	✅	1s	2s	-50%

oqs-bot · 2026-05-30T09:21:40Z

CBMC Results (ML-KEM-512)

⚠️ Attention Required

Proof	Status	Current	Previous	Change
`mlk_poly_rej_uniform`	⚠️	152s	36s	+322%

Full Results (191 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	1420s	1608s	-11.7%
`mlk_indcpa_keypair_derand`	✅	239s	310s	-23%
`mlk_poly_rej_uniform`	⚠️	152s	36s	+322%
`mlk_indcpa_enc`	✅	149s	200s	-26%
`mlk_rej_uniform_c`	✅	113s	182s	-38%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	53s	75s	-29%
`poly_ntt_native`	✅	41s	32s	+28%
`mlk_poly_reduce_native`	✅	34s	24s	+42%
`mlk_ntt_layer`	✅	33s	52s	-37%
`mlk_keccak_squeezeblocks_x4`	✅	27s	35s	-23%
`keccakf1600x4_permute_native_x4`	✅	16s	17s	-6%
`mlk_fqmul`	✅	16s	21s	-24%
`mlk_indcpa_dec`	✅	16s	18s	-11%
`mlk_poly_decompress_d4_native`	✅	14s	18s	-22%
`mlk_poly_decompress_d10_native`	✅	12s	16s	-25%
`mlk_polyvec_add`	✅	12s	14s	-14%
`mlk_poly_frommsg`	✅	10s	13s	-23%
`mlk_keccak_squeezeblocks`	✅	8s	9s	-11%
`mlk_ntt_butterfly_block`	✅	8s	11s	-27%
`kem_check_pk`	✅	7s	4s	+75%
`mlk_keccak_squeeze_once`	✅	7s	10s	-30%
`mlk_poly_frombytes_native`	✅	7s	12s	-42%
`mlk_poly_ntt`	✅	7s	11s	-36%
`mlk_keccak_absorb_once_x4`	✅	6s	8s	-25%
`mlk_poly_rej_uniform_x4`	✅	6s	10s	-40%
`poly_decompress_d4_native_x86_64`	✅	6s	7s	-14%
`polyvec_basemul_acc_montgomery_cached_native`	✅	6s	7s	-14%
`intt_native_x86_64`	✅	5s	1s	+400%
`kem_enc_derand`	✅	5s	2s	+150%
`mlk_keccak_absorb_once`	✅	5s	4s	+25%
`mlk_poly_tomsg`	✅	5s	1s	+400%
`mlk_scalar_decompress_d5`	✅	5s	3s	+67%
`poly_decompress_d10_native_x86_64`	✅	5s	5s	+0%
`poly_decompress_d5_native_x86_64`	✅	5s	4s	+25%
`poly_frombytes_native_x86_64`	✅	5s	4s	+25%
`rej_uniform_native_x86_64`	✅	5s	7s	-29%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	4s	1s	+300%
`kem_dec`	✅	4s	4s	+0%
`mlk_ct_memcmp`	✅	4s	4s	+0%
`mlk_gen_matrix`	✅	4s	3s	+33%
`mlk_invntt_layer`	✅	4s	6s	-33%
`mlk_keccakf1600_permute_c`	✅	4s	5s	-20%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	4s	1s	+300%
`mlk_keypair_getnoise_eta1`	✅	4s	3s	+33%
`mlk_poly_cbd_eta2`	✅	4s	7s	-43%
`mlk_poly_compress_dv`	✅	4s	2s	+100%
`mlk_poly_decompress_d10_c`	✅	4s	1s	+300%
`mlk_poly_decompress_d4`	✅	4s	2s	+100%
`mlk_poly_decompress_d5_c`	✅	4s	1s	+300%
`mlk_poly_getnoise_eta1_4x`	✅	4s	4s	+0%
`mlk_poly_mulcache_compute_c`	✅	4s	5s	-20%
`mlk_poly_mulcache_compute_native`	✅	4s	2s	+100%
`mlk_poly_ntt_c`	✅	4s	4s	+0%
`mlk_poly_tomont_native`	✅	4s	3s	+33%
`mlk_polymat_permute_bitrev_to_custom`	✅	4s	4s	+0%
`mlk_shake128x4_absorb_once`	✅	4s	4s	+0%
`mlk_shake256x4`	✅	4s	5s	-20%
`ntt_native_aarch64`	✅	4s	2s	+100%
`nttunpack_native_x86_64`	✅	4s	4s	+0%
`poly_decompress_d11_native_x86_64`	✅	4s	4s	+0%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	4s	4s	+0%
`kem_check_sk`	✅	3s	3s	+0%
`kem_enc`	✅	3s	4s	-25%
`kem_keypair_derand`	✅	3s	3s	+0%
`mlk_ct_sel_uint8`	✅	3s	4s	-25%
`mlk_keccakf1600_extract_bytes`	✅	3s	3s	+0%
`mlk_keccakf1600_xor_bytes`	✅	3s	2s	+50%
`mlk_keccakf1600x4_extract_bytes`	✅	3s	2s	+50%
`mlk_keccakf1600x4_extract_bytes_c`	✅	3s	3s	+0%
`mlk_montgomery_reduce`	✅	3s	6s	-50%
`mlk_poly_cbd_eta1`	✅	3s	4s	-25%
`mlk_poly_compress_d4_c`	✅	3s	4s	-25%
`mlk_poly_compress_d5_c`	✅	3s	1s	+200%
`mlk_poly_compress_du`	✅	3s	2s	+50%
`mlk_poly_decompress_d10`	✅	3s	2s	+50%
`mlk_poly_decompress_d5`	✅	3s	3s	+0%
`mlk_poly_decompress_d5_native`	✅	3s	2s	+50%
`mlk_poly_decompress_du`	✅	3s	2s	+50%
`mlk_poly_getnoise_eta1122_4x`	✅	3s	4s	-25%
`mlk_poly_getnoise_eta1_4x_native`	✅	3s	3s	+0%
`mlk_poly_getnoise_eta2`	✅	3s	3s	+0%
`mlk_poly_mulcache_compute`	✅	3s	3s	+0%
`mlk_poly_reduce`	✅	3s	4s	-25%
`mlk_poly_tomont`	✅	3s	2s	+50%
`mlk_polyvec_compress_du`	✅	3s	5s	-40%
`mlk_polyvec_invntt_tomont`	✅	3s	2s	+50%
`mlk_polyvec_mulcache_compute`	✅	3s	2s	+50%
`mlk_polyvec_ntt`	✅	3s	4s	-25%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	3s	3s	+0%
`mlk_polyvec_tomont`	✅	3s	5s	-40%
`mlk_scalar_compress_d1`	✅	3s	1s	+200%
`mlk_scalar_compress_d10`	✅	3s	2s	+50%
`mlk_scalar_decompress_d4`	✅	3s	3s	+0%
`mlk_value_barrier_u8`	✅	3s	2s	+50%
`poly_invntt_tomont_native`	✅	3s	3s	+0%
`poly_mulcache_compute_native_aarch64`	✅	3s	4s	-25%
`poly_tobytes_native_aarch64`	✅	3s	1s	+200%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	3s	1s	+200%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	3s	1s	+200%
`rej_uniform_native`	✅	3s	5s	-40%
`intt_native_aarch64`	✅	2s	2s	+0%
`keccak_f1600_x1_native_aarch64_v84a`	✅	2s	1s	+100%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	2s	2s	+0%
`keccakf1600x4_extract_bytes_native`	✅	2s	2s	+0%
`keccakf1600x4_xor_bytes_native`	✅	2s	2s	+0%
`mlk_check_pct`	✅	2s	3s	-33%
`mlk_ct_cmask_neg_i16`	✅	2s	2s	+0%
`mlk_ct_cmask_nonzero_u16`	✅	2s	2s	+0%
`mlk_ct_cmov_zero`	✅	2s	4s	-50%
`mlk_ct_get_optblocker_i32`	✅	2s	2s	+0%
`mlk_ct_get_optblocker_u8`	✅	2s	1s	+100%
`mlk_ct_sel_int16`	✅	2s	4s	-50%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	2s	1s	+100%
`mlk_keccakf1600x4_permute`	✅	2s	4s	-50%
`mlk_keccakf1600x4_xor_bytes`	✅	2s	1s	+100%
`mlk_keccakf1600x4_xor_bytes_c`	✅	2s	2s	+0%
`mlk_matvec_mul`	✅	2s	4s	-50%
`mlk_poly_add`	✅	2s	1s	+100%
`mlk_poly_compress_d10`	✅	2s	2s	+0%
`mlk_poly_compress_d10_c`	✅	2s	3s	-33%
`mlk_poly_compress_d11_c`	✅	2s	2s	+0%
`mlk_poly_compress_d11_native`	✅	2s	3s	-33%
`mlk_poly_compress_d4`	✅	2s	3s	-33%
`mlk_poly_compress_d5`	✅	2s	2s	+0%
`mlk_poly_decompress_d11`	✅	2s	3s	-33%
`mlk_poly_decompress_d11_c`	✅	2s	3s	-33%
`mlk_poly_decompress_dv`	✅	2s	3s	-33%
`mlk_poly_frombytes`	✅	2s	3s	-33%
`mlk_poly_frombytes_c`	✅	2s	1s	+100%
`mlk_poly_invntt_tomont`	✅	2s	1s	+100%
`mlk_poly_invntt_tomont_c`	✅	2s	3s	-33%
`mlk_poly_reduce_c`	✅	2s	1s	+100%
`mlk_poly_sub`	✅	2s	1s	+100%
`mlk_poly_tobytes_c`	✅	2s	1s	+100%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	2s	2s	+0%
`mlk_polyvec_decompress_du`	✅	2s	3s	-33%
`mlk_polyvec_frombytes`	✅	2s	4s	-50%
`mlk_polyvec_reduce`	✅	2s	2s	+0%
`mlk_scalar_compress_d5`	✅	2s	3s	-33%
`mlk_scalar_decompress_d10`	✅	2s	2s	+0%
`mlk_scalar_signed_to_unsigned_q`	✅	2s	2s	+0%
`mlk_sha3_512`	✅	2s	2s	+0%
`mlk_shake128x4_squeezeblocks`	✅	2s	3s	-33%
`mlk_shake256`	✅	2s	1s	+100%
`mlk_value_barrier_i32`	✅	2s	4s	-50%
`ntt_native_x86_64`	✅	2s	1s	+100%
`poly_compress_d11_native_x86_64`	✅	2s	3s	-33%
`poly_compress_d4_native_x86_64`	✅	2s	2s	+0%
`poly_compress_d5_native_x86_64`	✅	2s	3s	-33%
`poly_getnoise_eta1122_4x_native`	✅	2s	2s	+0%
`poly_reduce_native_aarch64`	✅	2s	3s	-33%
`poly_reduce_native_x86_64`	✅	2s	2s	+0%
`poly_tobytes_native_x86_64`	✅	2s	4s	-50%
`poly_tomont_native_aarch64`	✅	2s	6s	-67%
`poly_tomont_native_x86_64`	✅	2s	3s	-33%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	2s	2s	+0%
`rej_uniform_native_aarch64`	✅	2s	5s	-60%
`keccak_f1600_x1_native_aarch64`	✅	1s	2s	-50%
`keccak_f1600_x4_native_aarch64_v84a`	✅	1s	1s	+0%
`keccak_f1600_x4_native_avx2`	✅	1s	2s	-50%
`keccakf1600_permute_native`	✅	1s	2s	-50%
`kem_keypair`	✅	1s	3s	-67%
`mlk_barrett_reduce`	✅	1s	1s	+0%
`mlk_ct_cmask_nonzero_u8`	✅	1s	1s	+0%
`mlk_ct_get_optblocker_u32`	✅	1s	5s	-80%
`mlk_enc_getnoise_eta1_eta2`	✅	1s	4s	-75%
`mlk_gen_matrix_serial`	✅	1s	1s	+0%
`mlk_keccakf1600_permute`	✅	1s	2s	-50%
`mlk_poly_compress_d10_native`	✅	1s	4s	-75%
`mlk_poly_compress_d11`	✅	1s	3s	-67%
`mlk_poly_compress_d4_native`	✅	1s	3s	-67%
`mlk_poly_compress_d5_native`	✅	1s	2s	-50%
`mlk_poly_decompress_d11_native`	✅	1s	4s	-75%
`mlk_poly_decompress_d4_c`	✅	1s	2s	-50%
`mlk_poly_tobytes`	✅	1s	3s	-67%
`mlk_poly_tobytes_native`	✅	1s	3s	-67%
`mlk_poly_tomont_c`	✅	1s	2s	-50%
`mlk_polyvec_permute_bitrev_to_custom`	✅	1s	4s	-75%
`mlk_polyvec_tobytes`	✅	1s	3s	-67%
`mlk_rej_uniform`	✅	1s	3s	-67%
`mlk_scalar_compress_d11`	✅	1s	2s	-50%
`mlk_scalar_compress_d4`	✅	1s	3s	-67%
`mlk_scalar_decompress_d11`	✅	1s	3s	-67%
`mlk_sha3_256`	✅	1s	3s	-67%
`mlk_shake128_absorb_once`	✅	1s	3s	-67%
`mlk_shake128_squeezeblocks`	✅	1s	3s	-67%
`mlk_value_barrier_u32`	✅	1s	2s	-50%
`poly_compress_d10_native_x86_64`	✅	1s	1s	+0%
`poly_mulcache_compute_native_x86_64`	✅	1s	2s	-50%
`sys_check_capability`	✅	1s	2s	-50%

oqs-bot · 2026-05-30T09:21:49Z

CBMC Results (ML-KEM-768)

⚠️ Attention Required

Proof	Status	Current	Previous	Change
`mlk_poly_reduce_native`	⚠️	34s	20s	+70%
`mlk_poly_rej_uniform`	⚠️	128s	30s	+327%

Full Results (191 proofs)

Proof	Status	Current	Previous	Change
`TOTAL`	✅	1299s	1285s	+1.1%
`mlk_indcpa_keypair_derand`	✅	171s	201s	-15%
`mlk_indcpa_enc`	✅	158s	178s	-11%
`mlk_poly_rej_uniform`	⚠️	128s	30s	+327%
`mlk_rej_uniform_c`	✅	108s	126s	-14%
`mlk_polyvec_basemul_acc_montgomery_cached_c`	✅	43s	46s	-7%
`poly_ntt_native`	✅	36s	26s	+38%
`mlk_poly_reduce_native`	⚠️	34s	20s	+70%
`mlk_ntt_layer`	✅	26s	34s	-24%
`mlk_keccak_squeezeblocks_x4`	✅	24s	26s	-8%
`mlk_fqmul`	✅	20s	16s	+25%
`keccakf1600x4_permute_native_x4`	✅	16s	16s	+0%
`polyvec_basemul_acc_montgomery_cached_native`	✅	15s	20s	-25%
`mlk_indcpa_dec`	✅	14s	13s	+8%
`mlk_poly_decompress_d10_native`	✅	14s	14s	+0%
`mlk_poly_decompress_d4_native`	✅	11s	18s	-39%
`mlk_keccak_squeezeblocks`	✅	10s	8s	+25%
`mlk_poly_frombytes_native`	✅	9s	9s	+0%
`mlk_polyvec_add`	✅	9s	10s	-10%
`mlk_ntt_butterfly_block`	✅	8s	7s	+14%
`mlk_poly_frommsg`	✅	8s	9s	-11%
`mlk_keccak_absorb_once_x4`	✅	7s	7s	+0%
`mlk_keccak_squeeze_once`	✅	7s	11s	-36%
`mlk_poly_rej_uniform_x4`	✅	7s	6s	+17%
`mlk_invntt_layer`	✅	6s	7s	-14%
`mlk_keccak_absorb_once`	✅	6s	4s	+50%
`mlk_keccakf1600_permute_c`	✅	5s	5s	+0%
`mlk_poly_ntt`	✅	5s	11s	-55%
`poly_decompress_d10_native_x86_64`	✅	5s	7s	-29%
`polyvec_basemul_acc_montgomery_cached_k3_native_x86_64`	✅	5s	1s	+400%
`rej_uniform_native_x86_64`	✅	5s	6s	-17%
`kem_dec`	✅	4s	6s	-33%
`kem_enc_derand`	✅	4s	3s	+33%
`mlk_gen_matrix`	✅	4s	4s	+0%
`mlk_keccakf1600_permute`	✅	4s	2s	+100%
`mlk_poly_compress_d10_native`	✅	4s	3s	+33%
`mlk_poly_decompress_d5_c`	✅	4s	2s	+100%
`mlk_poly_frombytes_c`	✅	4s	3s	+33%
`mlk_poly_getnoise_eta1122_4x`	✅	4s	1s	+300%
`mlk_poly_invntt_tomont_c`	✅	4s	2s	+100%
`mlk_poly_ntt_c`	✅	4s	4s	+0%
`mlk_polyvec_frombytes`	✅	4s	1s	+300%
`mlk_shake256x4`	✅	4s	4s	+0%
`poly_compress_d5_native_x86_64`	✅	4s	3s	+33%
`poly_mulcache_compute_native_aarch64`	✅	4s	3s	+33%
`keccak_f1600_x4_native_aarch64_v84a`	✅	3s	1s	+200%
`keccak_f1600_x4_native_aarch64_v8a_scalar_hybrid`	✅	3s	2s	+50%
`keccak_f1600_x4_native_avx2`	✅	3s	2s	+50%
`keccakf1600x4_extract_bytes_native`	✅	3s	2s	+50%
`kem_check_sk`	✅	3s	1s	+200%
`kem_keypair_derand`	✅	3s	1s	+200%
`mlk_barrett_reduce`	✅	3s	3s	+0%
`mlk_ct_memcmp`	✅	3s	5s	-40%
`mlk_keccakf1600_extract_bytes`	✅	3s	1s	+200%
`mlk_keccakf1600_extract_bytes (big endian)`	✅	3s	2s	+50%
`mlk_keccakf1600x4_extract_bytes_c`	✅	3s	3s	+0%
`mlk_keccakf1600x4_permute`	✅	3s	2s	+50%
`mlk_keccakf1600x4_xor_bytes`	✅	3s	3s	+0%
`mlk_keccakf1600x4_xor_bytes_c`	✅	3s	4s	-25%
`mlk_keypair_getnoise_eta1`	✅	3s	4s	-25%
`mlk_poly_cbd_eta1`	✅	3s	4s	-25%
`mlk_poly_cbd_eta2`	✅	3s	3s	+0%
`mlk_poly_compress_d10_c`	✅	3s	3s	+0%
`mlk_poly_compress_d4_c`	✅	3s	2s	+50%
`mlk_poly_compress_d5`	✅	3s	2s	+50%
`mlk_poly_compress_d5_c`	✅	3s	2s	+50%
`mlk_poly_decompress_d10`	✅	3s	1s	+200%
`mlk_poly_decompress_d10_c`	✅	3s	2s	+50%
`mlk_poly_decompress_d11`	✅	3s	2s	+50%
`mlk_poly_decompress_d4_c`	✅	3s	4s	-25%
`mlk_poly_decompress_du`	✅	3s	1s	+200%
`mlk_poly_getnoise_eta1_4x`	✅	3s	2s	+50%
`mlk_poly_getnoise_eta1_4x_native`	✅	3s	4s	-25%
`mlk_poly_invntt_tomont`	✅	3s	1s	+200%
`mlk_poly_mulcache_compute_c`	✅	3s	3s	+0%
`mlk_poly_reduce`	✅	3s	5s	-40%
`mlk_poly_tomont_native`	✅	3s	5s	-40%
`mlk_polyvec_basemul_acc_montgomery_cached`	✅	3s	2s	+50%
`mlk_polyvec_permute_bitrev_to_custom`	✅	3s	2s	+50%
`mlk_polyvec_tobytes`	✅	3s	2s	+50%
`mlk_scalar_compress_d1`	✅	3s	3s	+0%
`mlk_scalar_compress_d5`	✅	3s	3s	+0%
`mlk_scalar_decompress_d10`	✅	3s	3s	+0%
`mlk_scalar_decompress_d11`	✅	3s	2s	+50%
`mlk_scalar_decompress_d4`	✅	3s	2s	+50%
`mlk_scalar_decompress_d5`	✅	3s	4s	-25%
`mlk_sha3_256`	✅	3s	2s	+50%
`mlk_shake128_squeezeblocks`	✅	3s	2s	+50%
`mlk_shake128x4_absorb_once`	✅	3s	3s	+0%
`mlk_shake128x4_squeezeblocks`	✅	3s	1s	+200%
`mlk_shake256`	✅	3s	2s	+50%
`mlk_value_barrier_u8`	✅	3s	2s	+50%
`poly_compress_d11_native_x86_64`	✅	3s	2s	+50%
`poly_compress_d4_native_x86_64`	✅	3s	2s	+50%
`poly_decompress_d4_native_x86_64`	✅	3s	7s	-57%
`poly_mulcache_compute_native_x86_64`	✅	3s	3s	+0%
`polyvec_basemul_acc_montgomery_cached_k2_native_x86_64`	✅	3s	2s	+50%
`polyvec_basemul_acc_montgomery_cached_k3_native_aarch64`	✅	3s	3s	+0%
`polyvec_basemul_acc_montgomery_cached_k4_native_aarch64`	✅	3s	1s	+200%
`polyvec_basemul_acc_montgomery_cached_k4_native_x86_64`	✅	3s	2s	+50%
`rej_uniform_native_aarch64`	✅	3s	3s	+0%
`intt_native_aarch64`	✅	2s	4s	-50%
`intt_native_x86_64`	✅	2s	3s	-33%
`keccak_f1600_x4_native_aarch64_v8a_v84a_scalar_hybrid`	✅	2s	1s	+100%
`keccakf1600_permute_native`	✅	2s	2s	+0%
`keccakf1600x4_xor_bytes_native`	✅	2s	3s	-33%
`kem_check_pk`	✅	2s	4s	-50%
`kem_enc`	✅	2s	2s	+0%
`mlk_check_pct`	✅	2s	3s	-33%
`mlk_ct_cmask_neg_i16`	✅	2s	3s	-33%
`mlk_ct_cmask_nonzero_u8`	✅	2s	1s	+100%
`mlk_ct_cmov_zero`	✅	2s	2s	+0%
`mlk_ct_sel_int16`	✅	2s	4s	-50%
`mlk_ct_sel_uint8`	✅	2s	2s	+0%
`mlk_enc_getnoise_eta1_eta2`	✅	2s	1s	+100%
`mlk_gen_matrix_serial`	✅	2s	3s	-33%
`mlk_keccakf1600_xor_bytes (big endian)`	✅	2s	2s	+0%
`mlk_keccakf1600x4_extract_bytes`	✅	2s	1s	+100%
`mlk_matvec_mul`	✅	2s	4s	-50%
`mlk_montgomery_reduce`	✅	2s	1s	+100%
`mlk_poly_add`	✅	2s	2s	+0%
`mlk_poly_compress_d10`	✅	2s	1s	+100%
`mlk_poly_compress_d11`	✅	2s	1s	+100%
`mlk_poly_compress_d11_c`	✅	2s	1s	+100%
`mlk_poly_compress_d11_native`	✅	2s	3s	-33%
`mlk_poly_compress_d4_native`	✅	2s	1s	+100%
`mlk_poly_compress_d5_native`	✅	2s	2s	+0%
`mlk_poly_compress_du`	✅	2s	2s	+0%
`mlk_poly_decompress_d11_c`	✅	2s	2s	+0%
`mlk_poly_decompress_d11_native`	✅	2s	1s	+100%
`mlk_poly_decompress_d5_native`	✅	2s	2s	+0%
`mlk_poly_decompress_dv`	✅	2s	1s	+100%
`mlk_poly_getnoise_eta2`	✅	2s	3s	-33%
`mlk_poly_reduce_c`	✅	2s	2s	+0%
`mlk_poly_sub`	✅	2s	2s	+0%
`mlk_poly_tobytes`	✅	2s	2s	+0%
`mlk_poly_tobytes_c`	✅	2s	2s	+0%
`mlk_poly_tobytes_native`	✅	2s	2s	+0%
`mlk_poly_tomont`	✅	2s	3s	-33%
`mlk_poly_tomont_c`	✅	2s	2s	+0%
`mlk_polymat_permute_bitrev_to_custom`	✅	2s	4s	-50%
`mlk_polyvec_compress_du`	✅	2s	1s	+100%
`mlk_polyvec_invntt_tomont`	✅	2s	3s	-33%
`mlk_polyvec_mulcache_compute`	✅	2s	4s	-50%
`mlk_polyvec_ntt`	✅	2s	1s	+100%
`mlk_polyvec_permute_bitrev_to_custom_native`	✅	2s	3s	-33%
`mlk_scalar_compress_d10`	✅	2s	2s	+0%
`mlk_sha3_512`	✅	2s	4s	-50%
`mlk_shake128_absorb_once`	✅	2s	3s	-33%
`mlk_value_barrier_i32`	✅	2s	1s	+100%
`ntt_native_aarch64`	✅	2s	1s	+100%
`nttunpack_native_x86_64`	✅	2s	4s	-50%
`poly_compress_d10_native_x86_64`	✅	2s	3s	-33%
`poly_decompress_d11_native_x86_64`	✅	2s	2s	+0%
`poly_decompress_d5_native_x86_64`	✅	2s	1s	+100%
`poly_frombytes_native_x86_64`	✅	2s	4s	-50%
`poly_getnoise_eta1122_4x_native`	✅	2s	2s	+0%
`poly_invntt_tomont_native`	✅	2s	4s	-50%
`poly_reduce_native_aarch64`	✅	2s	2s	+0%
`poly_reduce_native_x86_64`	✅	2s	2s	+0%
`poly_tobytes_native_aarch64`	✅	2s	2s	+0%
`poly_tobytes_native_x86_64`	✅	2s	2s	+0%
`poly_tomont_native_x86_64`	✅	2s	2s	+0%
`polyvec_basemul_acc_montgomery_cached_k2_native_aarch64`	✅	2s	3s	-33%
`rej_uniform_native`	✅	2s	4s	-50%
`keccak_f1600_x1_native_aarch64`	✅	1s	2s	-50%
`keccak_f1600_x1_native_aarch64_v84a`	✅	1s	1s	+0%
`kem_keypair`	✅	1s	1s	+0%
`mlk_ct_cmask_nonzero_u16`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_i32`	✅	1s	3s	-67%
`mlk_ct_get_optblocker_u32`	✅	1s	2s	-50%
`mlk_ct_get_optblocker_u8`	✅	1s	1s	+0%
`mlk_keccakf1600_xor_bytes`	✅	1s	4s	-75%
`mlk_poly_compress_d4`	✅	1s	3s	-67%
`mlk_poly_compress_dv`	✅	1s	2s	-50%
`mlk_poly_decompress_d4`	✅	1s	4s	-75%
`mlk_poly_decompress_d5`	✅	1s	2s	-50%
`mlk_poly_frombytes`	✅	1s	1s	+0%
`mlk_poly_mulcache_compute`	✅	1s	4s	-75%
`mlk_poly_mulcache_compute_native`	✅	1s	2s	-50%
`mlk_poly_tomsg`	✅	1s	4s	-75%
`mlk_polyvec_decompress_du`	✅	1s	3s	-67%
`mlk_polyvec_reduce`	✅	1s	2s	-50%
`mlk_polyvec_tomont`	✅	1s	1s	+0%
`mlk_rej_uniform`	✅	1s	1s	+0%
`mlk_scalar_compress_d11`	✅	1s	3s	-67%
`mlk_scalar_compress_d4`	✅	1s	4s	-75%
`mlk_scalar_signed_to_unsigned_q`	✅	1s	4s	-75%
`mlk_value_barrier_u32`	✅	1s	2s	-50%
`ntt_native_x86_64`	✅	1s	1s	+0%
`poly_tomont_native_aarch64`	✅	1s	2s	-50%
`sys_check_capability`	✅	1s	2s	-50%

Update the nixpkgs input from nixos-25.11 to nixos-26.05 and adjust the flake to the new package set: - Default gcc changed from 14.3.0 to 15.2.0 - slothy: use the new pkgs.slothy from nixpkgs instead of the custom build; nix/slothy/default.nix now just re-exports it with a commented override for pinning a specific upstream revision. Drops the python3-for-slothy (unstable ortools) workaround. - hol_light: hol_light is now taken directly from nixpkgs, as I have upstreamed a recent version and made the necessary adjustments to make it directly usable. Similar as for slothy, we keep a separate package to make it easier to overwrite the version in the future. - python: provide script dependencies (pyparsing, sympy, ...) via python3.withPackages instead of bare python3Packages entries in a symlinkJoin, which no longer reach sys.path. Fixes autogen's "No module named 'pyparsing'". - autogen: use the snake_case pyparsing API (parse_string/parse_all) to silence the deprecation warning from the newer pyparsing. - cbmc: bitwuzla version 0.8.2 -> 0.9.0. - autogen: Reformatted with newer ruff version - platform tests: Increase disk on x86 from 20 GiB to 30 GiB as nix derivation does not fit anymore otherwise. - clang 18: Clang 18 from 26.05 no longer compiles on MacOS - take it from the 24.05 channel instead. Signed-off-by: Matthias J. Kannwischer <matthias@zerorisc.com>

oqs-bot

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'ppc64le (POWER10) benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.03.

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`70626` cycles	`59410` cycles	`1.19`
`ML-KEM-512 encaps`	`84636` cycles	`72138` cycles	`1.17`
`ML-KEM-512 decaps`	`108532` cycles	`91875` cycles	`1.18`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

SpacemiT K1 8 (Banana Pi F3) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`143456` cycles	`155511` cycles	`0.92`
`ML-KEM-512 encaps`	`151739` cycles	`163418` cycles	`0.93`
`ML-KEM-512 decaps`	`190270` cycles	`206683` cycles	`0.92`
`ML-KEM-768 keypair`	`233646` cycles	`249875` cycles	`0.94`
`ML-KEM-768 encaps`	`250703` cycles	`270398` cycles	`0.93`
`ML-KEM-768 decaps`	`306224` cycles	`332169` cycles	`0.92`
`ML-KEM-1024 keypair`	`366784` cycles	`395748` cycles	`0.93`
`ML-KEM-1024 encaps`	`390113` cycles	`422755` cycles	`0.92`
`ML-KEM-1024 decaps`	`460756` cycles	`506297` cycles	`0.91`

This comment was automatically generated by workflow using github-action-benchmark.

oqs-bot

Arm Cortex-A72 (Raspberry Pi 4) benchmarks

Details

Benchmark suite	Current: `c5ea34d`	Previous: `183f280`	Ratio
`ML-KEM-512 keypair`	`50774` cycles	`50954` cycles	`1.00`
`ML-KEM-512 encaps`	`58733` cycles	`59070` cycles	`0.99`
`ML-KEM-512 decaps`	`74433` cycles	`75432` cycles	`0.99`
`ML-KEM-768 keypair`	`86622` cycles	`86879` cycles	`1.00`
`ML-KEM-768 encaps`	`95203` cycles	`96300` cycles	`0.99`
`ML-KEM-768 decaps`	`117323` cycles	`120567` cycles	`0.97`
`ML-KEM-1024 keypair`	`129918` cycles	`131131` cycles	`0.99`
`ML-KEM-1024 encaps`	`142251` cycles	`143830` cycles	`0.99`
`ML-KEM-1024 decaps`	`174795` cycles	`175647` cycles	`1.00`

This comment was automatically generated by workflow using github-action-benchmark.

mkannwischer added the benchmark this PR should be benchmarked in CI label May 30, 2026

oqs-bot reviewed May 30, 2026

View reviewed changes

mkannwischer added the legacy-compiler-tests Triggers legacy compiler tests in CI label May 30, 2026

mkannwischer mentioned this pull request May 30, 2026

pa_j: accept camlp5 8.05 for OCaml 5.4 jrh13/hol-light#181

Merged

mkannwischer force-pushed the bump-nixpkgs-26.05 branch from a752cfc to 256b4d5 Compare May 30, 2026 09:10

mkannwischer commented May 30, 2026

View reviewed changes

Comment thread nix/hol_light/0007-Accept-camlp5-8.05-for-OCaml-5.4.patch Outdated

mkannwischer commented May 30, 2026

View reviewed changes

Comment thread nix/util.nix Outdated

mkannwischer commented May 30, 2026

View reviewed changes

mkannwischer force-pushed the bump-nixpkgs-26.05 branch 5 times, most recently from 1d05445 to fd3e132 Compare May 30, 2026 13:33

This was referenced Jun 2, 2026

nix: Use HOL-Light from nixpkgs #1712

Closed

Nix: Use slothy from nixpkgs instead of a bundled derivation #1686

Closed

mkannwischer force-pushed the bump-nixpkgs-26.05 branch from fd3e132 to 20170ef Compare June 4, 2026 09:15

mkannwischer force-pushed the bump-nixpkgs-26.05 branch from 20170ef to c5ea34d Compare June 4, 2026 09:35

mkannwischer added benchmark this PR should be benchmarked in CI and removed benchmark this PR should be benchmarked in CI labels Jun 4, 2026

oqs-bot reviewed Jun 4, 2026

View reviewed changes

mkannwischer mentioned this pull request Jun 4, 2026

nix: bump to nixpkgs 26.05 pq-code-package/mldsa-native#1149

Draft

oqs-bot reviewed Jun 4, 2026

View reviewed changes

mkannwischer marked this pull request as ready for review June 4, 2026 11:15

mkannwischer requested a review from a team as a code owner June 4, 2026 11:15

Conversation

mkannwischer commented May 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Intel Xeon 4th gen (c7i)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Mac Mini (M1, 2020) benchmarks

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

ppc64le (POWER10) benchmarks

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Intel Xeon 4th gen (c7i) (no-opt)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

AMD EPYC 3rd gen (c6a)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

⚠️ Performance Alert ⚠️

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

AMD EPYC 4th gen (c7a)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Intel Xeon 3rd gen (c6i)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

⚠️ Performance Alert ⚠️

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

AMD EPYC 4th gen (c7a) (no-opt)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

AMD EPYC 3rd gen (c6a) (no-opt)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Graviton4

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Intel Xeon 3rd gen (c6i) (no-opt)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Graviton4 (no-opt)

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Graviton3

Uh oh!

oqs-bot left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

mkannwischer commented May 30, 2026 •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot left a comment •

edited

Loading

oqs-bot commented May 30, 2026 •

edited

Loading

oqs-bot commented May 30, 2026 •

edited

Loading

oqs-bot commented May 30, 2026 •

edited

Loading