improved gen_matrix + SCT protections

[tfaoliveira]

Currently, branch "fgmsct" (reads final gen matrix + sct) contains an updated version for MLKEM-768.

The changes for MLKEM reference implementation are the following:

1) improved keccakf1600:

• bbd66329e569c947384bec29f0146dbf43f2dd35
• K cpu cycles on alder lake (keypair enc dec) before (502,551,694)
• after: (405,451,597);
• object size: before 167.5KB; 165.3KB

2) improved gen_matrix (useful for AVX2 implementation [wip])

• dc24367a9ec46237d5cf02a033204dddbc81a45d
• cycles before: (405,451,597);
• cycles after (with gen_matrix SCT): (401,446,590);
• object size: before 165.3KB; after 106.1KB
• check https://github.com/tfaoliveira/stash/tree/main/jasmin/mlkem/sample_ntt/round3 for more results wrt gen matrix

3) remove -lea as default (most additions were performed using LEA instruction instead of add)

• 80202a53152db3644e8abe362eeb4c42cd8efd6a
• cycles before (405,451,597);
• cycles after (318,396,503) -- this seems to have some impact on alder lake; I need to check on different CPUs
• object size: before 106.1KB; after 105.9KB

4) jkem.jazz checks with -checkSCT (spectre v1 protected)

• 6f36ef45b4f15f3b12dcad92c446ce10ebc00cbc
• cycles before (318,396,503)
• cycles after (317,394,501)
• object size: before: 105.9KB; after: 106.1KB
• here https://github.com/tfaoliveira/stash/tree/main/mmx/libjade_and_mmx it is possible to observe that for kyber, just spilling to mm registers improves performance

For the moment, I'm done with the reference implementation, and soon, I will start pushing into this branch the avx2 patch.

note: this work requires this commit from Jasmin https://github.com/jasmin-lang/jasmin/commit/f071a81bf24f9f514b35d304b525f9266296951f (so, I'm using latest Jasmin from main)

[tfaoliveira]

5. mlkem_avx2: update to keccakf1600_4x and gen_matrix:
   • 334271d0a87421359f7751deeddbc9da1c7154b8
   • cycles before: (113,109,111)
   • cycles after: (55,51,53)
   • object size: before: 194KB; after: 103KB;

[tfaoliveira]

6. mlkem_avx2 is now SCT; will be updated when keccakf1600 avx2

[tfaoliveira-sb]

I will close as https://github.com/formosa-crypto/hakyber/pull/32 supersedes this work. I will not delete the branch for the time being (I can use it as reference to adjust the mlkem ref implementation)