Comments (2)
Hi Caesar,
The arrays _ZETAS_EXP and _ZETAS_INV_EXP hold the precomputed roots of unity (multiplied with the Montgomery factor) for the AVX2-vectorized NTT implementation. They are similar to the corresponding arrays zetas and zetas_inv in the reference implementation, but differ in several ways. Firstly, their order is different. This is to match the recursion in the AVX2 NTT and the fact that the polynomial coefficients are reordered in later levels so that one always has full vector registers of coefficients that need to be multiplied. Secondly, some of the the roots are repeated several times because it is faster to load full vector registers instead of populating them on the fly with broadcast and shuffle instructions. And lastly, for every root there is a root multiplied by q^-1 mod 2^16 since this is needed for the fast Montgomery reduction described in https://ia.cr/2019/040.
For the GP-script that I've used to generated these arrays, see precomp2.txt.
Best,
Gregor
from kyber.
Hi Gregor,
Thank you for clarifying this.
Now I understand how the constants are generated.
I would like to note that precomp2.txt shows only how to generate _ZETAS_EXP, the inverses _ZETAS_INV_EXP are not included.
Thanks and regards,
Caesar
from kyber.
Related Issues (20)
- Why are you using GAS? HOT 2
- Many compiler warnings with GCC 11 / -Wall
- What are the requirements for the random number generator? HOT 11
- randombytes.c dependency on shared libraries HOT 3
- Ask for the link of the security estimation of kyber HOT 1
- Where is the python script that compute the failure probability of Kyber? HOT 1
- how to know the decryption is not the real message HOT 1
- Load shared library by using module ctypes of python HOT 1
- Error when running `cd kyber/ref && make shared` HOT 1
- Is montgomery calculation is necessary? HOT 4
- Why NTT and INTT use the same zeta array only with different order? and Why signed number is used not unsigned number? HOT 1
- macOS - issue for implementation - "This header is only meant to be used on x86 and x64 architecture" HOT 1
- Debugging error PQCgenKAT_kem.c HOT 5
- Configuring error during "hashes"
- the result of test_speed seems like some problem
- Possibly oversized cmp buffer in crypto_kem_dec standard branch
- Why the result of barrett_reduce is in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q? HOT 3
- avx2 build question
- .gitignore symbolic link
- main fails to compile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kyber.