Add warning & TODO regarding potential introduction of branch

scalar_signed_to_unsigned_q_16() uses the expression `(r < 0)` for the extraction of the sign-bit, which is prone to compilers turning them into a branch. Signed-off-by: Hanno Becker <[email protected]>
pq-code-package · Jul 2, 2024 · 033ebac · 033ebac
1 parent bf75581
commit 033ebac
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/mlkem/poly.c b/mlkem/poly.c
@@ -110,6 +110,7 @@ uint16_t scalar_signed_to_unsigned_q_16 (int16_t c)
     int32_t r = (int32_t) c;
 
     // Add Q if r is negative
+    // TODO, WARNING: This needs to be protected from the compiler introducing a branch.
     int32_t factor = (r < 0); // 1 if r < 0; 0 if r >= 0
     r = r + (factor * KYBER_Q);