Add experimental SLOTHY-optimized NTTs

So far, clean ASM is only optimized according to Cortex-A72 model,
and we do not yet explore algorithmic variations from

  Fast and Clean: Auditable high-performance
  assembly via constraint solving

  https://eprint.iacr.org/2022/1303

This will come at a later point.

Both the clean and the optimized code are added to the repository,
as well as the SLOTHY script.

Signed-off-by: Hanno Becker <[email protected]>

mlkem/asm/aarch64/intt_123_4567.S → mlkem/asm/aarch64/intt_clean.S

@@ -159,11 +159,11 @@
 .data
 .p2align 4
 roots:
-#include "intt_kyber_123_45_67_twiddles.S"
+#include "intt_123_45_67_twiddles.S"
 .text
 
-        .global intt_kyber_123_4567
-        .global _intt_kyber_123_4567
+        .global intt_asm_clean
+        .global _intt_asm_clean
 
 .p2align 4
 const_addr:       .short 3329
@@ -191,8 +191,8 @@ ninv_tw_addr:     .short 5040
                   .short 5040
                   .short 5040
 
-intt_kyber_123_4567:
-_intt_kyber_123_4567:
+intt_asm_clean:
+_intt_asm_clean:
         push_stack
 
         in      .req x0

mlkem/asm/aarch64/ntt_123_4567.S → mlkem/asm/aarch64/ntt_clean.S

@@ -157,7 +157,7 @@
 .data
 .p2align 4
 roots:
-        #include "ntt_kyber_123_45_67_twiddles.S"
+        #include "ntt_123_45_67_twiddles.S"
 
         in      .req x0
         inp     .req x1
@@ -208,8 +208,8 @@ roots:
         t3  .req v28
 
         .text
-        .global ntt_kyber_123_4567
-        .global _ntt_kyber_123_4567
+        .global ntt_asm_clean
+        .global _ntt_asm_clean
 
 .p2align 4
 const_addr:
@@ -222,8 +222,8 @@ const_addr:
         .short 0
         .short 0
 
-ntt_kyber_123_4567:
-_ntt_kyber_123_4567:
+ntt_asm_clean:
+_ntt_asm_clean:
         push_stack
 
         ASM_LOAD(r_ptr0, roots)