-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove redundant reduction from
unpack_pk()
and unpack_sk()
The specifications for the polynomial base multiplication currently require one input to be bound by q in absolute value. To ensure this, the unpacking routines `unpack_pk()` and `unpack_sk()` currently explicitly reduce their output via `poly_reduce()`. Functionally, this reduction is not needed: - For the PK, the modulus-check already ensures that the unpacked PK will be unsigned canonical. - For the SK, there is no requirement in the standard to check that the SK is reduced, or reduce it after unpacking. - There is no risk of overflow in the base multiplication even if the inputs are bound by 4096 rather than q: - For the C base multiplication, the input bound before modular reduction is now 2 * 4096 * 2^15, where before it was 2 * q * 2^15 -- both is below 2^31 so we are fine. After reduction, the 3/2 * q bound is weakened to 2 * q (a much better bound would be possible, but is unneeded), which is still sufficient for up to K=4-fold accumulation since 8 * q < INT16_MAX. - For the AArch64 base multiplication, we are accumulating in 32-bit up to a single final reduction. As in the C case, each 32-bit polynomial multiplication is bound by 2 * 4096 * 2^15 = 2^28, so the accumulated value before reduction is < 2^30 < INT32_MAX. - For the x86_64 base multiplication, the reasoning is unchanged: We don't accumulate in 32-bit but conduct a Montgomery multiplication for every monomial in the product, giving an output bound by q per monomial. Up to 8 such are accumulated, giving a bound by 8 * q < INT16_MAX. This commit strengthens the specifications for all polynomial base multiplication routines - basemul_cached - poly_basemul_montgomery_cached - polyvec_basemul_acc_montgomery - polyvec_basemul_acc_montgomery_cached - matvec_mul The polynomial reductions in `check_pk` and `check_sk` can then be safely removed. Signed-off-by: Hanno Becker <[email protected]>
- Loading branch information
1 parent
f56c5f6
commit 6fc7eb4
Showing
12 changed files
with
43 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters