helpers_sampling/

helpers_sampling.rs

// MIT License
//
// Copyright (c) 2026 Raja Lehtihet & Wael El Oraiby
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all
// copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
// SOFTWARE.

//! Demonstrates all sampling helper entrypoints in one executable.
//!
//! Run with:
//! `cargo run --example helpers_sampling`
//!
//! What this example does:
//! 1. Builds a ring context for `R_q = Z_q[x] / (x^16 + 1)`.
//! 2. Seeds a deterministic test RNG so output is reproducible.
//! 3. Samples:
//!    - uniform coefficients in `Z_q`,
//!    - centered-binomial noise (eta=3),
//!    - Gaussian-like integer noise (sigma=2.5),
//!    - a raw bounded integer via rejection sampling.
//! 4. Prints a compact summary.

mod common;

use common::sampling::{
    sample_cbd_poly_example, sample_discrete_gaussian_poly_example,
    sample_rejection_u64_below_example, sample_uniform_poly_example,
};
use core::convert::Infallible;
use nc_polynomial::RingContext;
use rand_core::TryCryptoRng;
use rand_core::TryRng;

#[derive(Debug, Clone)]
struct ExampleRng {
    state: u64,
}

impl ExampleRng {
    /// Creates a deterministic RNG state. This is only for examples/tests.
    fn new(seed: u64) -> Self {
        Self { state: seed }
    }

    /// xorshift64* step: simple, fast, reproducible.
    ///
    /// This is not intended to be a production CSPRNG. We only need determinism
    /// for stable example output.
    fn step(&mut self) -> u64 {
        let mut x = self.state;
        x ^= x >> 12;
        x ^= x << 25;
        x ^= x >> 27;
        self.state = x;
        x.wrapping_mul(0x2545_F491_4F6C_DD1D)
    }
}

impl TryRng for ExampleRng {
    type Error = Infallible;

    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
        Ok(self.step() as u32)
    }

    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
        Ok(self.step())
    }

    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Self::Error> {
        let mut offset = 0;
        while offset < dest.len() {
            let word = self.step().to_le_bytes();
            let chunk = (dest.len() - offset).min(8);
            dest[offset..offset + chunk].copy_from_slice(&word[..chunk]);
            offset += chunk;
        }
        Ok(())
    }
}

impl TryCryptoRng for ExampleRng {}

fn main() {
    // Configure modulus polynomial `x^16 + 1`.
    //
    // We allocate `max_degree + 1` coefficients and set:
    // - constant term: 1
    // - x^16 term: 1
    // - all intermediate terms: 0
    let mut modulus_poly = vec![0_u64; 16 + 1];
    modulus_poly[0] = 1;
    modulus_poly[16] = 1;
    // Build validated ring context with NTT-friendly modulus and primitive root.
    let ctx =
        RingContext::from_parts(16, 998_244_353, &modulus_poly, 3).expect("context should build");

    // Deterministic seed makes this executable reproducible.
    let mut rng = ExampleRng::new(0xA11C_E123_0000_0001);

    // Uniform sample in `R_q`: every coefficient is sampled independently in `[0, q)`.
    let uniform =
        sample_uniform_poly_example(&ctx, &mut rng).expect("uniform sampling should work");
    // Centered-binomial sample: each coefficient is small noise around 0.
    let cbd = sample_cbd_poly_example(&ctx, 3, &mut rng).expect("CBD sampling should work");
    // Gaussian-like sample from Box-Muller + integer rounding.
    let gaussian =
        sample_discrete_gaussian_poly_example(&ctx, 2.5, &mut rng).expect("gaussian should work");
    // Raw integer rejection sample in `[0, 1000)`.
    let below = sample_rejection_u64_below_example(1_000, &mut rng).expect("rejection should work");

    // Print concise observable properties so this can be used as a smoke run.
    println!("uniform_degree={:?}", uniform.degree());
    println!("cbd_degree={:?}", cbd.degree());
    println!("gaussian_degree={:?}", gaussian.degree());
    println!("sample_below_1000={below}");
}