Expand description
Shared ring arithmetic for ML-DSA / module-lattice constructions over (R_q = \mathbb{Z}_q[X]/(X^{256}+1)), (q = 8,380,417).
Portable NTT (Cooley–Tukey forward, Gentleman–Sande inverse with Montgomery
scaling) is bit-compatible with the non-hardened path in lib-q-ml-dsa.
Re-exports§
pub use challenge::sample_in_ball;pub use expand::expand_a_from_seed;pub use field::FieldElementTimesMontgomeryR;pub use field::add_coeffs;pub use field::montgomery_multiply_by_constant;pub use field::montgomery_multiply_coeffs;pub use field::montgomery_multiply_fe_by_fer;pub use field::montgomery_reduce_element;pub use field::reduce_element;pub use field::reduce_poly_simd;pub use field::subtract_coeffs;pub use module::ModuleMatrix;pub use module::ModuleVec;pub use ntt::intt_montgomery;pub use ntt::ntt_forward_simd;pub use ntt::ntt_multiply_montgomery;pub use poly::NttPoly;pub use poly::Poly;pub use uniform::sample_uniform_coeff_mod_q;pub use uniform::sample_uniform_field_coefficient;pub use uniform::try_uniform_coeff_mod_q_from_u32;pub use uniform::uniform_mod_u32_rejection_threshold;
Modules§
- challenge
- Challenge sampling (FIPS 204, Algorithm 29) using SHAKE256 in ML-DSA’s incremental block shape.
- coeff
- SIMD layout: 32 lanes × 8 coefficients = 256.
- constants
- ML-DSA field and ring geometry (FIPS 204).
- encoding
- FIPS 204-style bit packing for bounded unsigned coefficient vectors.
- expand
- ExpandA (FIPS 204, Algorithm 34) — SHAKE128 rejection sampling per matrix entry.
- field
- Montgomery multiply-accumulate and Barrett reduction (ML-DSA portable path).
- module
- Module operations: matrix–vector product in the NTT domain (ML-DSA style).
- ntt
- NTT wrappers over the generated portable butterflies.
- params
- ML-DSA parameter markers (FIPS 204) as associated constants.
- poly
- Coefficient (
Poly) vs NTT (NttPoly) newtypes. - uniform
- Unbiased uniform sampling in (\mathbb{Z}_q) for word-oriented RNGs.