Expand description
ยงSP1 NTT Gadget
High-performance NTT/INTT implementation for Dilithium (ML-DSA-65) verification in SP1 zkVM with 60-bit soundness Polynomial Identity Check (PIC).
ยงFeatures
- ๐ CRYSTALS-Dilithium Compatible: 100% compatible with FIPS 204 (ML-DSA-65)
- โก Optimized Montgomery Arithmetic: Constant-time operations
- ๐ก๏ธ 60-bit Soundness: 4-challenge PIC with Fiat-Shamir
- ๐ง SP1 zkVM Ready: Native precompile syscall integration
- ๐ฆ no_std Compatible: Works in embedded/zkVM environments
ยงQuick Start
ยงBasic NTT/INTT
use sp1_ntt_gadget::{ntt::forward::ntt, ntt::inverse::intt, params::N};
let mut coeffs = [0u32; N];
coeffs[0] = 42;
coeffs[1] = 59;
// Forward NTT
let original = coeffs;
ntt(&mut coeffs);
// Inverse NTT (roundtrip)
intt(&mut coeffs);
assert_eq!(coeffs, original);ยงVerified NTT (with PIC)
use sp1_ntt_gadget::{ntt::forward::ntt, pic::verifier::verify_ntt_simple, params::N};
let mut coeffs = [0u32; N];
for i in 0..N {
coeffs[i] = (i as u32 * 12345) % 8_380_417;
}
let original = coeffs;
ntt(&mut coeffs);
// Verify NTT correctness (60-bit soundness)
let context = b"my-application-context";
assert!(verify_ntt_simple(&original, &coeffs, context).is_ok());ยงSecurity
- Soundness: 60-bit (NUM_CHALLENGES=4, each ~15-bit security)
- Side-channel Resistance: Constant-time Montgomery arithmetic
- Tested: 132,731+ fuzzing iterations, 104 unit tests
ยงParameters
| Parameter | Value | Description |
|---|---|---|
| Q | 8,380,417 | Dilithium prime (q โก 1 mod 512) |
| N | 256 | Polynomial degree |
| NUM_CHALLENGES | 4 | PIC challenges (60-bit soundness) |
ยงModule Structure
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SP1 NTT Gadget โ
โโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ params โ ntt/ โ pic/ โ
โ (constants) โ (NTT/INTT ops) โ (verification) โ
โ โ โ โ
โ Q, ZETAS, โ forward.rs โ challenge.rs โ
โ MONT_R, etc. โ inverse.rs โ verifier.rs โ
โ โ montgomery.rs โ โ
โโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ validation/ โ precompile/ โ โ
โ (input check) โ (SP1 syscalls) โ โ
โโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโยงReferences
Re-exportsยง
pub use params::N;pub use params::Q;pub use params::NUM_CHALLENGES;pub use params::DOMAIN_SEP;pub use ntt::ntt;pub use ntt::intt;pub use pic::derive_challenges;pub use pic::verify_ntt;pub use pic::verify_ntt_simple;pub use pic::VerificationError;pub use validation::validate_coefficients;pub use validation::ValidationError;pub use precompile::NttInput;pub use precompile::NttOutput;pub use precompile::execute_ntt_with_verification;pub use precompile::execute_intt;pub use precompile::execute_roundtrip;pub use precompile::ntt_syscall;pub use precompile::intt_syscall;pub use precompile::NTT_PRECOMPILE_ID;pub use precompile::INTT_PRECOMPILE_ID;
Modulesยง
- ntt
- NTT (Number Theoretic Transform) operations
- params
- Dilithium NTT Constants for ML-DSA-65 (FIPS 204)
- pic
- Polynomial Identity Check (PIC) module
- precompile
- SP1 Precompile Integration Module
- validation
- Input validation module