[WIP] Add stack optimizations.

[mvanbeirendonck]

Hi all,

I created a pull request for pqm4 (mupq/pqm4/pull/181) with the stack optimizations for Saber NTT multiplication. I wanted to ask if you also want to fully include them here, or keep compatibility with the original paper?

Right now this draft pull request has the stack-optimized Saber NTT, but this one has a little different function naming than the Toom-Cook reference implementation that is also included. This messes up the testbenches. I could add an update for the Toom-Cook as well, to uniformize them.

Then there's a second problem that the stack-optimized implementation has no native MatrixVectorMul and InnerProd. The new functions unpack the inputs just-in-time, depending on keygen/encrypt/decrypt. To keep all the benchmarks speed.c, these two functions should be recreated again.

Let me know what you prefer!

Cheers,
Michiel

[vincentvbh]

For benchmarking MatrixVectorMul and InnderProd, I think we can benchmark MatrixVectorMulKeyPairNTT() and InnerProdDecNTT() with only NTT codes(by creating the version of these two functions in speed.c where all non-NTT operations are removed). I test them locally, and they are only -2%~6% compared to the cycles in our paper.

For Toom-Cook, I think as long as the cycles are consistent with the paper, some adjustment is fine.

[mvanbeirendonck]

• Add stack-optimized NTT
• Add stack-optimized Toom-Cook
• Recreate MatrixVectorMul and InnerProd without decompressing functions