clean-up ref, fips202 from Dilithium, reuse constants from forward nt…

…t in inverse ntt, reduce to centered representatives and remove csubq function
pq-crystals · Nov 20, 2020 · b0ec845 · b0ec845
1 parent b5857a3
commit b0ec845
Show file tree

Hide file tree

Showing 19 changed files with 532 additions and 447 deletions.
diff --git a/avx2/indcpa.c b/avx2/indcpa.c
@@ -396,7 +396,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
   _mm256_store_si256((__m256i *)buf[0], f);
   buf[0][KYBER_SYMBYTES+0] = 2;
   buf[0][KYBER_SYMBYTES+1] = 2;
-  shake128_absorb(&state1x, buf[0], KYBER_SYMBYTES+2);
+  shake128_absorb_once(&state1x, buf[0], KYBER_SYMBYTES+2);
   shake128_squeezeblocks(buf[0], GEN_MATRIX_NBLOCKS, &state1x);
   ctr0 = rej_uniform_avx(a[2].vec[2].coeffs, buf[0]);
   while(ctr0 < KYBER_N)

diff --git a/ref/cbd.c b/ref/cbd.c
@@ -26,7 +26,7 @@ static uint32_t load32_littleendian(const uint8_t x[4])
 * Name:        load24_littleendian
 *
 * Description: load 3 bytes into a 32-bit integer
-*              in little-endian order
+*              in little-endian order.
 *              This function is only needed for Kyber-512
 *
 * Arguments:   - const uint8_t *x: pointer to input byte array
@@ -52,7 +52,7 @@ static uint32_t load24_littleendian(const uint8_t x[3])
 *              polynomial with coefficients distributed according to
 *              a centered binomial distribution with parameter eta=2
 *
-* Arguments:   - poly *r:            pointer to output polynomial
+* Arguments:   - poly *r: pointer to output polynomial
 *              - const uint8_t *buf: pointer to input byte array
 **************************************************/
 static void cbd2(poly *r, const uint8_t buf[2*KYBER_N/4])
@@ -79,10 +79,10 @@ static void cbd2(poly *r, const uint8_t buf[2*KYBER_N/4])
 *
 * Description: Given an array of uniformly random bytes, compute
 *              polynomial with coefficients distributed according to
-*              a centered binomial distribution with parameter eta=3
+*              a centered binomial distribution with parameter eta=3.
 *              This function is only needed for Kyber-512
 *
-* Arguments:   - poly *r:            pointer to output polynomial
+* Arguments:   - poly *r: pointer to output polynomial
 *              - const uint8_t *buf: pointer to input byte array
 **************************************************/
 #if KYBER_ETA1 == 3
@@ -118,11 +118,11 @@ void cbd_eta1(poly *r, const uint8_t buf[KYBER_ETA1*KYBER_N/4])
 #endif
 }
 
-void cbd_eta2(poly *r, const uint8_t buf[KYBER_ETA1*KYBER_N/4])
+void cbd_eta2(poly *r, const uint8_t buf[KYBER_ETA2*KYBER_N/4])
 {
-#if KYBER_ETA2 != 2
-#error "This implementation requires eta2 = 2"
-#else
+#if KYBER_ETA2 == 2
   cbd2(r, buf);
+#else
+#error "This implementation requires eta2 = 2"
 #endif
 }