mirror of https://gogs.blitter.com/RLabs/xs
44 lines
1.1 KiB
Go
44 lines
1.1 KiB
Go
// reduce.go - Montgomery, Barret, and Full reduction.
|
|
//
|
|
// To the extent possible under law, Yawning Angel has waived all copyright
|
|
// and related or neighboring rights to the software, using the Creative
|
|
// Commons "CC0" public domain dedication. See LICENSE or
|
|
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
|
|
|
|
package kyber
|
|
|
|
const (
|
|
qinv = 7679 // -inverse_mod(q,2^18)
|
|
rlog = 18
|
|
)
|
|
|
|
// Montgomery reduction; given a 32-bit integer a, computes 16-bit integer
|
|
// congruent to a * R^-1 mod q, where R=2^18 (see value of rlog).
|
|
func montgomeryReduce(a uint32) uint16 {
|
|
u := a * qinv
|
|
u &= (1 << rlog) - 1
|
|
u *= kyberQ
|
|
a += u
|
|
return uint16(a >> rlog)
|
|
}
|
|
|
|
// Barrett reduction; given a 16-bit integer a, computes 16-bit integer
|
|
// congruent to a mod q in {0,...,11768}.
|
|
func barrettReduce(a uint16) uint16 {
|
|
u := uint32(a >> 13) // ((uint32_t) a * sinv) >> 16
|
|
u *= kyberQ
|
|
a -= uint16(u)
|
|
return a
|
|
}
|
|
|
|
// Full reduction; given a 16-bit integer a, computes unsigned integer a mod q.
|
|
func freeze(x uint16) uint16 {
|
|
r := barrettReduce(x)
|
|
|
|
m := r - kyberQ
|
|
c := int16(m)
|
|
c >>= 15
|
|
r = m ^ ((r ^ m) & uint16(c))
|
|
return r
|
|
}
|