kyber icon indicating copy to clipboard operation
kyber copied to clipboard

Published 20 hours ago verified publisher icon pq-crystals

Why the result of barrett_reduce is in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q?

Open sduyyy opened this issue 1 year ago • 3 comments

In the history implementation of barrett_reduce function, the output is in {0,...,q} congruent to a modulo q. But in Commits on Nov 20, 2020, the output of barrett_reduce is in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q. Why is it modified like this?

sduyyy avatar Oct 12 '23 06:10 sduyyy

In addition, what is the input range?

sduyyy avatar Oct 12 '23 09:10 sduyyy

Hi, if I remember correctly, literature shows that signed arithmetic is faster for this size of modular arithmetic. For example, there are instructions smmulr in Armv7E-M and vpmulhrsw in AVX2. Both of them operate on signed inputs, and there is no unsigned counterparts.

However, I'm not sure if this is the reason for the changes. Maybe others working Kyber already can answer this.

vincentvbh avatar Nov 23 '23 12:11 vincentvbh

I made an implementation in pure Kotlin. I even added Barrett and Montgomery reductions, but I still don't know why. All my functions work in the unsigned space only. Maybe it's worth it to dig through the commit history.

ronhombre avatar Feb 10 '24 03:02 ronhombre