On Thu, 10 Oct 2024 15:43:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Ben Perez has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renamed internal keyGen/sign/verify functions to be same as spec
>
> src/java.base/share/classes/sun/security/provider/ML_DSA.java line 1202:
>
>> 1200: public static int[] mlDsaInverseNtt(int[] coeffs) {
>> 1201: int result = implMlDsaAlmostInverseNtt(coeffs,
>> montZetasForVectorInverseNtt);
>> 1202: result = implMlDsaMontMulByConstant(coeffs, montDimInverse);
>
> In FIPS 204, the constant is 8347681. Why do you use 16382?
The same thing is happening here as with the NTT, except we are not multiplying
with 1 but 2^-256 using Montgomery multiplication combined with the conversion
back to "normal domain", that is why the variable name is montDimInverse. In
the standard, they have dinInverse.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21364#discussion_r1796827653
