[PATCH 0/5] dilithium-kyber: Optimized (i)NTT support for
NIIBE Yutaka
gniibe at fsij.org
Fri Mar 27 07:21:39 CET 2026
Hello,
Sorry for late reply.
Danny Tsen wrote:
> Added optimized (i)NTT algorithm support for ppc64le (Power 8 and
> above). Defined ENABLE_PPC_DILITHIUM and ENABLE_PPC_KYBER for
> dilithium (ML-DSA) and kyber (ML-KEM) NTT and inverse NTT.
Thank you for your work.
The approach of optimizing NTT functions looks good.
Let me start a discussion about Kyber. Then, we can apply the
result to Dilithium.
I wonder if we can do a bit more, so that we can avoid the duplication
of the ZETA constant among NTT implementation and kyber-common.c.
I'm considering about factoring following five functions from
kyber-common.c:
void _gcry_poly_ntt(poly *r);
void _gcry_poly_invntt_tomont(poly *r);
void _gcry_poly_reduce(poly *r)
void _gcry_poly_tomont(poly *r);
void _gcry_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
into, say, kyber-common-generic.c. And provide archtecture specific
kyber-common-<ARCH>-<HWACC>.S for optimized version(s).
This way, NTT functions are covered and ZETA is placed inside
kyber-common-*.
How do you think?
I'll try with the optimized implementation of AVX2 in the reference code.
https://www.pq-crystals.org/kyber/
--
More information about the Gcrypt-devel
mailing list