RFR: 8298387: Implementing ML-DSA signature algorithm [v9]
Ben Perez
bperez at openjdk.org
Wed Oct 23 19:53:07 UTC 2024
On Tue, 8 Oct 2024 15:36:58 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Ben Perez has updated the pull request incrementally with one additional commit since the last revision:
>>
>> move entries to different sections
>
> src/java.base/share/classes/sun/security/provider/ML_DSA.java line 45:
>
>> 43: private static final int montRModQ = 4193792;
>> 44: private static final int montDimInverse = 16382; // toMont((mlDsa_n)^-1 (mod mlDsa_q))
>> 45: private static final int[] montZetasForNtt = new int[]{
>
> It would be nice to link to a source for these magic values in the comments, unless we are generating some of these values ourselves.
Some of these values are constants in the spec and others are commonly used values derived from the constants. For example, `s1PackedLength = (mlDsa_l * (eta + 1) * 256) / 8` because the vector `s1` contains `mlDsa_l` polynomials of length 256 with 3-bit coefficients (the final division by 8 is to represent it in bytes). Perhaps it would be useful to annotate these values with how they're computed?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21364#discussion_r1813443228
More information about the security-dev
mailing list