RFR: 8373059: Test sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java should pass on Aarch64

Volodymyr Paprotski vpaprotski at openjdk.org
Tue Dec 9 18:41:18 UTC 2025 

On Tue, 9 Dec 2025 14:41:02 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

> …hould pass on Aarch64
> 
> The test used to fail because it had checked a stronger equivalence of the results of the Java method and its intrinsified version.
> Other then fixing that, I did some formatting and corrected a comment.

Claims: 
- "while the java version of `implDilithiumNttMult` can accept full signed INT32 on both `coeffs1` and `coeffs2`, in the actual implementation of ML_DSA, calls never exceed `-Q`-to-`+Q` on either inputs"
  - (I believe, it allows aarch64 to rearrange some multiplications, perhaps to relieve some register-alloc pressure? Multiplications are commutative, so this is valid, except range would be exceeded)
- "congruence is sufficient in modular arithmetic for test to pass"

The second claim is self-evident (which allows to relax the `Arrays.equals` test). 
The first.. I was able to convince myself by going through the code:
- All calls to `implDilithiumNttMult` originate from `nttConstMultiply` and `matrixVectorPointwiseMultiply`.
- All inputs to `nttConstMultiply` and `matrixVectorPointwiseMultiply` are 'cleansed' by `mlDsaVectorNtt`, `mlDsaNtt` and `generateA`
  - `mlDsaVectorNtt` itself is 'cleansed' by `mlDsaNtt`
  - `generateA` masks its outputs to 23-bits (fits within the 2Q in this PR)
  - `mlDsaNtt` 'cleansed' by `montMul`
  - `montMul` returns range `(-Q,Q)` per paper in the comments.



<img width="2080" height="852" alt="image" src="https://github.com/user-attachments/assets/17ce45a0-97ce-41a1-b7c1-a56bad9b9038" />

test/jdk/sun/security/provider/pqc/ML_DSA_Intrinsic_Test.java line 147:

> 145: 
> 146:         if (!Arrays.equals(prod1, prod2)) {
> 147:             boolean modQequal = true;

I would probably had moved this to its own helper `arraysCongruent` and replaces the `if (!Arrays.equals(prod1, prod2))` with `!arraysCongruent(prod1, prod2)`. But not a deal-breaker..

-------------

Marked as reviewed by vpaprotski (Committer).

PR Review: https://git.openjdk.org/jdk/pull/28722#pullrequestreview-3558941134
PR Review Comment: https://git.openjdk.org/jdk/pull/28722#discussion_r2603792002

More information about the security-dev mailing list