On Tue, 9 Dec 2025 14:41:02 GMT, Ferenc Rakoczi <[email protected]> wrote:
> …hould pass on Aarch64 > > The test used to fail because it had checked a stronger equivalence of the > results of the Java method and its intrinsified version. > Other then fixing that, I did some formatting and corrected a comment. Claims: - "while the java version of `implDilithiumNttMult` can accept full signed INT32 on both `coeffs1` and `coeffs2`, in the actual implementation of ML_DSA, calls never exceed `-Q`-to-`+Q` on either inputs" - (I believe, it allows aarch64 to rearrange some multiplications, perhaps to relieve some register-alloc pressure? Multiplications are commutative, so this is valid, except range would be exceeded) - "congruence is sufficient in modular arithmetic for test to pass" The second claim is self-evident (which allows to relax the `Arrays.equals` test). The first.. I was able to convince myself by going through the code: - All calls to `implDilithiumNttMult` originate from `nttConstMultiply` and `matrixVectorPointwiseMultiply`. - All inputs to `nttConstMultiply` and `matrixVectorPointwiseMultiply` are 'cleansed' by `mlDsaVectorNtt`, `mlDsaNtt` and `generateA` - `mlDsaVectorNtt` itself is 'cleansed' by `mlDsaNtt` - `generateA` masks its outputs to 23-bits (fits within the 2Q in this PR) - `mlDsaNtt` 'cleansed' by `montMul` - `montMul` returns range `(-Q,Q)` per paper in the comments. <img width="2080" height="852" alt="image" src="https://github.com/user-attachments/assets/17ce45a0-97ce-41a1-b7c1-a56bad9b9038"; /> test/jdk/sun/security/provider/pqc/ML_DSA_Intrinsic_Test.java line 147: > 145: > 146: if (!Arrays.equals(prod1, prod2)) { > 147: boolean modQequal = true; I would probably had moved this to its own helper `arraysCongruent` and replaces the `if (!Arrays.equals(prod1, prod2))` with `!arraysCongruent(prod1, prod2)`. But not a deal-breaker.. ------------- Marked as reviewed by vpaprotski (Committer). PR Review: https://git.openjdk.org/jdk/pull/28722#pullrequestreview-3558941134 PR Review Comment: https://git.openjdk.org/jdk/pull/28722#discussion_r2603792002
