GaussianSampler class

Discrete Gaussian sampler over Z (the FACCT sampler), the heart of Falcon signing.

This is an exact port of the Falcon reference samplerz.py. Because the app also runs on the web — where Dart's int is a 53-bit JavaScript double — we cannot rely on 64-bit integer wraparound and must never hold a value >= 2^53 in a plain int. Every place where the reference performs exact big-integer arithmetic beyond 2^53 (the RCDT table, the FACCT polynomial evaluation in approxExp, the running z inside berExp) therefore uses BigInt, which is arbitrary-precision and behaves identically on native and web.

All public entry points take an explicit RandomBytes source so that the caller can inject either a cryptographically secure stream (production) or a deterministic one (tests / cross-validation against the reference). The byte consumption order is part of the contract and must not change: per sampling attempt samplerZ reads 9 bytes for baseSampler, then 1 byte for the sign bit, then berExp reads 1 byte per loop iteration.

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Static Properties

c → List<BigInt>

Coefficients of the FACCT polynomial that approximates exp(-x): (2^-63) * sum(c[12 - i] * x^i for i in range(13)) is very close to exp(-x). Lifted from FACCT (https://doi.org/10.1109/TC.2019.2940949).

final

rcdt → List<BigInt>

Reverse cumulative distribution table of a distribution very close to a half-Gaussian of parameter maxSigma. Values exceed 2^53, hence BigInt.

final

Static Methods

approxExp(double x, double ccs) → BigInt

Compute an approximation of 2^63 * ccs * exp(-x).

baseSampler(RandomBytes rb) → int

Sample z0 in {0, 1, ..., 18} with a distribution very close to the half-Gaussian D_{Z+, 0, maxSigma}.

berExp(double x, double ccs, RandomBytes rb) → bool

Return a single bit, equal to 1 with probability ~ ccs * exp(-x).

samplerZ(double mu, double sigma, double sigmin, RandomBytes rb) → int

Given floating-point values mu, sigma and sigmin, output an integer z distributed according to the discrete Gaussian D_{Z, mu, sigma}.

Constants

maxSigma → const double

Upper bound on all values of sigma used by Falcon.