polyuniform function
Generates a pseudorandom polynomial a
from a given seed
and nonce
.
This function uses the SHAKE128 function to produce a sequence of pseudorandom
bytes from the seed
combined with the nonce
. The output bytes are then used
to populate the coefficients of the polynomial a
, ensuring each coefficient
is less than KYBER_Q
.
The extseed
is an extended version of the seed
which includes the nonce
as its last two bytes. The function iteratively fills the polynomial by
extracting 12-bit values from the randomized byte buffer until all coefficients
are populated.
- Parameters:
- a: The polynomial to be populated with pseudorandom coefficients.
- seed: A byte array used to seed the pseudorandom generator.
- nonce: An integer value used to diversify the pseudorandom output.
Implementation
void polyuniform(Poly a, Uint8List seed, int nonce) {
Uint8List extseed = Uint8List(KYBER_SYMBYTES + 2);
for (int i = 0; i < KYBER_SYMBYTES; i++) {
extseed[i] = seed[i];
}
extseed[KYBER_SYMBYTES] = nonce & 0xFF;
extseed[KYBER_SYMBYTES + 1] = (nonce >> 8) & 0xFF;
int ctr = 0;
while (ctr < KYBER_N) {
int needed = (KYBER_N - ctr) * 3;
if (needed < 168) {
needed = 168;
}
Uint8List buf = shake128(extseed, needed);
int pos = 0;
while (pos + 3 <= buf.length && ctr < KYBER_N) {
int t = (buf[pos] | (buf[pos+1]<<8) | (buf[pos+2]<<16)) & 0xFFF;
if (t < KYBER_Q) {
a.coeffs[ctr++] = t;
}
pos += 3;
}
}
}