polygetnoise function

void polygetnoise(
  1. Poly r,
  2. Uint8List seed,
  3. int nonce
)

Generates a pseudorandom polynomial from a seed and nonce using SHAKE128 and CBD (Centered Binomial Distribution). The output is a polynomial with coefficients in the range -(q-1)/2, (q-1)/2.

The function takes a seed and nonce as input, and returns a polynomial with coefficients in the range -(q-1)/2, (q-1)/2.

The output is a pseudorandom polynomial with coefficients in the range -(q-1)/2, (q-1)/2.

The function uses the SHAKE128 function to produce a sequence of pseudorandom bytes from the seed and nonce, and then uses the CBD to generate a polynomial with coefficients in the range -(q-1)/2, (q-1)/2.

The function takes O(1) time and O(1) space.

The function is deterministic, meaning that given the same seed and nonce, it will always produce the same output.

Implementation

void polygetnoise(Poly r, Uint8List seed, int nonce) {
  Uint8List extseed = Uint8List(KYBER_SYMBYTES + 1);
  for (int i = 0; i < KYBER_SYMBYTES; i++) {
    extseed[i] = seed[i];
  }
  extseed[KYBER_SYMBYTES] = nonce;

  Uint8List buf = shake128(extseed, (KYBER_ETA * KYBER_N) ~/ 4);
  // η=2 => 2*256/4 = 128 bytes

  cbd(r, buf);
}