polyuniform function

void polyuniform(
  1. Poly a,
  2. Uint8List seed,
  3. int nonce
)

Generates a pseudorandom polynomial a from a given seed and nonce.

This function uses the SHAKE128 function to produce a sequence of pseudorandom bytes from the seed combined with the nonce. The output bytes are then used to populate the coefficients of the polynomial a, ensuring each coefficient is less than KYBER_Q.

The extseed is an extended version of the seed which includes the nonce as its last two bytes. The function iteratively fills the polynomial by extracting 12-bit values from the randomized byte buffer until all coefficients are populated.

  • Parameters:
    • a: The polynomial to be populated with pseudorandom coefficients.
    • seed: A byte array used to seed the pseudorandom generator.
    • nonce: An integer value used to diversify the pseudorandom output.

Implementation

void polyuniform(Poly a, Uint8List seed, int nonce) {
  Uint8List extseed = Uint8List(KYBER_SYMBYTES + 2);
  for (int i = 0; i < KYBER_SYMBYTES; i++) {
    extseed[i] = seed[i];
  }
  extseed[KYBER_SYMBYTES] = nonce & 0xFF;
  extseed[KYBER_SYMBYTES + 1] = (nonce >> 8) & 0xFF;

  int ctr = 0;
  while (ctr < KYBER_N) {
    int needed = (KYBER_N - ctr) * 3;
    if (needed < 168) {
      needed = 168;
    }

    Uint8List buf = shake128(extseed, needed);

    int pos = 0;
    while (pos + 3 <= buf.length && ctr < KYBER_N) {
      int t = (buf[pos] | (buf[pos + 1] << 8) | (buf[pos + 2] << 16)) & 0xFFF;
      if (t < KYBER_Q) {
        a.coeffs[ctr++] = t;
      }
      pos += 3;
    }
  }
}