Name Description Size
dilithium.cpp NIST FIPS 204, Algorithm 2 (ML-DSA.Sign) and Algorithm 7 (ML-DSA.Sign_internal) Note that the private key decoding is done ahead of time. Also, the matrix expansion of A from 'rho' along with the NTT-transforms of s1, s2 and t0 are done in the constructor of this class, as a 'signature operation' may be used to sign multiple messages. TODO: Implement support for the specified 'ctx' context string which is application defined and "empty" by default and <= 255 bytes long. 17746
dilithium.h This implementation is based on https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 Note that this is _not_ compatible with the round 3 submission of the NIST competition. 5261
dilithium_algos.cpp Returns an all-one mask if @p x is negative, otherwise an all-zero mask. 31977
dilithium_algos.h 3290
dilithium_constants.cpp 4287
dilithium_constants.h Algorithm constants and parameter-set dependent values 6460
dilithium_keys.cpp 1030
dilithium_keys.h 4195
dilithium_polynomial.h NIST FIPS 204, Algorithm 41 (NTT) Note: ntt(), inverse_ntt() and operator* have side effects on the montgomery factor of the involved coefficients! It is assumed that EXACTLY ONE vector or matrix multiplication is performed between transforming in and out of NTT domain. Produces the result of the NTT transformation without any montgomery factors in the coefficients. 4228
dilithium_shake
dilithium_symmetric_primitives.cpp 1406
dilithium_symmetric_primitives.h Wrapper type for the H() function calculating the message representative for the Dilithium signature scheme. This wrapper may be used multiple times. Namely: mu = H(tr || M) 8040
dilithium_types.h 3139
info.txt 452