NIKX-Tech/numx

[Public] Independent security review of the ntt module

Open

#68 opened on Jul 11, 2026

View on GitHub
 (0 comments) (0 reactions) (0 assignees)C (1 fork)github user discovery
help wantedsecurity

Repository metrics

Stars
 (4 stars)
PR merge metrics
 (PR metrics pending)

Description

Before building pqc (Kyber/Dilithium, #62) on top of numx_ntt_*, we would like independent review from anyone with cryptographic engineering experience.

What's already been done:

  • All 384 cryptographic constants (twiddle tables, Barrett reduction parameters) independently re-derived from scratch and verified against the implementation
  • The transform structure cross-checked against a naive O(n^2) reference multiplication over random inputs
  • Full test suite (329 NTT-adjacent tests) passing on 10 platform/toolchain combinations
  • The Barrett reduction canonicalization was originally branch-based (documented as a known constant-time gap); a branchless replacement was contributed by a reviewer on r/C_Programming (u/robchroma) and exhaustively verified against a % q for all 22,164,483 valid inputs before merging, see docs/algorithms/ntt.md#barrett-reduction

What we have not done: a formal security audit. The docs are explicit about this: "this is a numerical implementation of the NTT, not a formally audited cryptographic primitive."

If you have relevant experience and are willing to look at src/ntt.c and docs/algorithms/ntt.md, we would genuinely welcome findings here, timing side-channels beyond the one already fixed, edge cases in the modular arithmetic, or anything else. This module is the foundation the pqc module (#62) will be built on, so getting it right before that starts matters more than after.

Contributor guide