Repository metrics
- Stars
- (4 stars)
- PR merge metrics
- (PR metrics pending)
Description
Before building pqc (Kyber/Dilithium, #62) on top of numx_ntt_*, we would like independent review from anyone with cryptographic engineering experience.
What's already been done:
- All 384 cryptographic constants (twiddle tables, Barrett reduction parameters) independently re-derived from scratch and verified against the implementation
- The transform structure cross-checked against a naive O(n^2) reference multiplication over random inputs
- Full test suite (329 NTT-adjacent tests) passing on 10 platform/toolchain combinations
- The Barrett reduction canonicalization was originally branch-based (documented as a known constant-time gap); a branchless replacement was contributed by a reviewer on r/C_Programming (u/robchroma) and exhaustively verified against a % q for all 22,164,483 valid inputs before merging, see docs/algorithms/ntt.md#barrett-reduction
What we have not done: a formal security audit. The docs are explicit about this: "this is a numerical implementation of the NTT, not a formally audited cryptographic primitive."
If you have relevant experience and are willing to look at src/ntt.c and docs/algorithms/ntt.md, we would genuinely welcome findings here, timing side-channels beyond the one already fixed, edge cases in the modular arithmetic, or anything else. This module is the foundation the pqc module (#62) will be built on, so getting it right before that starts matters more than after.