NIKX-Tech/numx

[Public] Independent security review of the ntt module

Open

#68 aperta il 11 lug 2026

Vedi su GitHub
 (0 commenti) (0 reazioni) (0 assegnatari)C (1 fork)github user discovery
help wantedsecurity

Metriche repository

Star
 (4 star)
Metriche merge PR
 (Metriche PR in attesa)

Descrizione

Before building pqc (Kyber/Dilithium, #62) on top of numx_ntt_*, we would like independent review from anyone with cryptographic engineering experience.

What's already been done:

  • All 384 cryptographic constants (twiddle tables, Barrett reduction parameters) independently re-derived from scratch and verified against the implementation
  • The transform structure cross-checked against a naive O(n^2) reference multiplication over random inputs
  • Full test suite (329 NTT-adjacent tests) passing on 10 platform/toolchain combinations
  • The Barrett reduction canonicalization was originally branch-based (documented as a known constant-time gap); a branchless replacement was contributed by a reviewer on r/C_Programming (u/robchroma) and exhaustively verified against a % q for all 22,164,483 valid inputs before merging, see docs/algorithms/ntt.md#barrett-reduction

What we have not done: a formal security audit. The docs are explicit about this: "this is a numerical implementation of the NTT, not a formally audited cryptographic primitive."

If you have relevant experience and are willing to look at src/ntt.c and docs/algorithms/ntt.md, we would genuinely welcome findings here, timing side-channels beyond the one already fixed, edge cases in the modular arithmetic, or anything else. This module is the foundation the pqc module (#62) will be built on, so getting it right before that starts matters more than after.

Guida contributor