AddLazyVec evaluates p3 = p1 + p2.

AddScalarLazyThenNegateTwoModulusLazyVec evaluates p2 = scalar + 2*modulus - p1.

AddScalarLazyVec evaluates p2 = p1 + scalar.

AddScalarThenMulScalarMontgomeryReduceVec evaluates p3 = (p1+scalar0) * scalarMont1 * 2^{64}^{-1} % modulus (with Montgomery reduction).

AddScalarVec evaluates p2 = p1 + scalar - modulus if p2 >= modulus.

AddThenMulScalarMontgomeryReduce evaluates p3 = (p1 + p2) * scalar * 2^{64}^{-1} % modulus (with Montgomery reduction).

AddVec evaluates p3 = p1 + p2 - modulus if p3 >= modulus.

AutomorphismNTTIndex computes the look-up table for the automorphism X^{i} -> X^{i*k mod NthRoot}.

BarrettReduceLazyVec evaluates p2 = p1 % modulus with Barrett reduction.

BarrettReduceVec evaluates p2 = p1 % modulus with Barret reduction.

BRed computes x*y mod q.

BRedAdd computes a mod q.

BRedAddLazy computes a mod q in constant time.

BRedLazy computes x*y mod q in constant time.

CenterModU64Vec evaluates p2 = p1 - w if p1 >= (w>>1) % 2^{64} p1, p2 must be of the same size.

CheckFactors checks that the given list of factors contains all the unique primes of m.

CheckPrimitiveRoot checks that g is a valid primitive root mod q, given the factors of q-1.

CRed reduce returns a mod q where a is between 0 and 2*q-1.

DecomposeSigned returns the i-th signed digit base 2^{w} of p1 on p2.

DecomposeSignedBalanced returns the i-th signed digit base 2^{w} of p1 on p2 The method will read the carry of the i-1-th iteration and write the carry on the i-th iteration on the operand "carry".

DecomposeUnsigned returns the i-th unsigned digit base 2^{w} of p1 on p2.

EvalPolyModP evaluates y = sum poly[i] * x^{i} mod p.

ExtendBasisSmallNorm extends a small-norm polynomial pQ in R_Q to pP in R_P.

GetBRedConstant returns the breconstant for the BRed algorithm.

GetMRedConstant returns the constant mredconstant = (q^-1) mod 2^64 required for MRed.

HenselLift returns (psi + a * P)^{m} = 1 mod P^{k} given psi^{m} = 1 mod P.

IMForm switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q.

IMFormLazy switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q in constant time.

IMFormVec evaluates p2 = p1 * (2^{64})^{-1} % modulus (with Montgomery reduction).

INTTConjugateInvariant evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

INTTConjugateInvariantLazy evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].

INTTStandard computes the backward NTT in the given [Ring].

INTTStandardLazy backward NTT in the given [Ring] with p2 in [0, 2*modulus-1].

IsPrime applies the Baillie-PSW, which is 100% accurate for numbers bellow 2^64.

MaskThenAddVec evaluates p2 += (p1>>w) & mask.

MaskVec evaluates p2 = (p1>>w) & mask.

MForm switches a to the Montgomery domain by computing a*2^64 mod q.

MFormLazy switches a to the Montgomery domain by computing a*2^64 mod q in constant time.

MFormLazyVec evaluates p2 = p1 * 2^{64} % modulus (with Barrett reduction).

MFormVec evaluates p2 = p1 * 2^{64} % modulus (with Barrett reduction).

Min returns the minimum between to int.

ModExp return y = x^e mod q, x and p are required to be at most 64 bits to avoid an overflow.

ModExpMontgomery performs the modular exponentiation x^e mod p, where x is in Montgomery form, and returns x^e in Montgomery form.

ModExpPow2 performs the modular exponentiation x^e mod p, where p is a power of two, x and p are required to be at most 64 bits to avoid an overflow.

ModUpExact takes p1 mod Q and switches its basis to P, returning the result on p2.

MRed computes x * y * (1/2^64) mod q.

MRedLazy computes x * y * (1/2^64) mod q in constant time.

MulBarrettReduceLazyVec evaluates p3 = p1 * p2 % modulus.

MulBarrettReduceThenAddLazyVec evaluates p3 += p1 * p2 % modulus (with Barrett reduction).

MulBarrettReduceThenAddVec evaluates p3 += p1 * p2 % modulus (Barrett reduction) - modulus if p3 >= modulus.

MulBarrettReduceVec evaluates p3 = p1 * p2 % modulus with Barrett reduction.

MulMontgomeryReduceLazyThenAddLazyVec evaluates p3 += p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceLazyThenNegLazyVec evaluates p3 = 2*modulus - p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceLazyThenSubLazyVec evaluates p3 += modulus - p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceLazyVec evaluates p3 = p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceThenAddLazyVec evaluates p3 += p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceThenAddVec evaluates p3 += p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction) - modulus if p3 >= modulus.

MulMontgomeryReduceThenSubLazyVec evaluates p3 += modulus - p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulMontgomeryReduceThenSubVec evaluates p3 = p3 + modulus - p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction) - modulus if p3 >= modulus.

MulMontgomeryReduceVec evaluates p3 = p1 * p2 * 2^{64}^{-1} % modulus (with Montgomery reduction).

MulScalarMontgomeryReduceLazyVec evaluates p2 = p1 * scalarMont (with Montgomery reduction).

MulScalarMontgomeryReduceThenAddScalarVec evaluates p2 = p1 * scalarMont * 2^{64}^{-1} + scalar0 (with Montgomery reduction) - modulus if p2 >= modulus.

MulScalarMontgomeryReduceThenAddVec evaluates p2 += p1 * scalarMont (with Montgomery reduction) - modulus if p2 >= modulus.

MulScalarMontgomeryReduceVec evaluates p2 = p1 * scalarMont (with Montgomery reduction).

MulThenAddLazyVec evaluates p3 += p1 * p2.

MulVec evaluates p3 = p1 * p2.

NegVec evaluates p2 = modulus - p1.

NewDecomposer creates a new Decomposer.

NewGaussianSampler creates a new instance of [GaussianSampler] from a [sampling.Source], a moduli chain and a [DiscreteGaussian] distribution parameter.

NewInterpolator creates a new Interpolator.

NewMatrix allocates a new [ring.Matrix].

NewNTTFriendlyPrimesGenerator instantiates a new NTTFriendlyPrimesGenerator.

NewPoint allocates a new [Point].

NewPoly allocates a new [Poly] of N coefficients.

NewRing creates a new [Ring] with the standard NTT.

NewRingWithCustomNTT creates a new [Ring] with degree N and modulus Modulus with user-defined [NumberTheoreticTransformer] and primitive Nth root of unity.

NewRNSPoly creates a new polynomial with N coefficients set to zero and Level+1 moduli.

NewRNSRing creates a new [RNSRing] with degree N and coefficient moduli Moduli with Standard NTT.

NewRNSRingConjugateInvariant creates a new RNS Ring with degree N and coefficient moduli Moduli with Conjugate Invariant NTT.

NewRNSRingFromRings returns a new [Ring] instantiated with the provided Rings.

NewRNSRingFromType creates a new RNS Ring with degree N and coefficient moduli Moduli for which the type of NTT is determined by the ringType argument.

NewRNSRingWithCustomNTT creates a new RNS Ring with degree N and coefficient moduli Moduli with user-defined NTT transform and primitive Nth root of unity.

NewSampler instantiates a new [Sampler] interface from the provided [rand.Source], modulic chain and [DistributionParameters].

NewTernarySampler creates a new instance of [TernarySampler] from a [sampling.Source], a moduli chain and and a ternary distribution parameters (see type [Ternary]).

NewUniformSampler creates a new instance of UniformSampler from a [sampling.Source] and a list of moduli.

NewVector allocates a new [ring.Vector].

NTTConjugateInvariant evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

NTTConjugateInvariantLazy evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].

NTTStandard computes the forward NTT in the given [Ring].

NTTStandardLazy computes the forward NTT in the given [Ring] with p2 in [0, 2*modulus-1].

OneVec evaluates p1 = 1.

PolyToBigintCentered reconstructs [p]_{QP} and returns the result in an array of Int.

PrimitiveRoot computes the smallest primitive root of the given prime q The unique factors of q-1 can be given to speed up the search for the root.

ReconstructModP takes p1 mod Q and switches its basis to P, returning the result on p2.

RShiftVec evaluates p2 = p1>>w.

SubLazyVec evaluates p3 = p1 + modulus - p2.

SubScalarVec evaluates p2 = p1 + modulus - scalar.

SubToModulusThenMulScalarMontgomeryReduceVec evaluates p3 = (2*modulus - p2 + p1) * scalarMont * (2^{64})^{-1} (with Montgomery reduction).

SubVec evaluates p3 = p1 + modulus - p2 - modulus if (p1 + modulus - p2) >= modulus.

ZeroVec evaluates p1 = 0.

Z[X+X^-1]/(X^2N + 1).

GaloisGen is an integer of order N/2 modulo M that spans Z_M with the integer -1.

MinimumRingDegreeForLoopUnrolledNTT is the minimum ring degree necessary for memory safe loop unrolling.

MinimumRingDegreeForLoopUnrolledOperations is the minimum ring degree required to safely perform loop-unrolled operations.

Z[X]/(X^N + 1) (Default).

Pi60 are the next [32:64] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}.

Qi60 are the first [0:32] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}.

Decomposer is a structure that stores the parameters of the arbitrary decomposer.

DiscreteGaussian represents the parameters of a discrete Gaussian distribution with standard deviation Sigma and bounds [-Bound, Bound].

GaussianSampler keeps the state of a truncated Gaussian polynomial sampler.

Interpolator is a struct storing the necessary buffer and pre-computation for polynomial interpolation with coefficient in finite fields.

Matrix is a struct storing a matrix of polynomials modulo in basis Q and P.

ModUpConstants stores the necessary parameters for RNS basis extension.

NTTFriendlyPrimesGenerator is a struct used to generate NTT friendly primes.

NTTTable store all the constants that are specifically tied to the NTT.

NumberTheoreticTransformerConjugateInvariant computes the NTT in the ring Z[X+X^-1]/(X^2N+1).

NumberTheoreticTransformerStandard computes the standard nega-cyclic NTT in the ring Z[X]/(X^N+1).

Parameters is a struct storing test parameters for the package Ring.

Point is a struct storing a polynomial in basis Q and P.

Ring is a struct storing precomputation for fast modular reduction and NTT for a given modulus.

Ternary represent the parameters of a distribution with coefficients in [-1, 0, 1].

TernarySampler keeps the state of a polynomial sampler in the ternary distribution.

Uniform represents the parameters of a uniform distribution i.e., with coefficients uniformly distributed in the given ring.

UniformSampler wraps a util.PRNG and represents the state of a sampler of uniform polynomials.

Vector is a struct storing a vector of [ring.RNSPoly] in basis Q and P.

DistributionParameters is an interface for distribution parameters in the ring.

NumberTheoreticTransformer is an interface to provide flexibility on what type of NTT is used by the struct Ring.

Sampler is an interface for random polynomial samplers.

Poly is a structure storing the coefficients of a polynomial.

RNSPoly is the structure that contains the coefficients of an RNS polynomial.

RNSRing is a struct regrouping a set o.

RNSScalar represents a scalar value in the Ring (i.e., a degree-0 polynomial) in RNS form.

Type is the type of ring used by the cryptographic scheme.