fft decoupled from kex_rlwe_bcns15

[tlepoint]

I suggest the FFT to be decoupled from kex_rlwe_bcns15 (and even from the name "rlwe") itself, as it could be used in implementations of different primitives (several kex, signatures, encryption, etc.).

[dstebila]

Do you think that the FFT code is sufficiently generic to be useful to other primitives?

[tlepoint]

The thing is that the FFT / NTT could be useful for BCNS15, New Hope, BLISS, NTRU, and the probable powers-of-2 ring-based schemes that will come during the NIST standardization process.

More generally, the question is: what do you want to do with this library? If the open implementations are just wrapped in this library, then it could be okay to not have these operations broadly available, but if the schemes are reimplemented, then it makes sense to decouple it.

[dstebila]

I had originally been planning to focus on wrapping open implementations in this library. The scope seemed large enough without trying to maintain a general purpose library. But with more interest coming in, perhaps that's plausible.

@christianpaquin , you're going to be working on porting MSR's NewHope NTT improvements. Do you think there's value in trying to pull out the FFT and NTT code as its own component? Is the code sufficiently general to be reusable by multiple algorithms?

[christianpaquin]

Not sure; I'd need to consult with the library author. A lot of these librairies are regularly improved, and it might be difficult to coordinate the efforts of the corresponding research teams. Although code sharing is a good idea, it might be a bit early to do so.

[tlepoint]

Ok, we can start by having one FFT/NTT per library, but I think eventually it should be shared ;)

[dstebila]

Makes sense: when we get to the point of being able to generalize/abstract, let's do so, but not do so before it's needed.