Hi,
We are trying to implement LWE encryption using the structure of Crystals-Dilithium :
-- Our vectors and the data types are same as that of the Crystals-Dilithium Library
--- Q , invQ and all constants are same.
-- We are using Shake to compute A , s1 and s2
The only problem occurs during decryption:
We have public key : bt= As1+s2
Encryption : u= Ar ; c= bt r + bit.q/2
Decryption: c-s1u= bt r + bit.q/2 - s1 Ar = As1r + s2r + bit.q/2 - s1Ar
We suspect that reduce() is causing the non cancellation of the bigger terms during decryption and we are not getting the final value as : s2r + bit.q/2.
Hi, We are trying to implement LWE encryption using the structure of Crystals-Dilithium : -- Our vectors and the data types are same as that of the Crystals-Dilithium Library --- Q , invQ and all constants are same. -- We are using Shake to compute A , s1 and s2
The only problem occurs during decryption: We have public key : bt= As1+s2 Encryption : u= Ar ; c= bt r + bit.q/2
Decryption: c-s1u= bt r + bit.q/2 - s1 Ar = As1r + s2r + bit.q/2 - s1Ar
NTT multiplication :+1: public key : ntt(s1), polypointwise(bt,a, S1) , polyvec_add(bt, s2) , reduce (bt) u= ntt(r) , polypointwise(u, A, r) c: polypointwise(c1,bt, r), reduce(c1), polyvec_add( c1. bit.q/2) polyreduce(c) invntt_to_mont(c)
Decryption: d1= polypointwise(s, u) , reduce(d1) , invntt(d1) d= poly_sub(c, d1)
We suspect that reduce() is causing the non cancellation of the bigger terms during decryption and we are not getting the final value as : s2r + bit.q/2.
How do you suggest we tackle this issue?