Open itzmeanjan opened 3 months ago
:wave:
I was looking at the standard branch's crypto_kem_enc_derand function https://github.com/pq-crystals/kyber/blob/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37/ref/kem.c#L59-L96
standard
crypto_kem_enc_derand
and I wonder why doesn't it conform to NIST draft standard FIPS 203, specifically line 984-985 in https://doi.org/10.6028/NIST.FIPS.203.ipd ?
I'd expect it to fail, if any coefficient of polynomial vector is not reduced modulo prime 3329.
:wave:
I was looking at the
standardbranch'scrypto_kem_enc_derandfunction https://github.com/pq-crystals/kyber/blob/d1321ce5ac0b53f583eb47a040dc3625ee8e7e37/ref/kem.c#L59-L96and I wonder why doesn't it conform to NIST draft standard FIPS 203, specifically line 984-985 in https://doi.org/10.6028/NIST.FIPS.203.ipd ?
I'd expect it to fail, if any coefficient of polynomial vector is not reduced modulo prime 3329.