Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Difference between matacc_opt32() and matacc_cache32() #390

Open
rsk2002 opened this issue Mar 3, 2025 · 1 comment
Open

Difference between matacc_opt32() and matacc_cache32() #390

rsk2002 opened this issue Mar 3, 2025 · 1 comment

Comments

@rsk2002
Copy link

rsk2002 commented Mar 3, 2025

Hi,

The difference I see is that in matacc_cache32() function zetas is used, but in matacc_opt32() function zetas is not used. Can any one please help me understand the functional difference between these two functions. Also, can anyone please help me to understand the significance of zetas.

Thank you

Image
@mkannwischer
Copy link
Contributor

mkannwischer commented Mar 3, 2025
edited
Loading

This is a trick from https://eprint.iacr.org/2021/986 - it's called asymmetric multiplication in that paper.
In the basemul one has to compute:

c0 = a1 * b1 * zeta + a0 * b0
c1 = a0 * b1 + a1 * b0

Now if b is used in multiple polynomial multiplications, one can compute b1 * zeta only once and cache the result.
You can either do this by merging it into the NTT (as proposed in the paper), or you merge it into first use of it (that's done in the M4 code you are looking at).

matacc_cache32() will write the result of b1 * zeta into b_prime, while matacc_opt32 consumes it from b_prime and hence does not need any zetas.

Does that make sense?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkannwischer @rsk2002