Fix: change the MLD_INTT_BOUND to (3 * MLDSA_Q / 4), fix the debug test error

willieyz · willieyz · commit fbbfb9921d1c · 2025-09-17T10:26:09.000+08:00
Signed-off-by: willieyz &lt;willie.zhao@chelpis.com&gt;
diff --git a/mldsa/debug.h b/mldsa/debug.h
@@ -66,8 +66,9 @@ void mld_debug_check_bounds(const char *file, int line, const int32_t *ptr,
  * ptr: Base of array, expression of type int32_t*
  * len: Number of int32_t in array
  * value_abs_bd: Exclusive absolute upper bound */
-#define mld_assert_abs_bound(ptr, len, value_abs_bd) \
-  mld_assert_bound((ptr), (len), (-((int64_t)(value_abs_bd)) + 1), (value_abs_bd))
+#define mld_assert_abs_bound(ptr, len, value_abs_bd)               \
+  mld_assert_bound((ptr), (len), (-((int64_t)(value_abs_bd)) + 1), \
+                   (value_abs_bd))
 
 /* Version of bounds assertions for 2-dimensional arrays */
 #define mld_assert_bound_2d(ptr, len0, len1, value_lb, value_ub) \
diff --git a/mldsa/ntt.h b/mldsa/ntt.h
@@ -12,7 +12,7 @@
 /* Absolute exclusive upper bound for the output of the forward NTT */
 #define MLD_NTT_BOUND (9 * MLDSA_Q)
 /* Absolute exclusive upper bound for the output of the inverse NTT*/
-#define MLD_INTT_BOUND 4211139
+#define MLD_INTT_BOUND (3 * MLDSA_Q / 4)
 
 #define mld_ntt MLD_NAMESPACE(ntt)
 /*************************************************
diff --git a/mldsa/poly.c b/mldsa/poly.c
@@ -138,7 +138,7 @@ void mld_poly_invntt_tomont(mld_poly *a)
 {
   mld_assert_abs_bound(a->coeffs, MLDSA_N, MLDSA_Q);
   mld_intt_native(a->coeffs);
-  mld_assert_abs_bound(a->coeffs, MLDSA_N, MLDSA_Q);
+  mld_assert_abs_bound(a->coeffs, MLDSA_N, MLD_INTT_BOUND);
 }
 #endif /* MLD_USE_NATIVE_INTT */
 
diff --git a/mldsa/polyvec.c b/mldsa/polyvec.c
@@ -167,8 +167,7 @@ void mld_polyvecl_uniform_gamma1(mld_polyvecl *v,
 void mld_polyvecl_reduce(mld_polyvecl *v)
 {
   unsigned int i;
-  mld_assert_bound_2d(v->vec, MLDSA_L, MLDSA_N, INT32_MIN,
-                      REDUCE32_DOMAIN_MAX);
+  mld_assert_bound_2d(v->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);
 
   for (i = 0; i < MLDSA_L; ++i)
   __loop__(
@@ -203,8 +202,7 @@ void mld_polyvecl_add(mld_polyvecl *u, const mld_polyvecl *v)
   {
     mld_poly_add(&u->vec[i], &v->vec[i]);
   }
-  mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN,
-                      REDUCE32_DOMAIN_MAX);
+  mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);
 }
 
 void mld_polyvecl_ntt(mld_polyvecl *v)
@@ -240,7 +238,7 @@ void mld_polyvecl_invntt_tomont(mld_polyvecl *v)
     mld_poly_invntt_tomont(&v->vec[i]);
   }
 
-  mld_assert_abs_bound_2d(v->vec, MLDSA_L, MLDSA_N, MLD_NTT_BOUND);
+  mld_assert_abs_bound_2d(v->vec, MLDSA_L, MLDSA_N, MLD_INTT_BOUND);
 }
 
 void mld_polyvecl_pointwise_poly_montgomery(mld_polyvecl *r, const mld_poly *a,
@@ -350,8 +348,7 @@ uint32_t mld_polyvecl_chknorm(const mld_polyvecl *v, int32_t bound)
 void mld_polyveck_reduce(mld_polyveck *v)
 {
   unsigned int i;
-  mld_assert_bound_2d(v->vec, MLDSA_K, MLDSA_N, INT32_MIN,
-                      REDUCE32_DOMAIN_MAX);
+  mld_assert_bound_2d(v->vec, MLDSA_K, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);
 
   for (i = 0; i < MLDSA_K; ++i)
   __loop__(
@@ -405,8 +402,7 @@ void mld_polyveck_add(mld_polyveck *u, const mld_polyveck *v)
   {
     mld_poly_add(&u->vec[i], &v->vec[i]);
   }
-  mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN,
-                      REDUCE32_DOMAIN_MAX);
+  mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);
 }
 
 void mld_polyveck_sub(mld_polyveck *u, const mld_polyveck *v)
@@ -427,8 +423,7 @@ void mld_polyveck_sub(mld_polyveck *u, const mld_polyveck *v)
     mld_poly_sub(&u->vec[i], &v->vec[i]);
   }
 
-  mld_assert_bound_2d(u->vec, MLDSA_K, MLDSA_N, INT32_MIN,
-                      REDUCE32_DOMAIN_MAX);
+  mld_assert_bound_2d(u->vec, MLDSA_K, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);
 }
 
 void mld_polyveck_shiftl(mld_polyveck *v)
@@ -483,7 +478,7 @@ void mld_polyveck_invntt_tomont(mld_polyveck *v)
     mld_poly_invntt_tomont(&v->vec[i]);
   }
 
-  mld_assert_abs_bound_2d(v->vec, MLDSA_K, MLDSA_N, MLD_NTT_BOUND);
+  mld_assert_abs_bound_2d(v->vec, MLDSA_K, MLDSA_N, MLD_INTT_BOUND);
 }
 
 void mld_polyveck_pointwise_poly_montgomery(mld_polyveck *r, const mld_poly *a,

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ void mld_poly_invntt_tomont(mld_poly *a)`
`138`	`138`	`{`
`139`	`139`	`mld_assert_abs_bound(a->coeffs, MLDSA_N, MLDSA_Q);`
`140`	`140`	`mld_intt_native(a->coeffs);`
`141`		`- mld_assert_abs_bound(a->coeffs, MLDSA_N, MLDSA_Q);`
	`141`	`+ mld_assert_abs_bound(a->coeffs, MLDSA_N, MLD_INTT_BOUND);`
`142`	`142`	`}`
`143`	`143`	`#endif /* MLD_USE_NATIVE_INTT */`
`144`	`144`
Original file line number	Diff line number	Diff line change
`@@ -167,8 +167,7 @@ void mld_polyvecl_uniform_gamma1(mld_polyvecl *v,`
`167`	`167`	`void mld_polyvecl_reduce(mld_polyvecl *v)`
`168`	`168`	`{`
`169`	`169`	`unsigned int i;`
`170`		`- mld_assert_bound_2d(v->vec, MLDSA_L, MLDSA_N, INT32_MIN,`
`171`		`- REDUCE32_DOMAIN_MAX);`
	`170`	`+ mld_assert_bound_2d(v->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);`
`172`	`171`
`173`	`172`	`for (i = 0; i < MLDSA_L; ++i)`
`174`	`173`	`__loop__(`
`@@ -203,8 +202,7 @@ void mld_polyvecl_add(mld_polyvecl u, const mld_polyvecl v)`
`203`	`202`	`{`
`204`	`203`	`mld_poly_add(&u->vec[i], &v->vec[i]);`
`205`	`204`	`}`
`206`		`- mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN,`
`207`		`- REDUCE32_DOMAIN_MAX);`
	`205`	`+ mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);`
`208`	`206`	`}`
`209`	`207`
`210`	`208`	`void mld_polyvecl_ntt(mld_polyvecl *v)`
`@@ -240,7 +238,7 @@ void mld_polyvecl_invntt_tomont(mld_polyvecl *v)`
`240`	`238`	`mld_poly_invntt_tomont(&v->vec[i]);`
`241`	`239`	`}`
`242`	`240`
`243`		`- mld_assert_abs_bound_2d(v->vec, MLDSA_L, MLDSA_N, MLD_NTT_BOUND);`
	`241`	`+ mld_assert_abs_bound_2d(v->vec, MLDSA_L, MLDSA_N, MLD_INTT_BOUND);`
`244`	`242`	`}`
`245`	`243`
`246`	`244`	`void mld_polyvecl_pointwise_poly_montgomery(mld_polyvecl r, const mld_poly a,`
`@@ -350,8 +348,7 @@ uint32_t mld_polyvecl_chknorm(const mld_polyvecl *v, int32_t bound)`
`350`	`348`	`void mld_polyveck_reduce(mld_polyveck *v)`
`351`	`349`	`{`
`352`	`350`	`unsigned int i;`
`353`		`- mld_assert_bound_2d(v->vec, MLDSA_K, MLDSA_N, INT32_MIN,`
`354`		`- REDUCE32_DOMAIN_MAX);`
	`351`	`+ mld_assert_bound_2d(v->vec, MLDSA_K, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);`
`355`	`352`
`356`	`353`	`for (i = 0; i < MLDSA_K; ++i)`
`357`	`354`	`__loop__(`
`@@ -405,8 +402,7 @@ void mld_polyveck_add(mld_polyveck u, const mld_polyveck v)`
`405`	`402`	`{`
`406`	`403`	`mld_poly_add(&u->vec[i], &v->vec[i]);`
`407`	`404`	`}`
`408`		`- mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN,`
`409`		`- REDUCE32_DOMAIN_MAX);`
	`405`	`+ mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);`
`410`	`406`	`}`
`411`	`407`
`412`	`408`	`void mld_polyveck_sub(mld_polyveck u, const mld_polyveck v)`
`@@ -427,8 +423,7 @@ void mld_polyveck_sub(mld_polyveck u, const mld_polyveck v)`
`427`	`423`	`mld_poly_sub(&u->vec[i], &v->vec[i]);`
`428`	`424`	`}`
`429`	`425`
`430`		`- mld_assert_bound_2d(u->vec, MLDSA_K, MLDSA_N, INT32_MIN,`
`431`		`- REDUCE32_DOMAIN_MAX);`
	`426`	`+ mld_assert_bound_2d(u->vec, MLDSA_K, MLDSA_N, INT32_MIN, REDUCE32_DOMAIN_MAX);`
`432`	`427`	`}`
`433`	`428`
`434`	`429`	`void mld_polyveck_shiftl(mld_polyveck *v)`
`@@ -483,7 +478,7 @@ void mld_polyveck_invntt_tomont(mld_polyveck *v)`
`483`	`478`	`mld_poly_invntt_tomont(&v->vec[i]);`
`484`	`479`	`}`
`485`	`480`
`486`		`- mld_assert_abs_bound_2d(v->vec, MLDSA_K, MLDSA_N, MLD_NTT_BOUND);`
	`481`	`+ mld_assert_abs_bound_2d(v->vec, MLDSA_K, MLDSA_N, MLD_INTT_BOUND);`
`487`	`482`	`}`
`488`	`483`
`489`	`484`	`void mld_polyveck_pointwise_poly_montgomery(mld_polyveck r, const mld_poly a,`