github.com/cloudflare/circl@v1.5.0/kem/frodo/frodo640shake/noise.go (about)

     1  package frodo640shake
     2  
     3  const cdfTableLen = 13
     4  
     5  var cdfTable [cdfTableLen]uint16 = [cdfTableLen]uint16{4643, 13363, 20579, 25843, 29227, 31145, 32103, 32525, 32689, 32745, 32762, 32766, 32767}
     6  
     7  // Take a uniformly distributed sample, and produce a sample in the FrodoKEM
     8  // discrete Gaussian distribution using inverse transform sampling.
     9  func sample(sampled []uint16) {
    10  	for i := 0; i < len(sampled); i++ {
    11  		var gaussianSample uint16 = 0
    12  		sign := sampled[i] & 1
    13  		unifSample := sampled[i] >> 1
    14  
    15  		for j := 0; j < cdfTableLen-1; j++ {
    16  			gaussianSample += (cdfTable[j] - unifSample) >> 15
    17  		}
    18  		// If sign = 1, -sign = 0xFFFF and the bits of gaussianSample
    19  		// are flipped. Since gaussianSample is uint16, we have:
    20  		//
    21  		// flippedBits(gaussianSample) + 1 ≡ -gaussianSample (mod 2^16),
    22  		//
    23  		// and so the sign of gaussianSample is flipped.
    24  		sampled[i] = ((-sign) ^ gaussianSample) + sign
    25  	}
    26  }