Number-Theoretic Transform specification #2088

atrieu · 2025-05-14T15:47:11Z

This is a new version of #1997 using the suggestions given there for specifying the NTT.

Specifically, this provides

a theory of univariate polynomials (src/NTT/Polynomial.v)
the algebraic form of the Chinese Remainder Theorem for polynomials (src/NTT/PolynomialCRT.v)
explicit formulas for computing the CRT when the polynomial modulus has the form X^2 - a^2 (src/NTT/PolynomialCRT.v)
the NTT as recursive applications of the CRT, also proved a ring isomorphism (src/NTT/NTT.v)
lower level Gallina code implementing the NTT that is proved correct and should be more amenable to code generation (src/NTT/GallinaNTT.v)

atrieu added 10 commits May 13, 2025 13:51

Ring isomorphism and compositions

456abdf

List isomorphism

c9567d3

Pquotl isomorphisms

e995961

Polynomial CRT

7f4f5ba

NTT spec is a ring isomorphism

47e3d87

NTT list style spec is a ring isomorphism

acc5b6e

Lower level gallina code for NTT

b6c8164

Forward NTT loop style

480448d

Inverse NTT loop style

11d5339

Clean up a bit and add more comments

346264d

atrieu mentioned this pull request May 14, 2025

Verified Bedrock2 code for Number-Theoretic Transform #1997

Closed

Delayed modular reduction for forward NTT

cbb4322

Provide feedback