From f80b12a24ff2552668a520bbc24d6d6e5fd594f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@rohde-schwarz.com>
Date: Thu, 15 Aug 2024 18:00:49 +0200
Subject: [PATCH] WIP

---
 .../dilithium/dilithium_common/dilithium_polynomial.h      | 7 ++-----
 .../dilithium/dilithium_modern/ml_dsa_ipd/ml_dsa_ipd.h     | 3 ++-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/lib/pubkey/dilithium/dilithium_common/dilithium_polynomial.h b/src/lib/pubkey/dilithium/dilithium_common/dilithium_polynomial.h
index 398e7ca34ad..e20c9bcaff7 100644
--- a/src/lib/pubkey/dilithium/dilithium_common/dilithium_polynomial.h
+++ b/src/lib/pubkey/dilithium/dilithium_common/dilithium_polynomial.h
@@ -23,9 +23,6 @@ class DilithiumPolyTraits final : public CRYSTALS::Trait_Base<DilithiumConstants
    private:
       friend class CRYSTALS::Trait_Base<DilithiumConstants, DilithiumPolyTraits>;
 
-      /**
-       * NIST FIPS 204 IPD, Algorithm 37 (Montgomery_Reduce)
-       */
       static constexpr T montgomery_reduce_coefficient(T2 a) {
          const T2 t = static_cast<T>(static_cast<T2>(static_cast<T>(a)) * Q_inverse);
          return (a - static_cast<T2>(t) * Q) >> (sizeof(T) * 8);
@@ -40,7 +37,7 @@ class DilithiumPolyTraits final : public CRYSTALS::Trait_Base<DilithiumConstants
 
    public:
       /**
-       * NIST FIPS 204 IPD, Algorithm 35 (NTT)
+       * NIST FIPS 204, Algorithm 41 (NTT)
        *
        * Note: ntt(), inverse_ntt() and operator* have side effects on the
        *       montgomery factor of the involved coefficients!
@@ -68,7 +65,7 @@ class DilithiumPolyTraits final : public CRYSTALS::Trait_Base<DilithiumConstants
       }
 
       /**
-       * NIST FIPS 204 IPD, Algorithm 36 (NTT^-1).
+       * NIST FIPS 204, Algorithm 42 (NTT^-1).
        *
        * The output is effectively multiplied by the montgomery parameter 2^32
        * mod q so that the input factors 2^(-32) mod q are eliminated. Note
diff --git a/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/ml_dsa_ipd.h b/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/ml_dsa_ipd.h
index 60bc270e8d8..09e33a51f9f 100644
--- a/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/ml_dsa_ipd.h
+++ b/src/lib/pubkey/dilithium/dilithium_modern/ml_dsa_ipd/ml_dsa_ipd.h
@@ -56,7 +56,8 @@ class Dilithium_ML_DSA_IPD_Symmetric_Primitives : public Dilithium_Common_Symmet
 
       StrongSpan<const DilithiumCommitmentHash> truncate_commitment_hash(
          StrongSpan<const DilithiumCommitmentHash> seed) const override {
-         // TODO: ML-DSA does not truncate the commitment hash
+         // TODO: ML-DSA does not truncate the commitment hash, so we could
+         //       simply "return seed" here;
          return StrongSpan<const DilithiumCommitmentHash>(
             seed.get().first(DilithiumConstants::COMMITMENT_HASH_C1_BYTES));
       };