perform the inverse transfrom in positive range

mjosaarinen · mjosaarinen · commit e15004e6c668 · 2025-10-11T22:09:33.000+01:00
Signed-off-by: Markku-Juhani O. Saarinen &lt;mjos@iki.fi&gt;
diff --git a/mlkem/src/native/riscv64/src/rv64v_poly.c b/mlkem/src/native/riscv64/src/rv64v_poly.c
@@ -349,6 +349,7 @@ void mlk_rv64v_poly_ntt(int16_t *r)
     u0 = __riscv_vadd_vv_i16m1(u0, u1, vl); \
     u0 = fq_csub(u0, vl);                   \
     u1 = fq_mul_vx(ut, uc, vl);             \
+    u1 = fq_cadd(u1, vl);                   \
   }
 
 #define MLK_RVV_BFLY_RV(u0, u1, ut, uc, vl) \
@@ -357,6 +358,7 @@ void mlk_rv64v_poly_ntt(int16_t *r)
     u0 = __riscv_vadd_vv_i16m1(u0, u1, vl); \
     u0 = fq_csub(u0, vl);                   \
     u1 = fq_mul_vv(ut, uc, vl);             \
+    u1 = fq_cadd(u1, vl);                   \
   }
 
 static vint16m2_t mlk_rv64v_intt2(vint16m2_t vp, vint16m1_t cz)
@@ -387,9 +389,10 @@ static vint16m2_t mlk_rv64v_intt2(vint16m2_t vp, vint16m1_t cz)
   t0 = __riscv_vget_v_i16m2_i16m1(vp, 0);
   t1 = __riscv_vget_v_i16m2_i16m1(vp, 1);
 
-  /*	initial reduction due to lack of input assumptions on INTT */
-  t0 = fq_mul_vx(t0, MLK_RVV_MONT_R1, vl);
-  t1 = fq_mul_vx(t1, MLK_RVV_MONT_R1, vl);
+  /*	move to positive range [0, q-1] for the reverse transform */
+  t0 = fq_mulq_vx(t0, MLK_RVV_MONT_R1, vl);
+  t1 = fq_mulq_vx(t1, MLK_RVV_MONT_R1, vl);
+
   c0 = __riscv_vrgather_vv_i16m1(cz, cs2, vl);
   MLK_RVV_BFLY_RV(t0, t1, vt, c0, vl);
 
@@ -415,9 +418,6 @@ static vint16m2_t mlk_rv64v_intt2(vint16m2_t vp, vint16m1_t cz)
   t0 = __riscv_vget_v_i16m2_i16m1(vp, 0);
   t1 = __riscv_vget_v_i16m2_i16m1(vp, 1);
 
-  /*    normalize first element  */
-  t0 = fq_mulq_vx(t0, MLK_RVV_MONT_R1, vl);
-
   vp = __riscv_vcreate_v_i16m1_i16m2(t0, t1);
 
   return vp;
