pub fn masked_mat_vec_mul(
a_hat: &[[[i32; 256]; 7]; 8],
y_hat_m: &[MaskedPoly],
k: usize,
l: usize,
out: &mut [MaskedPoly],
)Expand description
Masked matrix-vector multiplication in the NTT domain: for each
output row i, compute sum_j (A_hat[i][j] · y_hat_m[j]) as a
masked accumulator.
Since A_hat is public (derived from the public seed rho) and
the NTT is linear, each share is multiplied independently by the
same public matrix and accumulated into the corresponding output
share — no secret×secret operation occurs, so first-order shares
remain sufficient.
y_hat_m must have length ≥ l (the first l masked polynomials
are consumed). out must have length ≥ k.