pub fn masked_mat_vec_mul_lazy(
rho: &[u8; 32],
y_hat_m: &[MaskedPoly],
k: usize,
l: usize,
out: &mut [MaskedPoly],
)Expand description
Low-memory variant of masked_mat_vec_mul: recomputes each
a_hat[i][j] polynomial on-the-fly from the public seed rho
via SHAKE128 instead of holding the full k×l matrix in memory.
Trade-off identical to mat_vec_mul_lazy (dsa.rs): saves up to
57 KB of stack for the a_hat matrix at the cost of repeated
SHAKE128 invocations. Called from sign_internal when both
sca-masked-y and low-mem are enabled.