Module sample 

Sampling algorithms for matrix, secret, and masking generation. Sampling algorithms for ML-DSA (FIPS 204, Algorithms 29-34).

Provides functions to sample polynomials and polynomial vectors from various distributions using SHAKE-based extendable output functions. All sampling routines use rejection sampling to ensure uniform output. All returned data lives on the stack (no heap allocations).

Functions

expand_a

Expand the public matrix A in NTT domain from a seed.

expand_mask

Expand the masking vector y from a seed and counter.

expand_s

Expand the secret vectors s1 and s2 from a seed.

rej_bounded_poly

Generate a polynomial with small coefficients via rejection sampling.

rej_ntt_poly

Generate an NTT-domain polynomial via rejection sampling.

sample_in_ball

Sample a sparse challenge polynomial with exactly tau non-zero entries.