pub fn rej_bounded_poly(
rho_prime: &[u8; 64],
nonce: u16,
eta: usize,
) -> [i32; 256]Expand description
Generate a polynomial with small coefficients via rejection sampling.
Implements Algorithm 31 of FIPS 204 (RejBoundedPoly). Samples
coefficients in [-eta, eta] by reading half-bytes from a SHAKE256
stream seeded with rho_prime || nonce. Invalid half-byte values are
rejected.
rho_prime: 64-byte secret seed.nonce: 16-bit counter distinguishing different polynomials.eta: coefficient bound (2 or 4 depending on parameter set).
Returns a polynomial with coefficients in [-eta, eta].