Skip to main content

MaskedPoly

quantica::ml_kem::masked

Struct MaskedPoly 

Source 
pub struct MaskedPoly {
    pub share0: [i16; 256],
    pub share1: [i16; 256],
}
Expand description

A polynomial split into two additive shares modulo q.

Maintains the invariant real_value[i] = (share0[i] + share1[i]) mod q for all i in 0..256. Neither share alone reveals any information about the underlying polynomial.

Both shares have coefficients in [0, q-1].

Fields§

§share0: [i16; 256]

First additive share of the polynomial.

§share1: [i16; 256]

Second additive share of the polynomial.

Implementations§

Source§

impl MaskedPoly

Source

pub fn mask( poly: &[i16; 256], rng: &mut impl CryptoRng, ) -> Result<Self, MlKemError>

Split a plaintext polynomial into two random additive shares.

Generates a uniformly random share1 from the RNG, then computes share0 = poly - share1 mod q. The random bytes are zeroized after use.

§Arguments
  • poly - The secret polynomial to mask (coefficients in [0, q-1]).
  • rng - A cryptographic RNG for generating the random share.
§Errors

Returns MlKemError::RngFailure if the RNG fails.

Source

pub fn unmask(&self) -> [i16; 256]

Reconstruct the plaintext polynomial from the two shares.

Computes (share0[i] + share1[i]) mod q for each coefficient. The resulting polynomial has coefficients in [0, q-1].

§Security note

The returned polynomial is unmasked and should be handled as secret data (zeroized after use).

Source

pub fn zeroize(&mut self)

Securely erase both shares via volatile writes.

Delegates to super::ntt::zeroize_poly for each share to ensure the optimizer cannot elide the writes.

Source

pub fn refresh(&mut self, rng: &mut impl CryptoRng) -> Result<(), MlKemError>

Re-randomize the shares without changing the unmasked value.

Draws a fresh random polynomial r and updates the shares: share0' = share0 - r mod q, share1' = share1 + r mod q. The sum is preserved: share0' + share1' = share0 + share1.

Refreshing prevents higher-order correlation buildup when the same masked polynomial is used in multiple operations.

§Errors

Returns MlKemError::RngFailure if the RNG fails.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.