pub fn sample_ntt(seed: &[u8; 34]) -> [i16; 256]Expand description
Sample a uniformly random NTT-domain polynomial (Algorithm 7: SampleNTT).
Uses SHAKE128 as an XOF (extendable output function) seeded with the
34-byte input seed = rho || j || i. Pairs of 12-bit candidates are
extracted from each 3-byte block and accepted if less than q = 3329
(rejection sampling).
Since the seed rho is public data, the variable-time rejection loop does not leak secret information through timing.
§Arguments
seed- A 34-byte XOF seed:rho (32 bytes) || column_index (1 byte) || row_index (1 byte).
§Returns
A 256-coefficient polynomial in NTT domain with coefficients in [0, q-1].