Skip to content

Commit

Permalink
More info in binomial sampler comment.
Browse files Browse the repository at this point in the history
  • Loading branch information
@xvzcf
xvzcf committed Jul 26, 2023
1 parent 456c3c9 commit d57cef1
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions specs/kyber/src/sampling.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,22 @@ impl KyberPolynomialRingElement {
/// The values v < 0 are mapped to the appropriate
/// `|parameters::KyberFieldElement|`.
///
/// The expected value is:
///
/// ```plaintext
/// E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + (ETA)Pr[ETA]
/// = 0 since Pr[-v] = Pr[v] when v < 0.
/// ```
///
/// And the variance is:
///
/// ```plaintext
/// Var(X) = E[(X - E[X])^2]
/// = E[X^2]
/// = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2^(2 * ETA))
/// = ETA / 2
/// ```
///
/// This function implements Algorithm 2 of the Kyber Round 3 specification,
/// which is reproduced below:
///
Expand Down

0 comments on commit d57cef1

Please sign in to comment.