Polynomial multiplication in R_q = Z_q[X] / (X^N + 1) for cyclotomic ring lattices. Building block for ML-KEM (LP-072), ML-DSA (LP-070), TFHE (LP-013/066) and Pulsar (LP-073). Implements both schoolbook (small N) and NTT-based fast multiplication (LP-029) with batched GPU kernels.
R_q = Z_q / (X^N + 1) for power-of-2 Nq per upstream scheme:q = 3329q = 8380417q = 2^64N | (q - 1)/2 (negacyclic root of unity exists)N (≤ 64)N not amenable to NTT modulusmldsa, mlkem)ring.NTTlux/crypto/poly_mul/test/kat_*.jsonlux/crypto/poly_mul/{schoolbook,ntt}.gogithub.com/luxfi/crypto/poly_mul @ v1.18.3luxcpp/crypto/poly_mul/cpp/poly_mul.{hpp,cpp} (depends on luxcpp/crypto/ntt)luxcpp/crypto/poly_mul/c-abi/poly_mul_capi.hlibpoly_mul.aluxcpp/crypto/poly_mul/gpu/metal/poly_mul.metal — fused NTT + pointwise + INTT under the canonical lattice dispatcherluxcpp/crypto/poly_mul/gpu/cuda/poly_mul.culuxcpp/crypto/poly_mul/gpu/wgsl/poly_mul.wgsl(N, q) configurations; PASS.pqcrystals-{mldsa,mlkem}/poly) — vendored test-onlyring.NTT (Go, FetchContent test-only)q = 2^64 reduction trivial (machine-word truncation)