On Wed, 29 Apr 2026 16:49:14 GMT, Ferenc Rakoczi <[email protected]> wrote:
> --------- > - [X] I confirm that I make this contribution in accordance with the [OpenJDK > Interim AI Policy](https://openjdk.org/legal/ai). For full disclosure, @mcpowers ran the ML-KEM encapsulation/decapsulation benchmarks with these changes, which exhibited a 9-17% performance improvement for the three key sizes. src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp line 6279: > 6277: // short[] result, short[] ntta, short[] nttb, short[] > zetas) {} > 6278: // > 6279: // The actual algorithm that is used here differs from the one in the > Java nit: copyright update src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 54: > 52: private static final int MONT_DIM_HALF_INVERSE = 1534; > 53: private static final int BARRETT_MULTIPLIER = 20159; > 54: private static final int BARRETT_ADDEND = 1665; nit: copyright update src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 1155: > 1153: int b1 = nttb[m + 1]; > 1154: long r = a1 * b1; > 1155: r = r - ((r * BARRETT_MULTIPLIER) >> BARRETT_SHIFT) * > ML_KEM_Q; For consistency, should this be `r -= (r * BARRETT_MULTIPLIER) >> BARRETT_SHIFT) * ML_KEM_Q;`? src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 1533: > 1531: for (int m = 0; m < ML_KEM_N; m++) { > 1532: tmp = poly[m]; > 1533: poly[m] = (short) (tmp - ((tmp * BARRETT_MULTIPLIER) >> > BARRETT_SHIFT) * ML_KEM_Q); Can this be simplified to `poly[m] -= (short) ((poly[m] * BARRETT_MULTIPLIER) >> BARRETT_SHIFT) * ML_KEM_Q;`? ------------- PR Review: https://git.openjdk.org/jdk/pull/30991#pullrequestreview-4208538709 PR Review Comment: https://git.openjdk.org/jdk/pull/30991#discussion_r3170852525 PR Review Comment: https://git.openjdk.org/jdk/pull/30991#discussion_r3171433588 PR Review Comment: https://git.openjdk.org/jdk/pull/30991#discussion_r3171433853 PR Review Comment: https://git.openjdk.org/jdk/pull/30991#discussion_r3171443753
