update with magician thread

EIPS/eip-9374.md

@@ -2,8 +2,8 @@
 eip: 9374
 title: Precompile for NTT operations
 description: Proposal to add a precompiled contract that performs number theoretical transformation (NTT) and inverse (InvNTT).
-author: Renaud Dubois (rdubois-crypto) <renaud.dubois.fr@gmail.com>, Simon Masson <simon.masson@yahoo.fr> 
-discussions-to: https://ethresear.ch/t/ntt-as-postquantum-and-starks-settlements-helper-precompile/21775
+author: Renaud Dubois (@rdubois-crypto), Simon Masson (@simonmasson)
+discussions-to: https://ethereum-magicians.org/t/eip-9374-precompile-for-ntt-operations/22895
 status: Draft
 type: Standards Track
 category: Core
@@ -34,18 +34,25 @@ With the release of Willow cheap, the concern for quantum threat against Ethereu
 We introduce *four* separate precompiles to perform the following operations:
 
 - NTT_FW - to perform the forward NTT transformation (Negative wrap convolution) with a gas cost of `600` gas,
+
 - NTT_INV - to perform the inverse NTT transformation (Negative wrap convolution) with a gas cost of `600` gas,
+
 - NTT_VECMULMOD - to perform vectorized modular multiplication with a gas cost formula defined in the corresponding section,
+
 - NTT_VECADDMOD - to perform vectorized modular addition with a gas cost formula defined in the corresponding section.
 
 
 ### Field parameters
 
 The NTT_FW and NTT_INV are fully defined  by the following set of parameters. 
 Let $R$ be a cyclotomic ring of the form $R=\mathbb F_q[X]/(X^n+1)$. In these notations,
+
 - $n$ is the degree and is a power of 2,
+
 - $\mathbb F_q$ is the prime field where $q=1 \mod 2n$,
+
 - $\omega$ is a $n$-th root of unity in $\mathbb F_q$,
+
 - $\psi$ is a $2n$-th root of unity in $\mathbb F_q$.
 
 Any element $a \in R$ is a polynomial of degree at most $n-1$ with integer coefficients, written
@@ -86,6 +93,7 @@ The Inverse NTT is described by the following algorithm.
 **Output:** $a \leftarrow \text{NTT\_INV}(a)$ in standard order.
 
 ```plaintext
+
 t ← 1
 for m = n to 1 by m/2 do
     j1 ← 0
@@ -139,12 +147,19 @@ $f\times g= \text{NTT\_INV}(\text{NTT\_VECMULMOD}(
 
 ### Fields of interest
 The implementation applies for many fields of interest for cryptography. In particular, the design applies for:
+
 - FALCON: $q=3.2^{12}+1$ (one of the NIST winners for  post-quantum signature scheme),
+
 - DILITHIUM: $q=2^{23}-2^{13}+1$ (one of the NIST winners for post-quantum signature scheme),
+
 - KYBER: $q=13.2^8+1$  (one of the NIST winners for post-quantum key encapsulation mechanism),
-- Babybear: $q=15.2^{27}+1$ (Risc0)
-- Goldilocks: $q=2^{64}-2^{32}+1$ (Polygon's Plonky2)
-- M31: $q=2^{31}-1$ (Circle STARKS, STwo, Plonky3)
+
+- Babybear: $q=15.2^{27}+1$ (Risc0),
+
+- Goldilocks: $q=2^{64}-2^{32}+1$ (Polygon's Plonky2),
+
+- M31: $q=2^{31}-1$ (Circle STARKS, STwo, Plonky3),
+
 - StarkCurve: $q=2^{251}+17.2^{192}+1$
 
 
@@ -180,8 +195,11 @@ There are no edge cases in the considered operations.
 
 
 There are two fully spec compatible implementations on the day of writing:
+
 - a python reference code provided in the assets of this EIP
+
 - a solidity reference code provided in the assets of this EIP
+
 Both codes have been validated over a large base of reference vectors, and implementing both FALCON and DILITHIUM algorithms as demonstration of the usefulness of the precompile.