From c8d81f92769d20371b6d8aed4724f5a51fb51ddc Mon Sep 17 00:00:00 2001
From: Bas Westerbaan <bas@cloudflare.com>
Date: Thu, 14 May 2020 20:56:56 +0200
Subject: [PATCH] dilithium: useHint: use Poly.Decompose, which might be faster

---
 sign/dilithium/internal/common/poly.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/sign/dilithium/internal/common/poly.go b/sign/dilithium/internal/common/poly.go
index 10c51a932..72a741117 100644
--- a/sign/dilithium/internal/common/poly.go
+++ b/sign/dilithium/internal/common/poly.go
@@ -105,9 +105,21 @@ func (p *Poly) MakeHint(p0, p1 *Poly) (pop uint32) {
 // Computes corrections to the high bits of the polynomial q according
 // to the hints in h and sets p to the corrected high bits.  Returns p.
 func (p *Poly) UseHint(q, hint *Poly) *Poly {
+	var q0PlusQ Poly
+
+	q.Decompose(&q0PlusQ, p)
+
 	for i := 0; i < N; i++ {
-		p[i] = useHint(q[i], hint[i])
+		if hint[i] == 0 {
+			continue
+		}
+		if q0PlusQ[i] > Q {
+			p[i] = (p[i] + 1) & 15
+		} else {
+			p[i] = (p[i] - 1) & 15
+		}
 	}
+
 	return p
 }