Multiplication in ML-DSA

Question

I am trying to understand ML-DSA PQC and the cs1 multiplication done in ML-DSA-44 signature generation

Printed value of s1 after unpacking and get the values(for s1.vec[0] few values)

s1[0] = -2
s1[1] = 2
s1[2] = 2
s1[3] = -2
s1[4] = 1
s1[5] = 2
s1[6] = 0
s1[7] = 0
s1[8] = 1
s1[9] = 2
....

Similarly, value of cp after poly_challenge is as below

cp[0] = 0
cp[1] = -1
cp[2] = 0
cp[3] = 0
cp[4] = 0
cp[5] = 0
cp[6] = -1
cp[7] = 0
cp[8] = 0
cp[9] = 0
....

and value of cs1 after polyvecl_invntt_tomont is below(z.vec[0])

cs1[0] = -3
cs1[1] = 13
cs1[2] = -4
cs1[3] = 2
cs1[4] = -21
cs1[5] = 7
cs1[6] = -4
cs1[7] = 12
cs1[8] = -6
cs1[9] = 8
....

Since value of cp can only be in the range of {-1,0,1} , How are the value of cs1 printed above achieved(cs1.vec[0].coeff[0] = cp.vec.coeff[0] * s1.vec[0].coeff[0]), I am not sure ? and do we need to do NTT(cp) whose value range is limited or s1 for that matter ?

Answer 1

The vector cs is not computed as a termwise product. Instead cp and s1 should be treated as polynomials in the ring $R_q=\mathbb Z[X]/\langle q,X^{256}+1\rangle$.

In this notation the product would be $$c\times s=(c_0+c_1X+\cdots +c_{255}X^{255})(s_0+s_1X+\cdots+s_{255}X^{255})\mod^{\pm} \langle q, X^{256}+1\rangle$$ which would give the p degree 255 product polynomial $z(X)=z_0+z_1X+\cdots+z_{255}X^{255}$ where $$z_0=c_0s_0-c_1s_{255}-c_2s_{254}\cdots-c_{255}s_1\mod^\pm q$$ $$z_1=c_0s_1+c_1s_{0}-c_2s_{255}\cdots-c_{255}s_2\mod^\pm q$$ $$z_2=c_0s_2+c_1s_{1}+c_2s_{2}\cdots-c_{255}s_3\mod^\pm q$$ and so on.