) // if b > 8 { return 0, false } return fieldSubToMontgomery(4, uint32(b)), true default: panic("internal error: unsupported η") } } // power2Round implements Power2Round from FIPS 204. // // It separates the bottom d = 13 bits of each 23-bit coefficient, rounding the // high part based on the low part, and correcting the low part accordingly. func power2Round(r fieldElement) (hi uint16, lo fieldElement) { rr := fieldFromMontgomery(r) // Add 2¹² - 1 to round up r1 by one if r0 > 2¹². // r is at...