Reimplement AArch64 NTT 2/2: Switch from ML-KEM to ML-DSA

This is the second commit reimplementing the NTT based on the
"Apache-2.0 OR ISC OR MIT"-licensed NTT and iNTT from mlkem-native.
This commit changes the ML-KEM NTT into a ML-DSA NTT using minimal changes.

Resolves #381

Signed-off-by: Matthias J. Kannwischer <[email protected]>

Author: mkannwischer

BIBLIOGRAPHY.md

@@ -14,6 +14,8 @@ source code and documentation.
   - National Institute of Standards and Technology
 * URL: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements
 * Referenced from:
+  - [examples/bring_your_own_fips202/mldsa_native/config.h](examples/bring_your_own_fips202/mldsa_native/config.h)
+  - [examples/bring_your_own_fips202/mldsa_native/sign.c](examples/bring_your_own_fips202/mldsa_native/sign.c)
   - [integration/liboqs/config_aarch64.h](integration/liboqs/config_aarch64.h)
   - [integration/liboqs/config_c.h](integration/liboqs/config_c.h)
   - [integration/liboqs/config_x86_64.h](integration/liboqs/config_x86_64.h)
@@ -45,6 +47,15 @@ source code and documentation.
 * URL: https://csrc.nist.gov/pubs/fips/204/final
 * Referenced from:
   - [README.md](README.md)
+  - [examples/bring_your_own_fips202/mldsa_native/common.h](examples/bring_your_own_fips202/mldsa_native/common.h)
+  - [examples/bring_your_own_fips202/mldsa_native/config.h](examples/bring_your_own_fips202/mldsa_native/config.h)
+  - [examples/bring_your_own_fips202/mldsa_native/ntt.h](examples/bring_your_own_fips202/mldsa_native/ntt.h)
+  - [examples/bring_your_own_fips202/mldsa_native/poly.c](examples/bring_your_own_fips202/mldsa_native/poly.c)
+  - [examples/bring_your_own_fips202/mldsa_native/poly_kl.c](examples/bring_your_own_fips202/mldsa_native/poly_kl.c)
+  - [examples/bring_your_own_fips202/mldsa_native/polyvec.c](examples/bring_your_own_fips202/mldsa_native/polyvec.c)
+  - [examples/bring_your_own_fips202/mldsa_native/rounding.h](examples/bring_your_own_fips202/mldsa_native/rounding.h)
+  - [examples/bring_your_own_fips202/mldsa_native/sign.c](examples/bring_your_own_fips202/mldsa_native/sign.c)
+  - [examples/bring_your_own_fips202/mldsa_native/sign.h](examples/bring_your_own_fips202/mldsa_native/sign.h)
   - [mldsa/common.h](mldsa/common.h)
   - [mldsa/config.h](mldsa/config.h)
   - [mldsa/fips202/fips202.c](mldsa/fips202/fips202.c)
@@ -115,6 +126,22 @@ source code and documentation.
 * Referenced from:
   - [README.md](README.md)
 
+### `NeonNTT`
+
+* Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1
+* Author(s):
+  - Hanno Becker
+  - Vincent Hwang
+  - Matthias J. Kannwischer
+  - Bo-Yin Yang
+  - Shang-Yi Yang
+* URL: https://eprint.iacr.org/2021/986
+* Referenced from:
+  - [dev/aarch64_clean/src/intt.S](dev/aarch64_clean/src/intt.S)
+  - [dev/aarch64_clean/src/ntt.S](dev/aarch64_clean/src/ntt.S)
+  - [mldsa/native/aarch64/src/intt.S](mldsa/native/aarch64/src/intt.S)
+  - [mldsa/native/aarch64/src/ntt.S](mldsa/native/aarch64/src/ntt.S)
+
 ### `REF`
 
 * CRYSTALS-Dilithium reference implementation
@@ -130,6 +157,9 @@ source code and documentation.
 * URL: https://github.com/pq-crystals/dilithium/tree/master/ref
 * Referenced from:
   - [README.md](README.md)
+  - [examples/bring_your_own_fips202/mldsa_native/ntt.c](examples/bring_your_own_fips202/mldsa_native/ntt.c)
+  - [examples/bring_your_own_fips202/mldsa_native/poly.c](examples/bring_your_own_fips202/mldsa_native/poly.c)
+  - [examples/bring_your_own_fips202/mldsa_native/poly_kl.c](examples/bring_your_own_fips202/mldsa_native/poly_kl.c)
   - [mldsa/ntt.c](mldsa/ntt.c)
   - [mldsa/poly.c](mldsa/poly.c)
   - [mldsa/poly_kl.c](mldsa/poly_kl.c)
@@ -205,8 +235,24 @@ source code and documentation.
   - Damien Stehlé
 * URL: https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
 * Referenced from:
+  - [examples/bring_your_own_fips202/mldsa_native/sign.c](examples/bring_your_own_fips202/mldsa_native/sign.c)
   - [mldsa/sign.c](mldsa/sign.c)
 
+### `SLOTHY_Paper`
+
+* Fast and Clean: Auditable high-performance assembly via constraint solving
+* Author(s):
+  - Amin Abdulrahman
+  - Hanno Becker
+  - Matthias J. Kannwischer
+  - Fabien Klein
+* URL: https://eprint.iacr.org/2022/1303
+* Referenced from:
+  - [dev/aarch64_clean/src/intt.S](dev/aarch64_clean/src/intt.S)
+  - [dev/aarch64_clean/src/ntt.S](dev/aarch64_clean/src/ntt.S)
+  - [mldsa/native/aarch64/src/intt.S](mldsa/native/aarch64/src/intt.S)
+  - [mldsa/native/aarch64/src/ntt.S](mldsa/native/aarch64/src/ntt.S)
+
 ### `libmceliece`
 
 * libmceliece implementation of Classic McEliece
@@ -215,6 +261,7 @@ source code and documentation.
   - Tung Chou
 * URL: https://lib.mceliece.org/
 * Referenced from:
+  - [examples/bring_your_own_fips202/mldsa_native/ct.h](examples/bring_your_own_fips202/mldsa_native/ct.h)
   - [mldsa/ct.h](mldsa/ct.h)
 
 ### `m1cycles`
@@ -247,6 +294,7 @@ source code and documentation.
   - Daniel J. Bernstein
 * URL: https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/H14H0wOlBgAJ
 * Referenced from:
+  - [examples/bring_your_own_fips202/mldsa_native/ct.h](examples/bring_your_own_fips202/mldsa_native/ct.h)
   - [mldsa/ct.h](mldsa/ct.h)
 
 ### `supercop`

BIBLIOGRAPHY.yml

@@ -83,6 +83,26 @@
   - Stehlé, Damien
   url: https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
 
+- id: SLOTHY_Paper
+  name: "Fast and Clean: Auditable high-performance assembly via constraint solving"
+  short: SLOTHY paper
+  author:
+  - Abdulrahman, Amin
+  - Becker, Hanno
+  - Kannwischer, Matthias J.
+  - Klein, Fabien
+  url: https://eprint.iacr.org/2022/1303
+
+- id: NeonNTT
+  name: "Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1"
+  year: 2022
+  url: https://eprint.iacr.org/2021/986
+  author:
+  - Becker, Hanno
+  - Hwang, Vincent
+  - Kannwischer, Matthias J.
+  - Yang, Bo-Yin
+  - Yang, Shang-Yi
 - id: mupq
   name: Common files for pqm4, pqm3, pqriscv
   author: