Number theoretic transform (NTT) has been a very useful tool in computations for number theory, algebra and cryptography. Its performance affects some post-quantum cryptosystems. In this paper, we discuss the butterfly operation of NTT. This basic module of NTT requires heavy modular arithmetics. Montgomery reduction is commonly used in this setting. Recently several variants of Montgomery algorithm have been proposed for the purpose of speeding up NTT. We observe that the Chinese remainder theorem (CRT) can be involved in this type of algorithms in nature and transparent ways. In this paper, a framework of using CRT to model Montgomery type algorithms is described. The derivation of these algorithms as well as their correctness are all treated in the CRT framework. Under our approach, some problems of a modular reduction algorithm (published in IACR Transactions on Cryptographic Hardware and Embedded Systems, doi:10.46586/tches.v2022.i4.614-636 ) are identified, and a counterexample is generated to show that the algorithm is incorrect.

翻译：数论变换（NTT）已在数论、代数和密码学计算中成为非常有用的工具。其性能影响一些后量子密码系统。本文讨论了NTT的蝶形运算。这一NTT基本模块需要大量的模算术运算。在此背景下，Montgomery约化是常用方法。近来，针对加速NTT的目标，已提出了几种Montgomery算法的变体。我们观察到，中国剩余定理（CRT）可以自然且透明地融入此类算法。本文描述了一个使用CRT对Montgomery类型算法建模的框架。这些算法的推导及其正确性均在CRT框架下处理。在我们的方法下，识别了一个模约化算法（发表于IACR Transactions on Cryptographic Hardware and Embedded Systems，doi:10.46586/tches.v2022.i4.614-636）存在的问题，并生成了一个反例以证明该算法不正确。