The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation.

We are not aware of inputs to the public key generation, signing or verification APIs that trigger a panic in the AVX2 implementation because the intermediate values were not fully reduced.

From version 0.0.9 intermediate values on AVX2 platforms are fully reduced in alignment with the portable implementation.