From 0dc1b0de841296e07bf2cffd5f6c703437cdc950 Mon Sep 17 00:00:00 2001 From: Mike Hamburg Date: Thu, 23 Oct 2014 18:12:54 -0700 Subject: [PATCH] magic for p521. except not entirely, because there will probably be an impl with permuted limbs --- src/include/magic.h | 5 +++ src/p448/f_magic.h | 5 --- src/p480/f_magic.h | 5 --- src/p521/f_magic.h | 30 +++++++++++++++++ src/p521/magic.c | 81 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 116 insertions(+), 10 deletions(-) create mode 100644 src/p521/f_magic.h create mode 100644 src/p521/magic.c diff --git a/src/include/magic.h b/src/include/magic.h index c7e296d..4b8394d 100644 --- a/src/include/magic.h +++ b/src/include/magic.h @@ -86,5 +86,10 @@ extern const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS]; */ #define WNAF_PRECMP_BITS 5 +/** + * @brief crandom magic structure guard constant = "return 4", cf xkcd #221 + */ +#define CRANDOM_MAGIC 0x72657475726e2034ull + #endif /* __GOLDI_MAGIC_H__ */ diff --git a/src/p448/f_magic.h b/src/p448/f_magic.h index 9e1365a..681f05e 100644 --- a/src/p448/f_magic.h +++ b/src/p448/f_magic.h @@ -27,9 +27,4 @@ static const int64_t EDWARDS_D = -39081; /** @brief The spacing the of combs for signed comb algo */ #define COMB_S (USE_BIG_COMBS ? 18 : 14) -/** - * @brief crandom magic structure guard constant = "return 4", cf xkcd #221 - */ -#define CRANDOM_MAGIC 0x72657475726e2034ull - #endif /* __GOLDI_F_MAGIC_H__ */ diff --git a/src/p480/f_magic.h b/src/p480/f_magic.h index d5d095a..6942cda 100644 --- a/src/p480/f_magic.h +++ b/src/p480/f_magic.h @@ -27,9 +27,4 @@ static const int64_t EDWARDS_D = 53825; /** @brief The spacing the of combs for signed comb algo */ #define COMB_S (USE_BIG_COMBS ? 16 : 24) -/** - * @brief crandom magic structure guard constant = "return 4", cf xkcd #221 - */ -#define CRANDOM_MAGIC 0x72657475726e2034ull - #endif /* __GOLDI_F_MAGIC_H__ */ diff --git a/src/p521/f_magic.h b/src/p521/f_magic.h new file mode 100644 index 0000000..d805114 --- /dev/null +++ b/src/p521/f_magic.h @@ -0,0 +1,30 @@ +/** + * @file f_magic.h + * @copyright + * Copyright (c) 2014 Cryptography Research, Inc. \n + * Released under the MIT License. See LICENSE.txt for license information. + * @author Mike Hamburg + * @brief Goldilocks magic numbers (group orders, coefficients, algo params etc). + */ + +#ifndef __GOLDI_F_MAGIC_H__ +#define __GOLDI_F_MAGIC_H__ 1 + +#include "field.h" +#include "ec_point.h" + +/** + * @brief The Edwards "d" term for this curve. + */ +static const int64_t EDWARDS_D = -376014; + +/** @brief The number of combs to use for signed comb algo */ +#define COMB_N (USE_BIG_COMBS ? 4 : 5) + +/** @brief The number of teeth of the combs for signed comb algo */ +#define COMB_T (USE_BIG_COMBS ? 5 : 4) + +/** @brief The spacing the of combs for signed comb algo */ +#define COMB_S (USE_BIG_COMBS ? 26 : 26) + +#endif /* __GOLDI_F_MAGIC_H__ */ diff --git a/src/p521/magic.c b/src/p521/magic.c new file mode 100644 index 0000000..7a34886 --- /dev/null +++ b/src/p521/magic.c @@ -0,0 +1,81 @@ +/* Copyright (c) 2014 Cryptography Research, Inc. + * Released under the MIT License. See LICENSE.txt for license information. + */ + +#include "field.h" +#include "magic.h" +#include "barrett_field.h" + +/* FUTURE: automatically generate this file? */ + +const uint8_t FIELD_MODULUS[FIELD_BYTES] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0x01 +}; + +const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { + U64LE(0xbf15dbca0ae7f294), + U60LE(0x04273ba96570e0ba), + U60LE(0xc94750a1813ac0fb), + U60LE(0xea4939b8b9037a08), + U60LE(0x0000000000000002), + U60LE(0x0000000000000000), + U60LE(0x0000000000000000), + U60LE(0x0000000000000000), + 0x80, + + U64LE(0x7e2bb79415cfe529), + U64LE(0x084e7752cae1c175), + U64LE(0x928ea143027581f6), + U64LE(0xd49273717206f411), + U64LE(0x0000000000000005), + U64LE(0x0000000000000000), + U64LE(0x0000000000000000), + U64LE(0x0000000000000000), + 0x0 +}; + +const struct affine_t goldilocks_base_point = { + {{ + U58LE(0x02a940a2f19ba6c), + U58LE(0x03ec4cd920e2a8c), + U58LE(0x1d568fc99c6059d), + U58LE(0x3331c90d2c6ba52), + U58LE(0x0c6203913f6ecc5), + U58LE(0x1b2063b22fcf270), + U58LE(0x2878a3bfd9f42fc), + U58LE(0x06277e432c8a5ac), + U58LE(0x0752cb45c48648b) + }}, + {{ 12 }} +}; + +static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = { + U64LE(0xbf15dbca0ae7f295), + U64LE(0x4273ba96570e0ba), + U64LE(0xc94750a1813ac0fb), + U64LE(0xea4939b8b9037a08), + 2 +}; +const struct barrett_prime_t curve_prime_order = { + GOLDI_FIELD_WORDS, + 7 % WORD_BITS, + sizeof(curve_prime_order_lo)/sizeof(curve_prime_order_lo[0]), + curve_prime_order_lo +}; + +const struct field_t +sqrt_d_minus_1 = {{ + U58LE(0x1e2be72c1c81990), + U58LE(0x1135002ad596c69), + U58LE(0x2ab3a257a22666d), + U58LE(0x207dfc238a33e46), + U58LE(0x0e30107cd79d1f6), + U58LE(0x2d80cc2936a1824), + U58LE(0x2264cfb418c4c30), + U58LE(0x0524b9e715937f5), + U58LE(0x0a9ea3ac10d6aed) +}};