From 19aa25196817dfd38e44fcc51dcf3a9a28c06353 Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Thu, 17 Aug 2017 14:31:33 -0700 Subject: [PATCH] simpler decode if cofactor 4 --- aux/ristretto.sage | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/aux/ristretto.sage b/aux/ristretto.sage index 795d7ec..a85a2cc 100644 --- a/aux/ristretto.sage +++ b/aux/ristretto.sage @@ -298,25 +298,32 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): """Encode, optimized version""" a,d = self.a,self.d x,y,z,t = self.xyzt() - if x==0 or y==0: return(self.gfToBytes(0)) - num = (z+y)*(z-y) - den = t*z - tmp = isqrt(num*(a-d)*den^2) + if self.cofactor == 8: + num = (z+y)*(z-y) + den = x*y + tmp = isqrt(num*(a-d)*den^2) - if self.cofactor==8 and negative(tmp^2*den*num*(a-d)*t^2*self.isoMagic): - den,num = num,den - tmp *= sqrt(a-d) # witness that cofactor is 8 - yisr = x*sqrt(a) - toggle = (a==1) - else: - yisr = y*(a*d-1) - toggle = False + if negative(tmp^2*den*num*(a-d)*t^2*self.isoMagic): + den,num = num,den + tmp *= sqrt(a-d) # witness that cofactor is 8 + yisr = x*sqrt(a) + toggle = (a==1) + else: + yisr = y*(a*d-1) + toggle = False - tiisr = tmp*num - altx = tiisr*t*self.isoMagic - if negative(altx) != toggle: tiisr =- tiisr - s = tmp*den*yisr*(tiisr*z - 1) + tiisr = tmp*num + altx = tiisr*t*self.isoMagic + if negative(altx) != toggle: tiisr =- tiisr + s = tmp*den*yisr*(tiisr*z - 1) + + else: + num = (x+t)*(x-t) + tmp = isqrt(num*(a-d)*x^2) + ratio = tmp*num + if negative(ratio*self.isoMagic): ratio=-ratio + s = (a-d)*x*tmp*(z*ratio - t) return self.gfToBytes(s,mustBePositive=True)