Michael Hamburg
11 years ago
1 changed files with 21 additions and 18 deletions
Unified View
Diff Options
-
+21 -18src/decaf_fast.c
+ 21
- 18
src/decaf_fast.c
View File
| @@ -13,6 +13,8 @@ | |||||
| #include <string.h> | #include <string.h> | ||||
| #include "field.h" | #include "field.h" | ||||
| #include "ec_point.h" // REMOVE! | |||||
| #define WBITS DECAF_WORD_BITS | #define WBITS DECAF_WORD_BITS | ||||
| #if WBITS == 64 | #if WBITS == 64 | ||||
| @@ -817,18 +819,21 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| decaf_bool_t allow_identity, | decaf_bool_t allow_identity, | ||||
| decaf_bool_t short_circuit | decaf_bool_t short_circuit | ||||
| ) { | ) { | ||||
| gf s0, xa, za, xd, zd, xs, zs; | |||||
| (void)short_circuit; | |||||
| gf s0, x0, xa, za, xd, zd, xs, zs; | |||||
| decaf_bool_t succ = gf_deser ( s0, base ); | decaf_bool_t succ = gf_deser ( s0, base ); | ||||
| succ &= allow_identity |~ gf_eq(s0, ZERO); | |||||
| (void) short_circuit; | |||||
| succ &= allow_identity |~ gf_eq( s0, ZERO); | |||||
| succ &= ~hibit(s0); | |||||
| gf_sqr ( xa, s0 ); | gf_sqr ( xa, s0 ); | ||||
| gf_cpy ( x0, xa ); | |||||
| gf_cpy ( za, ONE ); | gf_cpy ( za, ONE ); | ||||
| gf_cpy ( xd, ONE ); | gf_cpy ( xd, ONE ); | ||||
| gf_cpy ( zd, ZERO ); | gf_cpy ( zd, ZERO ); | ||||
| int j; | |||||
| int i,j; | |||||
| decaf_bool_t pflip = 0; | decaf_bool_t pflip = 0; | ||||
| for (j=DECAF_448_SCALAR_BITS-1; j>=0; j--) { | |||||
| for (j=448-1; j>=0; j--) { /* TODO: DECAF_SCALAR_BITS */ | |||||
| decaf_bool_t flip = -((scalar->limb[j/WORD_BITS]>>(j%WORD_BITS))&1);; | decaf_bool_t flip = -((scalar->limb[j/WORD_BITS]>>(j%WORD_BITS))&1);; | ||||
| cond_swap(xa,xd,flip^pflip); | cond_swap(xa,xd,flip^pflip); | ||||
| cond_swap(za,zd,flip^pflip); | cond_swap(za,zd,flip^pflip); | ||||
| @@ -848,7 +853,7 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| gf_mlw ( zd, za, 1-EDWARDS_D ); | gf_mlw ( zd, za, 1-EDWARDS_D ); | ||||
| gf_add_nr ( xa, xa, zd ); | gf_add_nr ( xa, xa, zd ); | ||||
| gf_mul ( zd, xa, za ); | gf_mul ( zd, xa, za ); | ||||
| gf_sqr ( xa, xs ); | |||||
| gf_sqr ( xa, xs ); | |||||
| gf_sqr ( za, zs ); | gf_sqr ( za, zs ); | ||||
| pflip = flip; | pflip = flip; | ||||
| } | } | ||||
| @@ -856,7 +861,7 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| cond_swap(za,zd,pflip); | cond_swap(za,zd,pflip); | ||||
| /* OK, time to reserialize! */ | /* OK, time to reserialize! */ | ||||
| gf xz_d, xz_a, x0, den, L0, L1, L2, L3, out; /* TODO: simplify */ | |||||
| gf xz_d, xz_a, den, L0, L1, L2, L3, out; /* TODO: simplify */ | |||||
| mask_t zcase, output_zero, sflip, za_zero; | mask_t zcase, output_zero, sflip, za_zero; | ||||
| gf_mul(xz_d, xd, zd); | gf_mul(xz_d, xd, zd); | ||||
| gf_mul(xz_a, xa, za); | gf_mul(xz_a, xa, za); | ||||
| @@ -864,9 +869,7 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| za_zero = gf_eq(za, ZERO); | za_zero = gf_eq(za, ZERO); | ||||
| cond_sel(xz_d, xz_d, ONE, output_zero); /* make xz_d always nonzero */ | cond_sel(xz_d, xz_d, ONE, output_zero); /* make xz_d always nonzero */ | ||||
| zcase = output_zero | gf_eq(xz_a, ZERO); | zcase = output_zero | gf_eq(xz_a, ZERO); | ||||
| gf_sqr(x0, s0); | |||||
| /* Curve test in zcase */ | /* Curve test in zcase */ | ||||
| gf_cpy(L0,x0); | gf_cpy(L0,x0); | ||||
| gf_add(L0,L0,ONE); | gf_add(L0,L0,ONE); | ||||
| @@ -874,7 +877,7 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| gf_mlw(L0,x0,-4*EDWARDS_D); | gf_mlw(L0,x0,-4*EDWARDS_D); | ||||
| gf_add(L1,L1,L0); | gf_add(L1,L1,L0); | ||||
| cond_sel(xz_a,xz_a,L1,zcase); | cond_sel(xz_a,xz_a,L1,zcase); | ||||
| /* Compute denominator */ | /* Compute denominator */ | ||||
| gf_mul(L0, x0, xz_d); | gf_mul(L0, x0, xz_d); | ||||
| gf_mlw(L2, L0, 4); | gf_mlw(L2, L0, 4); | ||||
| @@ -912,20 +915,20 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| /* compute the output */ | /* compute the output */ | ||||
| gf_mul(L1,L0,den); | gf_mul(L1,L0,den); | ||||
| cond_sel(L2,zs,s0,zcase); /* zs, but s0 in zcase */ | cond_sel(L2,zs,s0,zcase); /* zs, but s0 in zcase */ | ||||
| gf_mul(L0,L1,L2); | gf_mul(L0,L1,L2); | ||||
| cond_sel(L3,xd,zd,za_zero); | cond_sel(L3,xd,zd,za_zero); | ||||
| cond_sel(L2,xs,L3,zcase); /* xs, but zq or qq in zcase */ | cond_sel(L2,xs,L3,zcase); /* xs, but zq or qq in zcase */ | ||||
| gf_mul(out,L0,L2); | gf_mul(out,L0,L2); | ||||
| cond_sel(out,out,ZERO,output_zero); | cond_sel(out,out,ZERO,output_zero); | ||||
| cond_neg(out,hibit(out)); | cond_neg(out,hibit(out)); | ||||
| /* TODO: resubroutineize? */ | |||||
| // | |||||
| // /* TODO: resubroutineize? */ | |||||
| gf_canon(out); | gf_canon(out); | ||||
| int i, k=0, bits=0; | |||||
| int k=0, bits=0; | |||||
| decaf_dword_t buf=0; | decaf_dword_t buf=0; | ||||
| for (i=0; i<DECAF_448_LIMBS; i++) { | for (i=0; i<DECAF_448_LIMBS; i++) { | ||||
| buf |= (decaf_dword_t)out[i]<<bits; | buf |= (decaf_dword_t)out[i]<<bits; | ||||
| @@ -933,7 +936,7 @@ decaf_bool_t decaf_448_direct_scalarmul ( | |||||
| scaled[k++]=buf; | scaled[k++]=buf; | ||||
| } | } | ||||
| } | } | ||||
| return succ; | return succ; | ||||
| } | } | ||||