jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

simplify elligator (todo: test more? eg 1/(1-d) on 25519)

master
Michael Hamburg 10 years ago
parent
3f1c687f5e
commit
49629216f8
5 changed files with 25 additions and 14 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -1
      Makefile
  2. +2
    -6
      src/decaf_fast.c
  3. +9
    -4
      src/public_include/decaf/crypto.hxx
  4. +1
    -1
      src/public_include/decaf/decaf_448.hxx
  5. +7
    -2
      test/test_decaf.cxx

+ 6
- 1
Makefile View File

@@ -48,6 +48,11 @@ LANGXXFLAGS = -fno-strict-aliasing
GENFLAGS = -ffunction-sections -fdata-sections -fvisibility=hidden -fomit-frame-pointer -fPIC GENFLAGS = -ffunction-sections -fdata-sections -fvisibility=hidden -fomit-frame-pointer -fPIC
OFLAGS ?= -O2 OFLAGS ?= -O2


MACOSX_VERSION_MIN ?= 10.9
ifeq ($(UNAME),Darwin)
GENFLAGS += -mmacosx-version-min=$(MACOSX_VERSION_MIN)
endif

TODAY = $(shell date "+%Y-%m-%d") TODAY = $(shell date "+%Y-%m-%d")


ifneq (,$(findstring arm,$(MACHINE))) ifneq (,$(findstring arm,$(MACHINE)))
@@ -184,7 +189,7 @@ $(BUILD_LIB)/libdecaf.so: $(BUILD_LIB)/libdecaf.so.1
$(BUILD_LIB)/libdecaf.so.1: $(LIBCOMPONENTS) $(BUILD_LIB)/libdecaf.so.1: $(LIBCOMPONENTS)
rm -f $@ rm -f $@
ifeq ($(UNAME),Darwin) ifeq ($(UNAME),Darwin)
libtool -macosx_version_min 10.6 -dynamic -dead_strip -lc -x -o $@ \
libtool -macosx_version_min $(MACOSX_VERSION_MIN) -dynamic -dead_strip -lc -x -o $@ \
$(LIBCOMPONENTS) $(LIBCOMPONENTS)
else else
$(LD) $(LDFLAGS) -shared -Wl,-soname,`basename $@` -Wl,--gc-sections -o $@ $(LIBCOMPONENTS) $(LD) $(LDFLAGS) -shared -Wl,-soname,`basename $@` -Wl,--gc-sections -o $@ $(LIBCOMPONENTS)


+ 2
- 6
src/decaf_fast.c View File

@@ -1094,7 +1094,6 @@ void API_NS(point_from_hash_nonuniform) (
/* Compute D := (dr+a-d)(dr-ar-d) with a=1 */ /* Compute D := (dr+a-d)(dr-ar-d) with a=1 */
gf_sub(a,c,dee); gf_sub(a,c,dee);
gf_add(a,a,ONE); gf_add(a,a,ONE);
decaf_bool_t special_identity_case = gf_eq(a,ZERO);
gf_sub(b,c,r); gf_sub(b,c,r);
gf_sub(b,b,dee); gf_sub(b,b,dee);
gf_mul(D,a,b); gf_mul(D,a,b);
@@ -1108,9 +1107,6 @@ void API_NS(point_from_hash_nonuniform) (
gf_mul(a,rN,D); gf_mul(a,rN,D);
decaf_bool_t square = gf_isqrt_chk(e,a,DECAF_FALSE); decaf_bool_t square = gf_isqrt_chk(e,a,DECAF_FALSE);
decaf_bool_t r_is_zero = gf_eq(r,ZERO);
square |= r_is_zero;
square |= special_identity_case;
/* b <- t/s */ /* b <- t/s */
cond_sel(c,r0,r,square); /* r? = sqr ? r : 1 */ cond_sel(c,r0,r,square); /* r? = sqr ? r : 1 */
@@ -1136,7 +1132,7 @@ void API_NS(point_from_hash_nonuniform) (
gf_mul(c,a,b); gf_mul(c,a,b);
/* Normalize/negate */ /* Normalize/negate */
decaf_bool_t neg_s = hibit(a)^~square;
decaf_bool_t neg_s = hibit(a) ^ ~square;
cond_neg(a,neg_s); /* ends up negative if ~square */ cond_neg(a,neg_s); /* ends up negative if ~square */
/* b <- t */ /* b <- t */
@@ -1145,7 +1141,7 @@ void API_NS(point_from_hash_nonuniform) (
/* isogenize */ /* isogenize */
#if IMAGINE_TWIST #if IMAGINE_TWIST
gf_mul(c,a,SQRT_MINUS_ONE); gf_mul(c,a,SQRT_MINUS_ONE);
gf_cpy(a,c); // TODO rename
gf_cpy(a,c);
#endif #endif
gf_sqr(c,a); /* s^2 */ gf_sqr(c,a); /* s^2 */


+ 9
- 4
src/public_include/decaf/crypto.hxx View File

@@ -63,20 +63,25 @@ public:
return typename Group::Point(ser); return typename Group::Point(ser);
} }
/** @brief Verify a sig. TODO: nothrow version? FIXME: doesn't check reduction of scalar! */
/** @brief Verify a sig. TODO: nothrow version? */
inline bool verify_shake(const SHAKE<SHAKE_BITS> &ctx_, const FixedBlock<SIG_BYTES> &sig) throw(CryptoException) { inline bool verify_shake(const SHAKE<SHAKE_BITS> &ctx_, const FixedBlock<SIG_BYTES> &sig) throw(CryptoException) {
SHAKE<SHAKE_BITS> ctx(ctx_); SHAKE<SHAKE_BITS> ctx(ctx_);
ctx << ser << sig.slice(0,Group::Point::SER_BYTES); ctx << ser << sig.slice(0,Group::Point::SER_BYTES);
FixedArrayBuffer<CHALLENGE_BYTES> challenge; FixedArrayBuffer<CHALLENGE_BYTES> challenge;
ctx.output(challenge); ctx.output(challenge);
const typename Group::Point combo = point().non_secret_combo_with_base(
typename Group::Scalar(challenge),
typename Group::Scalar response;
decaf_bool_t scalar_OK = Group::Scalar::decode(
response,
sig.slice(Group::Point::SER_BYTES, Group::Scalar::SER_BYTES) sig.slice(Group::Point::SER_BYTES, Group::Scalar::SER_BYTES)
); );
const typename Group::Point combo = point().non_secret_combo_with_base(
typename Group::Scalar(challenge), response
);
//if (combo != typename Group::Point(sig.slice(0,Group::Point::SER_BYTES))) //if (combo != typename Group::Point(sig.slice(0,Group::Point::SER_BYTES)))
// throw CryptoException(); // throw CryptoException();
return combo == typename Group::Point(sig.slice(0,Group::Point::SER_BYTES));
return scalar_OK & (combo == typename Group::Point(sig.slice(0,Group::Point::SER_BYTES)));
} }
/** @brief Sign from a message. */ /** @brief Sign from a message. */


+ 1
- 1
src/public_include/decaf/decaf_448.hxx View File

@@ -195,7 +195,7 @@ public:
decaf_bool_t allow_identity=DECAF_FALSE, decaf_bool_t allow_identity=DECAF_FALSE,
decaf_bool_t short_circuit=DECAF_TRUE decaf_bool_t short_circuit=DECAF_TRUE
) const throw(CryptoException) { ) const throw(CryptoException) {
SecureBuffer out(/*FIXME Point::*/SER_BYTES);
SecureBuffer out(Point::SER_BYTES);
if (DECAF_SUCCESS != if (DECAF_SUCCESS !=
decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit) decaf_448_direct_scalarmul(out.data(), in.data(), s, allow_identity, short_circuit)
) { ) {


+ 7
- 2
test/test_decaf.cxx View File

@@ -158,8 +158,13 @@ static void test_arithmetic() {
if (i%20) continue; if (i%20) continue;
if (y!=0) arith_check(test,x,y,z,x*y/y,x,"invert"); if (y!=0) arith_check(test,x,y,z,x*y/y,x,"invert");
// TODO: negative test, but this throws an exception
//arith_check(test,x,y,z,x/0,0,"invert0");
try {
y = x/0;
test.fail();
printf(" Inverted zero!");
print("x", x);
print("y", y);
} catch(CryptoException) {}
} }
} }




Write Preview
Loading…
Cancel
Save