jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Avoid branching on mask bit extension.

master
Johan Pascal 4 years ago
parent
aa9c5c9b7e
commit
7f3aa8a420
4 changed files with 7 additions and 8 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -2
      src/per_curve/decaf.tmpl.c
  2. +4
    -4
      src/per_curve/elligator.tmpl.c
  3. +1
    -1
      src/per_curve/scalar.tmpl.c
  4. +1
    -1
      src/per_field/f_generic.tmpl.c

+ 1
- 2
src/per_curve/decaf.tmpl.c View File

@@ -1272,8 +1272,7 @@ decaf_error_t decaf_x$(gf_shortname) (
if (t/8==0) sb &= -(uint8_t)COFACTOR;
else if (t == X_PRIVATE_BITS-1) sb = -1;
mask_t k_t = (sb>>(t%8)) & 1;
k_t = k_t?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET; /* set to all 0s or all 1s */
mask_t k_t = ~((1 - ((sb>>(t%8)) & 1))*DECAF_MASK_ALL_SET); /* expand mask bit 0 to the whole mask without branching */
swap ^= k_t;
gf_cond_swap(x2,x3,swap);


+ 4
- 4
src/per_curve/elligator.tmpl.c View File

@@ -109,13 +109,13 @@ API_NS(invert_elligator_nonuniform) (
uint32_t hint_
) {
mask_t hint = hint_;
mask_t sgn_s = ((hint & 1)?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET),
sgn_altx = ((hint>>1 & 1)?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET),
sgn_r0 = ((hint>>2 & 1)?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET),
mask_t sgn_s = ~((1 - (hint & 1))*DECAF_MASK_ALL_SET), /* expand hint bit 0 to the whole mask without branching */
sgn_altx = ~((1 - (hint>>1 & 1))*DECAF_MASK_ALL_SET),
sgn_r0 = ~((1 - (hint>>2 & 1))*DECAF_MASK_ALL_SET),
/* FUTURE MAGIC: eventually if there's a curve which needs sgn_ed_T but not sgn_r0,
* change this mask extraction.
*/
sgn_ed_T = ((hint>>3 & 1)?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET);
sgn_ed_T = ~((1 - (hint>>3 & 1))*DECAF_MASK_ALL_SET);
gf a,b,c;
API_NS(deisogenize)(a,b,c,p,sgn_s,sgn_altx,sgn_ed_T);


+ 1
- 1
src/per_curve/scalar.tmpl.c View File

@@ -314,7 +314,7 @@ void API_NS(scalar_halve) (
scalar_t out,
const scalar_t a
) {
decaf_word_t mask = (a->limb[0] & 1)?DECAF_WORD_ALL_SET:DECAF_WORD_ALL_UNSET;
decaf_word_t mask = ~((1-(a->limb[0] & 1))*DECAF_WORD_ALL_SET); /* expand a->limb[0] bit 0 to the whole mask without branching */
decaf_dword_t chain = 0;
unsigned int i;
for (i=0; i<SCALAR_LIMBS; i++) {


+ 1
- 1
src/per_field/f_generic.tmpl.c View File

@@ -37,7 +37,7 @@ mask_t gf_lobit(const gf x) {
gf y;
gf_copy(y,x);
gf_strong_reduce(y);
return (y->limb[0]&1)?DECAF_MASK_ALL_SET:DECAF_MASK_ALL_UNSET;
return ~((1-(y->limb[0]&1))*DECAF_MASK_ALL_SET); /* expand y->limb[0] bit 0 to the whole mask without branching */
}

/** Deserialize from wire format; return -1 on success and 0 on failure. */


Write Preview
Loading…
Cancel
Save