jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

sync with master

master
Michael Hamburg 11 years ago
parent
8abc24f4c6
commit
825dd2128b
3 changed files with 32 additions and 137 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +26
    -14
      src/ec_point.c
  2. +6
    -0
      src/include/ec_point.h
  3. +0
    -123
      src/p448/field.h

+ 26
- 14
src/ec_point.c View File

@@ -318,28 +318,40 @@ convert_tw_niels_to_tw_extensible (
field_copy ( &e->u, &e->y ); field_copy ( &e->u, &e->y );
} }


void
deserialize_montgomery_decaf (
struct montgomery_aux_t* a,
const struct field_t *s
) {
field_copy ( &a->s0, s );
field_copy ( &a->xa, s );
field_set_ui ( &a->za, 1 );
field_set_ui ( &a->xd, 1 );
field_set_ui ( &a->zd, 0 );
}

void void
montgomery_aux_step ( montgomery_aux_step (
struct montgomery_aux_t* a struct montgomery_aux_t* a
) { ) {
field_add ( &a->xs, &a->xa, &a->za );
field_subx ( &a->zs, &a->xa, &a->za );
field_add ( &a->xa, &a->xd, &a->zd );
field_subx ( &a->za, &a->xd, &a->zd );
field_mul ( &a->xd, &a->xa, &a->zs );
field_mul ( &a->zd, &a->xs, &a->za );
field_add ( &a->xs, &a->xd, &a->zd );
field_subx ( &a->zd, &a->zd, &a->xd );
field_mul ( &a->zs, &a->zd, &a->s0 );
field_sqr ( &a->zd, &a->xa ); // zd = AA
field_sqr ( &a->xa, &a->za ); // xa = BB
field_add ( &a->xs, &a->xa, &a->za ); // xs = C
field_subx ( &a->zs, &a->xa, &a->za ); // zs = D
field_add ( &a->xa, &a->xd, &a->zd ); // xa = A
field_subx ( &a->za, &a->xd, &a->zd ); // za = B
field_mul ( &a->xd, &a->xa, &a->zs ); // xd = DA
field_mul ( &a->zd, &a->xs, &a->za ); // zd = CB
field_add ( &a->xs, &a->xd, &a->zd ); // xs = DA+CB
field_subx ( &a->zd, &a->xd, &a->zd ); // zd = DA-CB
field_mul ( &a->zs, &a->zd, &a->s0 ); // zs = (DA-CB)*s0
field_sqr ( &a->zd, &a->xa ); // zd = AA
field_sqr ( &a->xa, &a->za ); // xa = BB
field_subx ( &a->za, &a->zd, &a->xa ); // za = E field_subx ( &a->za, &a->zd, &a->xa ); // za = E
field_mul ( &a->xd, &a->xa, &a->zd ); // xd final field_mul ( &a->xd, &a->xa, &a->zd ); // xd final
field_mulw_scc_wr ( &a->zd, &a->xa, 1-EDWARDS_D );
field_mulw_scc_wr ( &a->zd, &a->xa, 1-EDWARDS_D ); // zd = (1-d)*E
field_add ( &a->xa, &a->za, &a->zd ); // BB + (1-d)*E field_add ( &a->xa, &a->za, &a->zd ); // BB + (1-d)*E
field_mul ( &a->zd, &a->xa, &a->za ); // zd final field_mul ( &a->zd, &a->xa, &a->za ); // zd final
field_sqr ( &a->xa, &a->xs );
field_sqr ( &a->za, &a->zs );
field_sqr ( &a->xa, &a->xs ); // (DA+CB)^2
field_sqr ( &a->za, &a->zs ); // (DA-CB)^2*s0^2
} }


void void


+ 6
- 0
src/include/ec_point.h View File

@@ -294,6 +294,12 @@ serialize_montgomery (
const struct montgomery_t* a, const struct montgomery_t* a,
const struct field_t* sbz const struct field_t* sbz
); );
void
deserialize_montgomery_decaf (
struct montgomery_aux_t* a,
const struct field_t *s
);


/** /**
* Serialize a point on an Edwards curve. * Serialize a point on an Edwards curve.


+ 0
- 123
src/p448/field.h View File

@@ -1,123 +0,0 @@
/**
* @file field.h
* @brief Field switch code.
* @copyright
* Copyright (c) 2014 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
*/
#ifndef __FIELD_H__
#define __FIELD_H__

#include <string.h>
#include "constant_time.h"

#include "p448.h"
#define FIELD_BITS 448
#define field_t p448_t
#define field_mul p448_mul
#define field_sqr p448_sqr
#define field_add p448_add
#define field_sub p448_sub
#define field_mulw p448_mulw
#define field_addw p448_addw
#define field_subw p448_subw
#define field_neg p448_neg
#define field_set_ui p448_set_ui
#define field_bias p448_bias
#define field_cond_neg p448_cond_neg
#define field_inverse p448_inverse
#define field_eq p448_eq
#define field_isr p448_isr
#define field_simultaneous_invert p448_simultaneous_invert
#define field_weak_reduce p448_weak_reduce
#define field_strong_reduce p448_strong_reduce
#define field_serialize p448_serialize
#define field_deserialize p448_deserialize
#define field_is_zero p448_is_zero

/** @brief Bytes in a field element */
#define FIELD_BYTES (1+(FIELD_BITS-1)/8)

/** @brief Words in a field element */
#define FIELD_WORDS (1+(FIELD_BITS-1)/sizeof(word_t))

/**
* @brief For GMP tests: little-endian representation of the field modulus.
*/
extern const uint8_t FIELD_MODULUS[FIELD_BYTES];

/**
* Copy one field element to another.
*/
static inline void
__attribute__((unused,always_inline))
field_copy (
struct field_t *__restrict__ a,
const struct field_t *__restrict__ b
) {
memcpy(a,b,sizeof(*a));
}

/**
* Negate a in place if doNegate.
*/
static inline void
__attribute__((unused,always_inline))
field_cond_neg(
field_t *a,
mask_t doNegate
) {
struct field_t negated;
field_neg(&negated, a);
field_bias(&negated, 2);
constant_time_select(a, &negated, a, sizeof(negated), doNegate);
}

/**
* Returns 1/sqrt(+- x).
*
* The Legendre symbol of the result is the same as that of the
* input.
*
* If x=0, returns 0.
*/
void
field_isr (
struct field_t* a,
const struct field_t* x
);
/**
* Batch inverts out[i] = 1/in[i]
*
* If any input is zero, all the outputs will be zero.
*/
void
field_simultaneous_invert (
struct field_t *__restrict__ out,
const struct field_t *in,
unsigned int n
);

/**
* Returns 1/x.
*
* If x=0, returns 0.
*/
void
field_inverse (
struct field_t* a,
const struct field_t* x
);

/**
* Returns -1 if a==b, 0 otherwise.
*/
mask_t
field_eq (
const struct field_t *a,
const struct field_t *b
);

#endif /* __FIELD_H__ */

Write Preview
Loading…
Cancel
Save