From 8abc24f4c6c7ff81b5ac6358284bfbef766a6894 Mon Sep 17 00:00:00 2001
From: Michael Hamburg <mike@shiftleft.org>
Date: Fri, 16 Jan 2015 16:52:56 -0800
Subject: [PATCH] montgomery aux step is defined; probably doesnt work

---
 src/ec_point.c         | 26 ++++++++++++++++++++++++--
 src/include/ec_point.h | 12 ++++++++++++
 test/bench.c           |  9 +++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/ec_point.c b/src/ec_point.c
index c022963..00bf2cb 100644
--- a/src/ec_point.c
+++ b/src/ec_point.c
@@ -318,6 +318,30 @@ convert_tw_niels_to_tw_extensible (
     field_copy ( &e->u, &e->y );
 }
 
+void
+montgomery_aux_step (
+    struct montgomery_aux_t* a
+) {
+    field_add  ( &a->xs, &a->xa, &a->za );
+    field_subx ( &a->zs, &a->xa, &a->za );
+    field_add  ( &a->xa, &a->xd, &a->zd );
+    field_subx ( &a->za, &a->xd, &a->zd );
+    field_mul  ( &a->xd, &a->xa, &a->zs );
+    field_mul  ( &a->zd, &a->xs, &a->za );
+    field_add  ( &a->xs, &a->xd, &a->zd );
+    field_subx ( &a->zd, &a->zd, &a->xd );
+    field_mul  ( &a->zs, &a->zd, &a->s0 );
+    field_sqr  ( &a->zd, &a->xa ); // zd = AA
+    field_sqr  ( &a->xa, &a->za ); // xa = BB
+    field_subx ( &a->za, &a->zd, &a->xa ); // za = E
+    field_mul  ( &a->xd, &a->xa, &a->zd ); // xd final
+    field_mulw_scc_wr ( &a->zd, &a->xa, 1-EDWARDS_D );
+    field_add  ( &a->xa, &a->za, &a->zd ); // BB + (1-d)*E
+    field_mul  ( &a->zd, &a->xa, &a->za ); // zd final
+    field_sqr  ( &a->xa, &a->xs );
+    field_sqr  ( &a->za, &a->zs );
+}
+
 void
 montgomery_step (
     struct montgomery_t* a
@@ -438,7 +462,6 @@ decaf_serialize_extensible (
     struct field_t*            b,
     const struct extensible_t* a
 ) {
-    /* FIXME: IF32...? */
     struct field_t L0, L1, L2, L3;
     field_mulw_scc ( &L2, &a->y, EDWARDS_D ); // L2 = d*y
     field_mul  ( &L3, &L2, &a->t ); // L3 = d*y*t_
@@ -466,7 +489,6 @@ decaf_serialize_tw_extensible (
     struct field_t*            b,
     const struct tw_extensible_t* a
 ) {
-    /* FIXME: IF32...? */
     struct field_t L0, L1, L2, L3;
     field_mulw_scc ( &L2, &a->y, 1-EDWARDS_D ); // L2 = (1-d)*y
     field_mul  ( &L3, &L2, &a->t ); // L3 = (1-d)*y*t_
diff --git a/src/include/ec_point.h b/src/include/ec_point.h
index c3d8a03..8d6d3e1 100644
--- a/src/include/ec_point.h
+++ b/src/include/ec_point.h
@@ -38,6 +38,13 @@ struct montgomery_t {
     struct field_t z0, xd, zd, xa, za;
 };
 
+/**
+ * Montgomery buffer, augmented version.
+ */
+struct montgomery_aux_t {
+    struct field_t s0, xd, zd, xa, za, xs, zs;
+};
+
 /**
  * Extensible coordinates for Edwards curves, suitable for
  * accumulators.
@@ -270,6 +277,11 @@ montgomery_step (
     struct montgomery_t* a
 );
 
+void
+montgomery_aux_step (
+    struct montgomery_aux_t* a
+);
+
 void
 deserialize_montgomery (
     struct montgomery_t* a,
diff --git a/test/bench.c b/test/bench.c
index ddf8097..f2ef58c 100644
--- a/test/bench.c
+++ b/test/bench.c
@@ -86,6 +86,7 @@ int main(int argc, char **argv) {
     struct tw_pniels_t pniels;
     struct affine_t affine;
     struct montgomery_t mb;
+    struct montgomery_aux_t mba;
     struct field_t a,b,c,d;
     
     
@@ -312,6 +313,14 @@ int main(int argc, char **argv) {
     }
     when = now() - when;
     printf("monty step:  %5.1fns\n", when * 1e9 / i);
+    
+    memset(&mba,0,sizeof(mba));
+    when = now();
+    for (i=0; i<nbase*100; i++) {
+        montgomery_aux_step(&mba);
+    }
+    when = now() - when;
+    printf("monty aux:   %5.1fns\n", when * 1e9 / i);
 	
     when = now();
     for (i=0; i<nbase/10; i++) {