jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

double and encode in ristretto.sage for decaf ed25519. kinda sloppy, but good enough for a poc since im not going to implement in c yet anyway

master
Michael Hamburg 8 years ago
parent
1b7b5099eb
commit
b0af873fc8
1 changed files with 23 additions and 30 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +23
    -30
      aux/ristretto/ristretto.sage

+ 23
- 30
aux/ristretto/ristretto.sage View File

@@ -510,44 +510,37 @@ class Decaf_1_1_Point(QuotientEdwardsPoint):
a,d = self.a,self.d a,d = self.a,self.d
if self.cofactor == 8: if self.cofactor == 8:
# TODO: optimized version with no isqrt
e = 2*X*Y
f = Z^2+d*T^2
g = Y^2-a*X^2
h = Z^2-d*T^2
x = e*h
y = f*g
z = f*h
t = e*g
# Cofactor 8 version # Cofactor 8 version
# Simulate IMAGINE_TWIST because that's how libdecaf does it # Simulate IMAGINE_TWIST because that's how libdecaf does it
x = self.i*x
t = self.i*t
X = self.i*X
T = self.i*T
a = -a a = -a
d = -d d = -d
# TODO: This is only being called for a=-1, so could
# be wrong for a=1
# OK, the actual libdecaf code should be here
num = (z+y)*(z-y)
den = x*y
isr = isqrt(num*(a-d)*den^2)
iden = isr * den * self.isoMagic
inum = isr * num
e = 2*X*Y
f = Y^2+a*X^2
g = Y^2-a*X^2
h = Z^2-d*T^2
if negative(iden*inum*self.i*t^2*(d-a)):
iden,inum = inum,iden
fac = x*sqrt(a)
toggle=(a==-1)
else:
fac = y
toggle=False
eim = e*self.isoMagic
inv = 1/(eim*g*f*h)
fh_inv = eim*g*inv*self.i
imi = self.isoMagic * self.i
if negative(inum*t*imi) != toggle: inum =- inum
if negative(eim*g*fh_inv):
idf = g*self.isoMagic*self.i
bar = f
foo = g
test = eim*f
else:
idf = eim
bar = h
foo = -eim
test = g*h
tmp = fac*(inum*z + 1)
s = iden*tmp*imi
if negative(test*fh_inv): bar =- bar
s = idf*(foo+bar)*inv*f*h
else: else:
xy = X*Y xy = X*Y


Write Preview
Loading…
Cancel
Save