From b693b33d0cc9bbcb9e6817596f199fcf5c25b053 Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Fri, 29 Jan 2016 19:39:45 -0800 Subject: [PATCH] slight changes to the deisogenize code; hopefully clearer? --- src/include/field.h | 14 +++++++++++++- src/per_curve/decaf.tmpl.c | 27 ++++++++++++--------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/src/include/field.h b/src/include/field.h index 989e1e1..2fe4463 100644 --- a/src/include/field.h +++ b/src/include/field.h @@ -85,7 +85,7 @@ gf_cond_swap(gf x, gf_s *__restrict__ y, mask_t swap) { constant_time_cond_swap(x,y,sizeof(gf_s),swap); } -static INLINE void gf_mul_qnr(gf_s *__restrict__ out, gf x) { +static INLINE void gf_mul_qnr(gf_s *__restrict__ out, const gf x) { #if P_MOD_8 == 5 /* r = QNR * r0^2 */ gf_mul(out,x,SQRT_MINUS_ONE); @@ -96,5 +96,17 @@ static INLINE void gf_mul_qnr(gf_s *__restrict__ out, gf x) { #endif } +static INLINE void gf_div_qnr(gf_s *__restrict__ out, const gf x) { +#if P_MOD_8 == 5 + /* r = QNR * r0^2 */ + gf_mul(out,x,SQRT_MINUS_ONE); + gf_sub(out,ZERO,out); +#elif P_MOD_8 == 3 || P_MOD_8 == 7 + gf_sub(out,ZERO,x); +#else + #error "Only supporting p=3,5,7 mod 8" +#endif +} + #endif // __GF_H__ diff --git a/src/per_curve/decaf.tmpl.c b/src/per_curve/decaf.tmpl.c index 3bb2833..c7ede38 100644 --- a/src/per_curve/decaf.tmpl.c +++ b/src/per_curve/decaf.tmpl.c @@ -142,8 +142,9 @@ void API_NS(deisogenize) ( gf_mul(a,b,p->z); /* uZ */ gf_add(a,a,a); /* 2uZ */ - gf_cond_neg(c, toggle_hibit_t_over_s ^ ~gf_hibit(a)); /* u <- -u if negative. */ - gf_cond_neg(a, toggle_hibit_t_over_s ^ ~gf_hibit(a)); /* t/s <-? -t/s */ + mask_t tg = toggle_hibit_t_over_s ^ ~gf_hibit(minus_t_over_s); + gf_cond_neg(minus_t_over_s, tg); /* t/s <-? -t/s */ + gf_cond_neg(c, tg); /* u <- -u if negative. */ gf_add(d,c,p->y); gf_mul(s,b,d); @@ -158,18 +159,14 @@ void API_NS(deisogenize) ( #if IMAGINE_TWIST gf x, t; - gf_mul ( x, p->x, SQRT_MINUS_ONE); - gf_mul ( t, p->t, SQRT_MINUS_ONE); - gf_sub ( x, ZERO, x ); - gf_sub ( t, ZERO, t ); - + gf_div_qnr(x,p->x); + gf_div_qnr(t,p->t); gf_add ( a, p->z, x ); gf_sub ( b, p->z, x ); gf_mul ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 - X^2 */ #else const gf_s *x = p->x, *t = p->t; /* Won't hit the gf_cond_sel below because COFACTOR==8 requires IMAGINE_TWIST for now. */ - gf_sqr ( a, p->z ); gf_sqr ( b, p->x ); gf_add ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 + X^2 */ @@ -201,15 +198,15 @@ void API_NS(deisogenize) ( gf_mul ( c, a, d ); // new "osx" gf_mul ( a, c, p->z ); - gf_add ( a, a, a ); // 2 * "osx" * Z - mask_t tg1 = rotate ^ toggle_hibit_t_over_s ^~ gf_hibit(a); - gf_cond_neg ( c, tg1 ); - gf_cond_neg ( a, rotate ^ tg1 ); + gf_add ( minus_t_over_s, a, a ); // 2 * "osx" * Z gf_mul ( d, b, p->z ); - gf_add ( d, d, c ); - gf_mul ( b, d, x ); /* here "x" = y unless rotate */ - gf_cond_neg ( b, toggle_hibit_s ^ gf_hibit(b) ); + mask_t tg = toggle_hibit_t_over_s ^~ gf_hibit(minus_t_over_s); + gf_cond_neg ( minus_t_over_s, tg ); + gf_cond_neg ( c, rotate ^ tg ); + gf_add ( d, d, c ); + gf_mul ( s, d, x ); /* here "x" = y unless rotate */ + gf_cond_neg ( s, toggle_hibit_s ^ gf_hibit(s) ); #endif }