Browse Source

slight changes to the deisogenize code; hopefully clearer?

master
Michael Hamburg 9 years ago
parent
commit
b693b33d0c
2 changed files with 25 additions and 16 deletions
  1. +13
    -1
      src/include/field.h
  2. +12
    -15
      src/per_curve/decaf.tmpl.c

+ 13
- 1
src/include/field.h View File

@@ -85,7 +85,7 @@ gf_cond_swap(gf x, gf_s *__restrict__ y, mask_t swap) {
constant_time_cond_swap(x,y,sizeof(gf_s),swap); constant_time_cond_swap(x,y,sizeof(gf_s),swap);
} }


static INLINE void gf_mul_qnr(gf_s *__restrict__ out, gf x) {
static INLINE void gf_mul_qnr(gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5 #if P_MOD_8 == 5
/* r = QNR * r0^2 */ /* r = QNR * r0^2 */
gf_mul(out,x,SQRT_MINUS_ONE); gf_mul(out,x,SQRT_MINUS_ONE);
@@ -96,5 +96,17 @@ static INLINE void gf_mul_qnr(gf_s *__restrict__ out, gf x) {
#endif #endif
} }


static INLINE void gf_div_qnr(gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5
/* r = QNR * r0^2 */
gf_mul(out,x,SQRT_MINUS_ONE);
gf_sub(out,ZERO,out);
#elif P_MOD_8 == 3 || P_MOD_8 == 7
gf_sub(out,ZERO,x);
#else
#error "Only supporting p=3,5,7 mod 8"
#endif
}



#endif // __GF_H__ #endif // __GF_H__

+ 12
- 15
src/per_curve/decaf.tmpl.c View File

@@ -142,8 +142,9 @@ void API_NS(deisogenize) (
gf_mul(a,b,p->z); /* uZ */ gf_mul(a,b,p->z); /* uZ */
gf_add(a,a,a); /* 2uZ */ gf_add(a,a,a); /* 2uZ */
gf_cond_neg(c, toggle_hibit_t_over_s ^ ~gf_hibit(a)); /* u <- -u if negative. */
gf_cond_neg(a, toggle_hibit_t_over_s ^ ~gf_hibit(a)); /* t/s <-? -t/s */
mask_t tg = toggle_hibit_t_over_s ^ ~gf_hibit(minus_t_over_s);
gf_cond_neg(minus_t_over_s, tg); /* t/s <-? -t/s */
gf_cond_neg(c, tg); /* u <- -u if negative. */
gf_add(d,c,p->y); gf_add(d,c,p->y);
gf_mul(s,b,d); gf_mul(s,b,d);
@@ -158,18 +159,14 @@ void API_NS(deisogenize) (


#if IMAGINE_TWIST #if IMAGINE_TWIST
gf x, t; gf x, t;
gf_mul ( x, p->x, SQRT_MINUS_ONE);
gf_mul ( t, p->t, SQRT_MINUS_ONE);
gf_sub ( x, ZERO, x );
gf_sub ( t, ZERO, t );
gf_div_qnr(x,p->x);
gf_div_qnr(t,p->t);
gf_add ( a, p->z, x ); gf_add ( a, p->z, x );
gf_sub ( b, p->z, x ); gf_sub ( b, p->z, x );
gf_mul ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 - X^2 */ gf_mul ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 - X^2 */
#else #else
const gf_s *x = p->x, *t = p->t; const gf_s *x = p->x, *t = p->t;
/* Won't hit the gf_cond_sel below because COFACTOR==8 requires IMAGINE_TWIST for now. */ /* Won't hit the gf_cond_sel below because COFACTOR==8 requires IMAGINE_TWIST for now. */
gf_sqr ( a, p->z ); gf_sqr ( a, p->z );
gf_sqr ( b, p->x ); gf_sqr ( b, p->x );
gf_add ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 + X^2 */ gf_add ( c, a, b ); /* "zx" = Z^2 - aX^2 = Z^2 + X^2 */
@@ -201,15 +198,15 @@ void API_NS(deisogenize) (
gf_mul ( c, a, d ); // new "osx" gf_mul ( c, a, d ); // new "osx"
gf_mul ( a, c, p->z ); gf_mul ( a, c, p->z );
gf_add ( a, a, a ); // 2 * "osx" * Z
mask_t tg1 = rotate ^ toggle_hibit_t_over_s ^~ gf_hibit(a);
gf_cond_neg ( c, tg1 );
gf_cond_neg ( a, rotate ^ tg1 );
gf_add ( minus_t_over_s, a, a ); // 2 * "osx" * Z
gf_mul ( d, b, p->z ); gf_mul ( d, b, p->z );
gf_add ( d, d, c );
gf_mul ( b, d, x ); /* here "x" = y unless rotate */
gf_cond_neg ( b, toggle_hibit_s ^ gf_hibit(b) );
mask_t tg = toggle_hibit_t_over_s ^~ gf_hibit(minus_t_over_s);
gf_cond_neg ( minus_t_over_s, tg );
gf_cond_neg ( c, rotate ^ tg );
gf_add ( d, d, c );
gf_mul ( s, d, x ); /* here "x" = y unless rotate */
gf_cond_neg ( s, toggle_hibit_s ^ gf_hibit(s) );
#endif #endif
} }




Loading…
Cancel
Save