jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

ready for prime time?

master
Michael Hamburg 10 years ago
parent
83c59a645a
commit
d4f4d0ed60
6 changed files with 120 additions and 94 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +36
    -30
      include/decaf.h
  2. +44
    -38
      src/decaf.c
  3. +3
    -3
      test/bench.c
  4. +5
    -5
      test/test_arithmetic.c
  5. +29
    -15
      test/test_pointops.c
  6. +3
    -3
      test/test_scalarmul.c

+ 36
- 30
include/decaf.h View File

@@ -29,6 +29,7 @@
#define NONNULL2 __attribute__((nonnull(1,2)))
#define NONNULL3 __attribute__((nonnull(1,2,3)))

/** Types of internal words. TODO: ARCH: make 32-bit clean */
typedef uint64_t decaf_word_t, decaf_bool_t;

/* TODO: prefix all these operations and factor to support multiple curves. */
@@ -49,21 +50,20 @@ typedef struct decaf_point_s {
decaf_word_t x[DECAF_LIMBS],y[DECAF_LIMBS],z[DECAF_LIMBS],t[DECAF_LIMBS];
} decaf_point_t[1];

/** Scalar is stored packed, because we don't need the speed. */
typedef struct decaf_scalar_s {
decaf_word_t limb[DECAF_SCALAR_LIMBS];
} decaf_scalar_t[1];

/** DECAF_TRUE = -1 so that DECAF_TRUE & x = x */
static const decaf_bool_t DECAF_TRUE = -(decaf_bool_t)1, DECAF_FALSE = 0;

/** NB Success is -1, failure is 0. TODO: see if people would rather the reverse. */
static const decaf_bool_t DECAF_SUCCESS = -(decaf_bool_t)1 /*DECAF_TRUE*/,
DECAF_FAILURE = 0 /*DECAF_FALSE*/;

/** The identity point on the curve. */
const decaf_point_t decaf_identity API_VIS;

/** The prime p, for debugging purposes.
* FIXME: prevent this scalar from actually being used for non-debugging purposes?
* TODO: prevent this scalar from actually being used for non-debugging purposes?
*/
const decaf_scalar_t decaf_scalar_p API_VIS;

@@ -73,17 +73,22 @@ const decaf_scalar_t decaf_scalar_one API_VIS;
/** A scalar equal to 0. */
const decaf_scalar_t decaf_scalar_zero API_VIS;

/** An arbitrarily chosen base point on the curve. TODO: define */
const decaf_point_t decaf_basepoint API_VIS;
/** The identity point on the curve. */
const decaf_point_t decaf_point_identity API_VIS;

/**
* An arbitrarily chosen base point on the curve.
* Equal to Ed448-Goldilocks base point defined by DJB, except of course that
* it's on the twist in this case. TODO: choose a base point with nice encoding?
*/
const decaf_point_t decaf_point_base API_VIS;

#ifdef __cplusplus
extern "C" {
#endif
/* TODO: scalar invert? */

// TODO: ser, deser, inv?.
// FIXME: scalar math is untested, and therefore probably wrong.

/**
* @brief Read a scalar from wire format or from bytes.
*
@@ -96,7 +101,7 @@ extern "C" {
* @param [in] ser Serialized form of a scalar.
* @param [out] out Deserialized form.
*/
decaf_bool_t decaf_decode_scalar(
decaf_bool_t decaf_scalar_decode (
decaf_scalar_t s,
const unsigned char ser[DECAF_SER_BYTES]
) API_VIS NONNULL2;
@@ -107,7 +112,7 @@ decaf_bool_t decaf_decode_scalar(
* @param [out] ser Serialized form of a scalar.
* @param [in] s Deserialized scalar.
*/
void decaf_encode_scalar(
void decaf_scalar_encode (
unsigned char ser[DECAF_SER_BYTES],
const decaf_scalar_t s
) API_VIS NONNULL2;
@@ -118,7 +123,7 @@ void decaf_encode_scalar(
* @param [in] b Another scalar.
* @param [out] out a+b.
*/
void decaf_add_scalars (
void decaf_scalar_add (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -131,7 +136,7 @@ void decaf_add_scalars (
* @retval DECAF_TRUE The scalars are equal.
* @retval DECAF_FALSE The scalars are not equal.
*/
decaf_bool_t decaf_eq_scalars (
decaf_bool_t decaf_scalar_eq (
const decaf_scalar_t a,
const decaf_scalar_t b
) API_VIS WARN_UNUSED NONNULL2;
@@ -142,7 +147,7 @@ decaf_bool_t decaf_eq_scalars (
* @param [in] b Another scalar.
* @param [out] out a-b.
*/
void decaf_sub_scalars (
void decaf_scalar_sub (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -154,7 +159,7 @@ void decaf_sub_scalars (
* @param [in] b Another scalar.
* @param [out] out a*b.
*/
void decaf_mul_scalars (
void decaf_scalar_mul (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -166,7 +171,7 @@ void decaf_mul_scalars (
* @param [out] ser The byte representation of the point.
* @param [in] pt The point to encode.
*/
void decaf_encode (
void decaf_point_encode (
uint8_t ser[DECAF_SER_BYTES],
const decaf_point_t pt
) API_VIS NONNULL2;
@@ -184,7 +189,7 @@ void decaf_encode (
* @retval DECAF_FAILURE The decoding didn't succeed, because
* ser does not represent a point.
*/
decaf_bool_t decaf_decode (
decaf_bool_t decaf_point_decode (
decaf_point_t pt,
const uint8_t ser[DECAF_SER_BYTES],
decaf_bool_t allow_identity
@@ -197,7 +202,7 @@ decaf_bool_t decaf_decode (
* @param [out] a A copy of the point.
* @param [in] b Any point.
*/
void decaf_copy (
void decaf_point_copy (
decaf_point_t a,
const decaf_point_t b
) API_VIS NONNULL2;
@@ -211,7 +216,7 @@ void decaf_copy (
* @retval DECAF_TRUE The points are equal.
* @retval DECAF_FALSE The points are not equal.
*/
decaf_bool_t decaf_eq (
decaf_bool_t decaf_point_eq (
const decaf_point_t a,
const decaf_point_t b
) API_VIS WARN_UNUSED NONNULL2;
@@ -225,7 +230,7 @@ decaf_bool_t decaf_eq (
* @param [in] a An addend.
* @param [in] b An addend.
*/
void decaf_add (
void decaf_point_add (
decaf_point_t sum,
const decaf_point_t a,
const decaf_point_t b
@@ -240,7 +245,7 @@ void decaf_add (
* @param [in] a The minuend.
* @param [in] b The subtrahend.
*/
void decaf_sub (
void decaf_point_sub (
decaf_point_t diff,
const decaf_point_t a,
const decaf_point_t b
@@ -252,13 +257,11 @@ void decaf_sub (
* @param [out] scaled The scaled point base*scalar
* @param [in] base The point to be scaled.
* @param [in] scalar The scalar to multilpy by.
* @param [in] scalar_words The number of words in the scalar [TODO]
*/
void decaf_scalarmul (
void decaf_point_scalarmul (
decaf_point_t scaled,
const decaf_point_t base,
const decaf_word_t *scalar,
unsigned int scalar_words
const decaf_scalar_t scalar
) API_VIS NONNULL3;

/**
@@ -268,7 +271,7 @@ void decaf_scalarmul (
* @retval DECAF_TRUE The point is valid.
* @retval DECAF_FALSE The point is invalid.
*/
decaf_bool_t decaf_valid (
decaf_bool_t decaf_point_valid (
const decaf_point_t toTest
) API_VIS WARN_UNUSED NONNULL1;

@@ -299,7 +302,7 @@ decaf_bool_t decaf_valid (
* @param [in] hashed_data Output of some hash function.
* @param [out] pt The data hashed to the curve.
*/
void decaf_nonuniform_map_to_curve (
void decaf_point_from_hash_nonuniform (
decaf_point_t pt,
const unsigned char hashed_data[DECAF_SER_BYTES]
) API_VIS NONNULL2;
@@ -307,18 +310,21 @@ void decaf_nonuniform_map_to_curve (
/**
* @brief Indifferentiable hash function encoding to curve.
*
* Equivalent to calling decaf_nonuniform_map_to_curve twice and adding.
* Equivalent to calling decaf_point_from_hash_nonuniform twice and adding.
*
* @param [in] hashed_data Output of some hash function.
* @param [out] pt The data hashed to the curve.
*/
void decaf_uniform_map_to_curve (
void decaf_point_from_hash_uniform (
decaf_point_t pt,
const unsigned char hashed_data[2*DECAF_SER_BYTES]
) API_VIS NONNULL2;
/* TODO: functions to invert point_from_hash?? */
#undef API_VIS
#undef WARN_UNUSED
#undef NONNULL1
#undef NONNULL2
#undef NONNULL3



+ 44
- 38
src/decaf.c View File

@@ -279,7 +279,7 @@ sv decaf_montmul (
decaf_subx(out, accum, p, p, hi_carry);
}

void decaf_mul_scalars (
void decaf_scalar_mul (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -288,7 +288,7 @@ void decaf_mul_scalars (
decaf_montmul(out,out,decaf_scalar_r2,decaf_scalar_p,DECAF_MONTGOMERY_FACTOR);
}

void decaf_sub_scalars (
void decaf_scalar_sub (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -296,7 +296,7 @@ void decaf_sub_scalars (
decaf_subx(out, a->limb, b, decaf_scalar_p, 0);
}

void decaf_add_scalars (
void decaf_scalar_add (
decaf_scalar_t out,
const decaf_scalar_t a,
const decaf_scalar_t b
@@ -311,7 +311,7 @@ void decaf_add_scalars (
decaf_subx(out, out->limb, decaf_scalar_p, decaf_scalar_p, chain);
}

decaf_bool_t decaf_eq_scalars (
decaf_bool_t decaf_scalar_eq (
const decaf_scalar_t a,
const decaf_scalar_t b
) {
@@ -326,9 +326,20 @@ decaf_bool_t decaf_eq_scalars (
/* *** API begins here *** */

/** identity = (0,1) */
const decaf_point_t decaf_identity = {{{0},{1},{1},{0}}};

void decaf_encode( unsigned char ser[DECAF_SER_BYTES], const decaf_point_t p ) {
const decaf_point_t decaf_point_identity = {{{0},{1},{1},{0}}};

/** base = twist of Goldilocks base point (~,19). FIXME: ARCH */
const decaf_point_t decaf_point_base = {{
{ 0xb39a2d57e08c7bull,0xb38639c75ff281ull,0x2ec981082b3288ull,0x99fe8607e5237cull,
0x0e33fbb1fadd1full,0xe714f67055eb4aull,0xc9ae06d64067ddull,0xf7be45054760faull },
{ 0xbd8715f551617full,0x8c17fbeca8f5fcull,0xaae0eec209c06full,0xce41ad80cbe6b8ull,
0xdf360b5c828c00ull,0xaf25b6bbb40e3bull,0x8ed37f0ce4ed31ull,0x72a1c3214557b9ull },
{ 1 },
{ 0x97ca9c8ed8bde9ull,0xf0b780da83304cull,0x0d79c0a7729a69ull,0xc18d3f24aebc1cull,
0x1fbb5389b3fda5ull,0xbb24f674635948ull,0x723a55709a3983ull,0xe1c0107a823dd4ull }
}};

void decaf_point_encode( unsigned char ser[DECAF_SER_BYTES], const decaf_point_t p ) {
gf a, b, c, d;
gf_mlw ( a, p->y, 1-EDWARDS_D );
gf_mul ( c, a, p->t );
@@ -380,7 +391,7 @@ static decaf_bool_t gf_deser(gf s, const unsigned char ser[DECAF_SER_BYTES]) {
}
/* Constant-time add or subtract */
sv decaf_add_sub (
sv decaf_point_add_sub (
decaf_point_t p,
const decaf_point_t q,
const decaf_point_t r,
@@ -410,7 +421,7 @@ sv decaf_add_sub (
gf_mul ( p->t, b, c );
}
decaf_bool_t decaf_decode (
decaf_bool_t decaf_point_decode (
decaf_point_t p,
const unsigned char ser[DECAF_SER_BYTES],
decaf_bool_t allow_identity
@@ -444,16 +455,16 @@ decaf_bool_t decaf_decode (
return succ;
}

void decaf_sub(decaf_point_t a, const decaf_point_t b, const decaf_point_t c) {
decaf_add_sub(a,b,c,-1);
void decaf_point_sub(decaf_point_t a, const decaf_point_t b, const decaf_point_t c) {
decaf_point_add_sub(a,b,c,-1);
}
void decaf_add(decaf_point_t a, const decaf_point_t b, const decaf_point_t c) {
decaf_add_sub(a,b,c,0);
void decaf_point_add(decaf_point_t a, const decaf_point_t b, const decaf_point_t c) {
decaf_point_add_sub(a,b,c,0);
}

/* No dedicated point double (PERF) */
#define decaf_dbl(a,b) decaf_add(a,b,b)
#define decaf_dbl(a,b) decaf_point_add(a,b,b)

void decaf_copy (
decaf_point_t a,
@@ -465,7 +476,7 @@ void decaf_copy (
gf_cpy(a->t, b->t);
}

decaf_bool_t decaf_decode_scalar(
decaf_bool_t decaf_scalar_decode(
decaf_scalar_t s,
const unsigned char ser[DECAF_SER_BYTES]
) {
@@ -483,12 +494,12 @@ decaf_bool_t decaf_decode_scalar(
accum = (accum + s->limb[i] - decaf_scalar_p->limb[i]) >> WBITS;
}
//decaf_mul_scalars(s,s,decaf_scalar_one); /* ham-handed reduce */
decaf_scalar_mul(s,s,decaf_scalar_one); /* ham-handed reduce */
return accum;
}

void decaf_encode_scalar(
void decaf_scalar_encode(
unsigned char ser[DECAF_SER_BYTES],
const decaf_scalar_t s
) {
@@ -500,16 +511,11 @@ void decaf_encode_scalar(
}
}

void decaf_scalarmul (
void decaf_point_scalarmul (
decaf_point_t a,
const decaf_point_t b,
const decaf_word_t *scalar,
unsigned int scalar_words
const decaf_scalar_t scalar
) {
if (scalar_words == 0) {
decaf_copy(a,decaf_identity);
return;
}
/* w=2 signed window uses about 1.5 adds per bit.
* I figured a few extra lines was worth the 25% speedup.
* NB: if adapting this function to scalarmul by a
@@ -518,22 +524,22 @@ void decaf_scalarmul (
decaf_point_t w,b3,tmp;
decaf_dbl(w,b);
/* b3 = b*3 */
decaf_add(b3,w,b);
decaf_point_add(b3,w,b);
int i;
for (i=scalar_words*WBITS-2; i>0; i-=2) {
decaf_word_t bits = scalar[i/WBITS]>>(i%WBITS);
for (i=DECAF_SCALAR_LIMBS*WBITS-2; i>0; i-=2) {
decaf_word_t bits = scalar->limb[i/WBITS]>>(i%WBITS);
decaf_cond_sel(tmp,b,b3,((bits^(bits>>1))&1)-1);
decaf_dbl(w,w);
decaf_add_sub(w,w,tmp,((bits>>1)&1)-1);
decaf_point_add_sub(w,w,tmp,((bits>>1)&1)-1);
decaf_dbl(w,w);
}
decaf_add_sub(w,w,b,((scalar[0]>>1)&1)-1);
decaf_point_add_sub(w,w,b,((scalar->limb[0]>>1)&1)-1);
/* low bit is special because fo signed window */
decaf_cond_sel(tmp,b,decaf_identity,-(scalar[0]&1));
decaf_sub(a,w,tmp);
decaf_cond_sel(tmp,b,decaf_point_identity,-(scalar->limb[0]&1));
decaf_point_sub(a,w,tmp);
}

decaf_bool_t decaf_eq ( const decaf_point_t p, const decaf_point_t q ) {
decaf_bool_t decaf_point_eq ( const decaf_point_t p, const decaf_point_t q ) {
/* equality mod 2-torsion compares x/y */
gf a, b;
gf_mul ( a, p->y, q->x );
@@ -543,7 +549,7 @@ decaf_bool_t decaf_eq ( const decaf_point_t p, const decaf_point_t q ) {

static const int QUADRATIC_NONRESIDUE = -1;

void decaf_nonuniform_map_to_curve (
void decaf_point_from_hash_nonuniform (
decaf_point_t p,
const unsigned char ser[DECAF_SER_BYTES]
) {
@@ -583,17 +589,17 @@ void decaf_nonuniform_map_to_curve (
gf_mul(p->t,b,e);
}

void decaf_uniform_map_to_curve (
void decaf_point_from_hash_uniform (
decaf_point_t pt,
const unsigned char hashed_data[2*DECAF_SER_BYTES]
) {
decaf_point_t pt2;
decaf_nonuniform_map_to_curve(pt,hashed_data);
decaf_nonuniform_map_to_curve(pt2,&hashed_data[DECAF_SER_BYTES]);
decaf_add(pt,pt,pt2);
decaf_point_from_hash_nonuniform(pt,hashed_data);
decaf_point_from_hash_nonuniform(pt2,&hashed_data[DECAF_SER_BYTES]);
decaf_point_add(pt,pt,pt2);
}

decaf_bool_t decaf_valid (
decaf_bool_t decaf_point_valid (
const decaf_point_t p
) {
gf a,b,c;


+ 3
- 3
test/bench.c View File

@@ -271,7 +271,7 @@ int main(int argc, char **argv) {
memset(bsc,0,sizeof(bsc));
when = now();
for (i=0; i<nbase*10; i++) {
decaf_mul_scalars(csc,asc,bsc);
decaf_scalar_mul(csc,asc,bsc);
}
when = now() - when;
printf("decaf mulsc: %5.1fns\n", when * 1e9 / i);
@@ -302,7 +302,7 @@ int main(int argc, char **argv) {
memset(Dc,0,sizeof(Dc));
when = now();
for (i=0; i<nbase*100; i++) {
decaf_add(Da,Db,Dc);
decaf_point_add(Da,Db,Dc);
}
when = now() - when;
printf("dec + dec: %5.1fns\n", when * 1e9 / i);
@@ -368,7 +368,7 @@ int main(int argc, char **argv) {
when = now();
for (i=0; i<nbase/10; i++) {
decaf_scalarmul(Da,Db,sk,sizeof(sk)/sizeof(word_t));
decaf_point_scalarmul(Da,Db,asc);
}
when = now() - when;
printf("decaf slow: %5.1fµs\n", when * 1e6 / i);


+ 5
- 5
test/test_arithmetic.c View File

@@ -44,7 +44,7 @@ static mask_t mpz_to_scalar (
mpz_init(modded);
mpz_mod(modded, in, mp_scalar_field);
mpz_export(ser, NULL, -1, 1, -1, 0, modded);
mask_t succ = decaf_decode_scalar(out, ser);
mask_t succ = decaf_scalar_decode(out, ser);
return succ;
}

@@ -62,7 +62,7 @@ static mask_t scalar_assert_eq_gmp(
memset(yser,0,sizeof(yser));
decaf_encode_scalar(xser, x);
decaf_scalar_encode(xser, x);
mpz_init(modded);
mpz_mod(modded, y, mp_scalar_field);
@@ -224,15 +224,15 @@ static mask_t test_scalar (
succ &= mpz_to_scalar(yy,y);
mpz_init(t);
decaf_add_scalars(tt,xx,yy);
decaf_scalar_add(tt,xx,yy);
mpz_add(t,x,y);
succ &= scalar_assert_eq_gmp("scalar add",xx,yy,tt,x,y,t);
decaf_sub_scalars(tt,xx,yy);
decaf_scalar_sub(tt,xx,yy);
mpz_sub(t,x,y);
succ &= scalar_assert_eq_gmp("scalar sub",xx,yy,tt,x,y,t);
decaf_mul_scalars(tt,xx,yy);
decaf_scalar_mul(tt,xx,yy);
mpz_mul(t,x,y);
succ &= scalar_assert_eq_gmp("scalar mul",xx,yy,tt,x,y,t);


+ 29
- 15
test/test_pointops.c View File

@@ -160,11 +160,11 @@ add_double_test (
decaf_point_t ted3;
convert_tw_extensible_to_tw_extended(&ted1, &text1);
convert_tw_extensible_to_tw_extended(&ted2, &text2);
decaf_add(ted3, (struct decaf_point_s*)&ted1, (struct decaf_point_s*)&ted2);
decaf_point_add(ted3, (struct decaf_point_s*)&ted1, (struct decaf_point_s*)&ted2);
add_tw_extended(&ted1, &ted2);
convert_tw_extensible_to_tw_extended(&ted2, &textb);
if (~decaf_eq_tw_extended(&ted1, &ted2) | ~decaf_eq((struct decaf_point_s*)&ted1, ted3)) {
if (~decaf_eq_tw_extended(&ted1, &ted2) | ~decaf_point_eq((struct decaf_point_s*)&ted1, ted3)) {
youfail();
succ = 0;
printf(" Tw extended simple compat:\n");
@@ -359,8 +359,8 @@ int test_decaf_evil (void) {
uint8_t ser_de[56], ser_ed[56];
decaf_point_t pt_dec, pt_dec2;
memcpy(pt_dec, pt_ed, sizeof(pt_dec));
decaf_encode(ser_de, pt_dec);
mask_t succ_dec = decaf_decode(pt_dec2, ser_de, -1);
decaf_point_encode(ser_de, pt_dec);
mask_t succ_dec = decaf_point_decode(pt_dec2, ser_de, -1);
field_serialize(ser_ed, out_ed);
decaf_point_t p,q,m;
@@ -373,17 +373,17 @@ int test_decaf_evil (void) {
field_serialize(oo_base_ser,oo_base);
field_neg(tmp,base);
field_serialize(n_base_ser,tmp); // = -base
decaf_nonuniform_map_to_curve (p,random_input);
decaf_nonuniform_map_to_curve (q,oo_base_ser);
decaf_nonuniform_map_to_curve (m,n_base_ser);
mask_t succ_nur = decaf_valid(p);
succ_nur &= decaf_valid(q);
succ_nur &= decaf_valid(m);
decaf_point_from_hash_nonuniform (p,random_input);
decaf_point_from_hash_nonuniform (q,oo_base_ser);
decaf_point_from_hash_nonuniform (m,n_base_ser);
mask_t succ_nur = decaf_point_valid(p);
succ_nur &= decaf_point_valid(q);
succ_nur &= decaf_point_valid(m);
mask_t eq_neg, eq_pos;
eq_neg = decaf_eq(m,p);
decaf_add(m,p,q);
eq_pos = decaf_eq(m,decaf_identity);
eq_neg = decaf_point_eq(m,p);
decaf_point_add(m,p,q);
eq_pos = decaf_point_eq(m,decaf_point_identity);
if ((care_should && should != s_m)
|| ~s_base || s_e != s_te || s_m != s_te || s_ed != s_te
@@ -391,8 +391,8 @@ int test_decaf_evil (void) {
|| (s_ed && ~field_eq(out_e,out_ed))
|| memcmp(ser_de, ser_ed, 56)
|| (s_e & ~succ_dec)
|| (s_e & ~decaf_eq(pt_dec, pt_dec2)
|| (s_e & ~decaf_valid(pt_dec))
|| (s_e & ~decaf_point_eq(pt_dec, pt_dec2)
|| (s_e & ~decaf_point_valid(pt_dec))
|| ~succ_nur
|| ~eq_neg
|| ~eq_pos)
@@ -429,6 +429,20 @@ int test_decaf (void) {
crandom_init_from_buffer(&crand, "my test_decaf random initializer");
int i, hits = 0, fails = 0;
if (~decaf_point_valid(decaf_point_base)) {
youfail();
printf(" Decaf base point invalid\n");
fails++;
}
if (~decaf_point_valid(decaf_point_identity)) {
youfail();
printf(" Decaf identity point invalid\n");
fails++;
}
for (i=0; i<1000; i++) {
uint8_t ser[FIELD_BYTES];


+ 3
- 3
test/test_scalarmul.c View File

@@ -114,7 +114,7 @@ single_scalarmul_compatibility_test (
decaf_point_t ed2;
tw_extended_a_t ed;
convert_tw_extensible_to_tw_extended(ed, &text);
decaf_scalarmul(ed2, (struct decaf_point_s *)ed, scalar, 7);
decaf_point_scalarmul(ed2, (struct decaf_point_s *)ed, (struct decaf_scalar_s *)scalar);

scalarmul_ed(ed, scalar);
field_copy(work.x, ed->x);
@@ -125,8 +125,8 @@ single_scalarmul_compatibility_test (
untwist_and_double_and_serialize(sced, &work);

uint8_t ser1[(FIELD_BITS+6)/8], ser2[(FIELD_BITS+6)/8];
decaf_encode(ser1, (struct decaf_point_s *)ed);
decaf_encode(ser2, ed2);
decaf_point_encode(ser1, (struct decaf_point_s *)ed);
decaf_point_encode(ser2, ed2);

/* check consistency mont vs window */
consistent &= field_eq(mont, ct);


Write Preview
Loading…
Cancel
Save