ed448goldilocks

Commit Graph

Author	SHA1	Message	Date
Michael Hamburg	e69e00269f	rename publicly-visible macros to DECAF_ namespace	8 years ago
Michael Hamburg	ec4ece08f0	add decaf_edXXX_convert_public_key_to_xXXX; thanks Johan Pascal	8 years ago
Michael Hamburg	6e2ce5201f	internal VECTOR_ALIGNED instead of __attribute((aligned(32))), thanks Olivier	8 years ago
Michael Hamburg	4a13ad4b8b	unroll loops in arch_32/f_impl.c except on -Os	8 years ago
Michael Hamburg	af606fb195	x448 generate_key -> derive_public_key to match ed448 nomenclature	8 years ago
Hamburg	3cb0f2c9a1	error: shifting a negative signed value is undefined	9 years ago
Michael Hamburg	28086a96d1	remove python dependency by checking in generated code	9 years ago
Michael Hamburg	e22c967171	change eddsa encoding names to show that they multiply_by_cofactor	9 years ago
Michael Hamburg	83cfd6cae1	change x### function names again, this time to decaf_x###, decaf_x###_generate_key	9 years ago
Michael Hamburg	714a5db7a0	decaf_###_x_direct_scalarmul -> decaf_x###_direct_scalarmul	9 years ago
Michael Hamburg	149130fd94	working through the TODOs. Correct the sign of the to/from EdDSA conversions (but is it correct for future curves?). SHA-3 now throws exceptions on over-long output	9 years ago
Michael Hamburg	f1df5e4714	lowerCamelCase -> snake_case. Put decaf_ in front of all (most?) identifiers, except for SHAKE which is being removed before 1.0 release (for future refactoring)	9 years ago
Michael Hamburg	798b189a77	minor changes; clear a few TODOs	9 years ago
Michael Hamburg	1f716044ca	eddsa provisional pass	9 years ago
Michael Hamburg	d9a9bb96b5	eddsa-25519 now using sha512. But problem! We are using IsoEd25519 so we actually need an isogeny anyway to get to Ed25519 proper	9 years ago
Michael Hamburg	9d0bac672f	move context arguments to the end of hash functions. Ed25519 doesnt support contexts.	9 years ago
Michael Hamburg	b1c6de6309	EdDSA 448 seems to be working. Needs more testing, code moved around. EdDSA 255 not working yet; needs SHA512	9 years ago
Michael Hamburg	d0e74a585a	eddsa key generation, at least for goldilocks. needs parameterized hash function; sign/verify; rename; put in right place	9 years ago
Michael Hamburg	f8dc967ae1	add explicit GF_HEADROOM per field+arch for unreduced arith; fortunately unreduced arith is very rare	9 years ago
Michael Hamburg	0a043c34ec	remove constant_time_lookup_xx	9 years ago
Michael Hamburg	b693b33d0c	slight changes to the deisogenize code; hopefully clearer?	9 years ago
Michael Hamburg	7e63f23958	predeclare deisogenize	9 years ago
Michael Hamburg	a585d7f148	factor out elligator, decaf, scalar code. scalar_halve is now public	9 years ago
Michael Hamburg	55766b76c9	homogenize invsqrt code	9 years ago
Michael Hamburg	08bbb567de	dont go via asm anymore. also reduce the number of templated expressions	9 years ago
Michael Hamburg	d94a147194	move everything over to more-tolerable templating	9 years ago
Michael Hamburg	4e57f49161	move more generation to python	9 years ago
Michael Hamburg	7ee81cf84f	move easy scalar computations to python	9 years ago
Michael Hamburg	2e9512292e	template curve_data	9 years ago
Michael Hamburg	3a5ba3e075	no more API_NS2.	9 years ago
Michael Hamburg	f6ec8b2fc8	moving to a much simpler templating system	9 years ago
Mike Hamburg	8d9c810136	make position unsigned so that the assertion means something (thx gcc)	9 years ago
Michael Hamburg	790745e2b3	set mulw to <32 bits instead of <64 bits (but actually less than that: 1 limb instead of 2). also there is a bug if you compile ed448 for arch_32 on a 64-bit machine... tracing	9 years ago
Michael Hamburg	a9e2e08bf2	real WNAF	9 years ago
Michael Hamburg	c0310ba553	whoops, actually save the change the removes the todo comment	9 years ago
Mike Hamburg	de547aa5e7	fix a gcc Werror	9 years ago
Michael Hamburg	c9abcef055	add some pathological test cases, clearing a few TODO items. Also scalar_set_unsigned now takes a uint64_t instead of a word_t	9 years ago
Michael Hamburg	e8561eb0fb	pniels_t is now aligned to sizeof(big_register_t), clearing a MAGIC	9 years ago
Michael Hamburg	af89593807	harmonize deisogenize with paper, clearing a TODO	9 years ago
Michael Hamburg	a69002875c	reverse convention for constant_time_select, resolving a TODO	9 years ago
Michael Hamburg	2ea89d9f06	remove one variable from elligator	9 years ago
Michael Hamburg	37e0886300	simplify elligator, in a way that shouldnt change its output. I think it uses the opposite convention from the paper for sign(s) though.	9 years ago
Michael Hamburg	c7a3efd496	fix typo in 32-bit code	9 years ago
Mike Hamburg	5f38747a15	Montgomery ladder now uses non-reduced arith for speed. Also, it is tested to be CT	9 years ago
Michael Hamburg	2eacff6ad6	rfc7748 implementation, but their names will probably change	9 years ago
Mike Hamburg	8d6c51ee28	Separate API word size from arch word size. This enables compiling a 32-bit arch on a 64-bit platform, eg NEON on AARCH64. It's probably more useful for cross-platform testing, though. The breakdown is as follows: * decaf_bool_t, decaf_word_t and decaf_error_t are as defined in the API. * DECAF_WORD_BITS is the size of a decaf_word_t. * decaf_word_t is used for scalars, so on every curve the scalar impls are the same (i.e. they follow the API's word size). * SC_LIMB macro always takes a 64-bit word. * non-prefixed word_t, mask_t, etc are as defined by the per-curve arch. * ARCH_WORD_BITS is the size of a word_t. * word_t is used for gf elements, so the curves may have different guts.	9 years ago
Michael Hamburg	9be017366a	update HISTORY and TODO	9 years ago
Michael Hamburg	64efd989d6	use SC_LIMB in generated tables. Add a new "TODO" category, UNIFY for code that might be unified with other code	9 years ago
Michael Hamburg	2e23ac747b	move (some of the?) per-field code to src/per_field.c	9 years ago
Michael Hamburg	825751d034	one gf_strong_reduce to rule them all	9 years ago

7 Commits (e69e00269fe179c8dbc07a38f714a03da40682b5)