Mike Hamburg
b849d2cd91
working on securebuffer problems, might just switch things to vector
9 years ago
Mike Hamburg
1bda5ed34a
XOPEN_SOURCE defines fixed
9 years ago
Michael Hamburg
cdab495338
Cross-curve compilation working! Still a bunch of FIXMEs though
9 years ago
Michael Hamburg
d703b31062
fix some PRECIOUS
9 years ago
Michael Hamburg
719fcacc58
working on multicurve build system
9 years ago
Michael Hamburg
de735c77e2
knock out a couple TODOs
9 years ago
Michael Hamburg
5af980b85a
wipe out the multiple layers of rename between decaf_fast and field. still some serious HACKs in the include prio to avoid multiple definition of struct gf
9 years ago
Michael Hamburg
b6c12d7e38
doh
9 years ago
Mike Hamburg
8a1315e15f
get rid of unchecked isqrt. will be a tiny slowdown for p448 invert, called only in batch_invert
9 years ago
Mike Hamburg
eab2a41d13
switch from xy positive to 1/xy positive; this is because it can make laddered direct_scalarmul almost sane. almost.
9 years ago
Mike Hamburg
60b14fb0f1
add FixedBuffer
9 years ago
Mike Hamburg
538fe68866
OwnedOrUnowned as base for Precomputed
9 years ago
Mike Hamburg
6bc7a3db3b
rework build hierarchy to prepare for generated headers
9 years ago
Mike Hamburg
36380f3e2a
one more namespacing change
9 years ago
Mike Hamburg
93edb223bb
remove inverse from f_field.h
9 years ago
Mike Hamburg
0b59ddc2bf
move config to prime directories
9 years ago
Mike Hamburg
f825fd9b75
gcc compat changes
9 years ago
Michael Hamburg
e273155e35
switch to 64-bit shift; still slower than donna?
9 years ago
Michael Hamburg
ba9f201901
faster mulw?
9 years ago
Michael Hamburg
8202c43eba
remove ah = a*19
9 years ago
Michael Hamburg
42a561d018
some accel in for curve25519
9 years ago
Michael Hamburg
2705bd26af
another few TODOs down
9 years ago
Michael Hamburg
f8c32ba53f
knock out some TODOs
9 years ago
Michael Hamburg
d501753648
factor common routines and data decls out into decaf_common.h. Now leaking NONNULL etc
9 years ago
Michael Hamburg
02449ed54b
encoding is no longer EXPLICIT_CON
9 years ago
Michael Hamburg
db0a12de2a
working on breaking up include files
9 years ago
Michael Hamburg
629a782fff
Elligator now passes tests, but there are likely still missing preimages of rotations of the identity point. Also, projscaling elligator probably works, but it needs testing
9 years ago
Michael Hamburg
89dfab34a8
remove hinting from forward elligator, at least in 25519. leaving test in broken state because, well, it is broken
9 years ago
Michael Hamburg
a53f9876f5
OK, most tests are now passing. Remaining known problems:
1) Elligator inversion fails on 0. Also there may be corner cases
here which ought to be probed but are a pain, such as sqrt(id/(1-d))
and similar.
2) Elligator doesn't return the right hint, because I haven't coded
the rotation hints. Probable solution: make Elligator not return a
hint, because there's no realistic scenario where it's useful anyway.
Alternative possible solution: can compute the right hint, but why
bother?
3) Elligator inversion doesn't set the high bit of the buffer at
random, because 2^255-19 isn't close to 2^256. Possible solution:
preserve the high bit(s) of the buffer?
4) Elligator doesn't map [1] to the identity, I think.
5) Not enough corner case testing.
6) Probably some other non-Elligator problems
9 years ago
Michael Hamburg
5a3fe27c03
more rigorous tests. elligator still fails. problem: extracting xy is quite technical
9 years ago
Michael Hamburg
202ed7fea2
change 2torque to torque, which is 4torque in ed25519 case
9 years ago
Michael Hamburg
f68833cd1e
passing everything but elligator with curve25519! though there are probably some lurking bugs...
9 years ago
Michael Hamburg
092bbfd9a0
swap over to Curve25519 from PinkBikeShed. Elligator still doesnt work (closer than with pinkbikeshed tho...). Need to deal with the sign T to make EC tests pass. Somehow the high level crypto all passes .. i guess because everything stays in the subgroup
9 years ago
Michael Hamburg
d974612404
restore test which got clobbered somehow
9 years ago
Michael Hamburg
e4cb764842
inverting elligator now mostly works, except for identity and overflow issues
9 years ago
Michael Hamburg
cbb8cceea9
elligator doesnt work; gonna compare some things to see why
9 years ago
Michael Hamburg
0d913b67ec
use deisogenize for future merge with curve25519
9 years ago
Michael Hamburg
4a76f50bc1
minor comment change
9 years ago
Michael Hamburg
d6461059f5
round-trip works
9 years ago
Michael Hamburg
371192bfa0
actually elligator only almost works because of r=1 being weird. round-trip doesnt work
9 years ago
Michael Hamburg
a14dbafd2b
decode and elligator work. probably encode still buggy.
9 years ago
Michael Hamburg
2b0c51f4b3
scalar arithmetic passing. on to ec, which surely doesnt work
9 years ago
Michael Hamburg
d81034d466
decode works
9 years ago
Michael Hamburg
4b0bf31fc9
progress checkin. compiles. working on point decode. have switched some of the Ds over. BTW, you can see that this is using PinkBikeShed instead of the real Curve25519; this is temporary
9 years ago
Michael Hamburg
cc79f559b3
remove direct ladder for now
9 years ago
Michael Hamburg
03ecad0551
it compiles, but it certainly doesnt work yet
9 years ago
Mike Hamburg
40b1f8b85e
initial replace 448->255; doesnt compile yet
9 years ago
Michael Hamburg
e65e322f94
addition chain for curve25519
9 years ago
Michael Hamburg
6c81eec339
addition chain for curve25519
9 years ago
Michael Hamburg
2b5f3beb31
sagelike and clike routines for decaffeinating curve25519
9 years ago