jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 25697caf5c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '25697caf5c'
${ noResults }
ed448goldilocks/ec_point.h

441 lines
8.2 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. 

  5. /* This file was generated with the assistance of a tool written in SAGE. */

  6. #ifndef __CC_INCLUDED_P448_EDWARDS_H__

  7. #define __CC_INCLUDED_P448_EDWARDS_H__

  8. 

  9. #include "p448.h"

  10. 

  11. #ifdef __cplusplus

  12. extern "C" {

  13. #endif

  14. 

  15. /*

  16.  * Affine point on an Edwards curve.

  17.  */

  18. struct affine_t {

  19.     struct p448_t x, y;

  20. };

  21. 

  22. /*

  23.  * Affine point on a twisted Edwards curve.

  24.  */

  25. struct tw_affine_t {

  26.     struct p448_t x, y;

  27. };

  28. 

  29. /*

  30.  * Montgomery buffer.

  31.  */

  32. struct montgomery_t {

  33.     struct p448_t z0, xd, zd, xa, za;

  34. };

  35. 

  36. /*

  37.  * Extensible coordinates for Edwards curves, suitable for

  38.  * accumulators.

  39.  * 

  40.  * Represents the point (x/z, y/z).  The extra coordinates

  41.  * t,u satisfy xy = tuz, allowing for conversion to Extended

  42.  * form by multiplying t and u.

  43.  * 

  44.  * The idea is that you don't have to do this multiplication

  45.  * when doubling the accumulator, because the t-coordinate

  46.  * isn't used there.  At the same time, as long as you only

  47.  * have one point in extensible form, additions don't cost

  48.  * extra.

  49.  * 

  50.  * This is essentially a lazier version of Hisil et al's

  51.  * lookahead trick.  It might be worth considering that trick

  52.  * instead.

  53.  */

  54. struct extensible_t {

  55.     struct p448_t x, y, z, t, u;

  56. };

  57. 

  58. /*

  59.  * Extensible coordinates for twisted Edwards curves,

  60.  * suitable for accumulators.

  61.  */

  62. struct tw_extensible_t {

  63.     struct p448_t x, y, z, t, u;

  64. };

  65. 

  66. /*

  67.  * Niels coordinates for twisted Edwards curves.  Good for

  68.  * mixed readdition; suitable for fixed tables.

  69.  */

  70. struct tw_niels_t {

  71.     struct p448_t a, b, c;

  72. };

  73. 

  74. /*

  75.  * Projective niels coordinates for twisted Edwards curves.

  76.  * Good for readdition; suitable for temporary tables.

  77.  */

  78. struct tw_pniels_t {

  79.     struct tw_niels_t n;

  80.     struct p448_t z;

  81. };

  82. 

  83. 

  84. /*

  85.  * Auto-generated copy method.

  86.  */

  87. static __inline__ void

  88. copy_affine (

  89.     struct affine_t*       a,

  90.     const struct affine_t* ds

  91. ) __attribute__((unused,always_inline));

  92. 

  93. /*

  94.  * Auto-generated copy method.

  95.  */

  96. static __inline__ void

  97. copy_tw_affine (

  98.     struct tw_affine_t*       a,

  99.     const struct tw_affine_t* ds

  100. ) __attribute__((unused,always_inline));

  101. 

  102. /*

  103.  * Auto-generated copy method.

  104.  */

  105. static __inline__ void

  106. copy_montgomery (

  107.     struct montgomery_t*       a,

  108.     const struct montgomery_t* ds

  109. ) __attribute__((unused,always_inline));

  110. 

  111. /*

  112.  * Auto-generated copy method.

  113.  */

  114. static __inline__ void

  115. copy_extensible (

  116.     struct extensible_t*       a,

  117.     const struct extensible_t* ds

  118. ) __attribute__((unused,always_inline));

  119. 

  120. /*

  121.  * Auto-generated copy method.

  122.  */

  123. static __inline__ void

  124. copy_tw_extensible (

  125.     struct tw_extensible_t*       a,

  126.     const struct tw_extensible_t* ds

  127. ) __attribute__((unused,always_inline));

  128. 

  129. /*

  130.  * Auto-generated copy method.

  131.  */

  132. static __inline__ void

  133. copy_tw_niels (

  134.     struct tw_niels_t*       a,

  135.     const struct tw_niels_t* ds

  136. ) __attribute__((unused,always_inline));

  137. 

  138. /*

  139.  * Auto-generated copy method.

  140.  */

  141. static __inline__ void

  142. copy_tw_pniels (

  143.     struct tw_pniels_t*       a,

  144.     const struct tw_pniels_t* ds

  145. ) __attribute__((unused,always_inline));

  146. 

  147. /*

  148.  * Returns 1/sqrt(+- x).

  149.  * 

  150.  * The Legendre symbol of the result is the same as that of the

  151.  * input.

  152.  * 

  153.  * If x=0, returns 0.

  154.  */

  155. void

  156. p448_isr (

  157.     struct p448_t*       a,

  158.     const struct p448_t* x

  159. );

  160. 

  161. /*

  162.  * Returns 1/x.

  163.  * 

  164.  * If x=0, returns 0.

  165.  */

  166. void

  167. p448_inverse (

  168.     struct p448_t*       a,

  169.     const struct p448_t* x

  170. );

  171. 

  172. /*

  173.  * Add two points on a twisted Edwards curve, one in Extensible form

  174.  * and the other in half-Niels form.

  175.  */

  176. void

  177. p448_tw_extensible_add_niels (

  178.     struct tw_extensible_t*  d,

  179.     const struct tw_niels_t* e

  180. );

  181. 

  182. /*

  183.  * Add two points on a twisted Edwards curve, one in Extensible form

  184.  * and the other in projective Niels form.

  185.  */

  186. void

  187. p448_tw_extensible_add_pniels (

  188.     struct tw_extensible_t*   e,

  189.     const struct tw_pniels_t* a

  190. );

  191. 

  192. /*

  193.  * Double a point on a twisted Edwards curve, in "extensible" coordinates.

  194.  */

  195. void

  196. p448_tw_extensible_double (

  197.     struct tw_extensible_t* a

  198. );

  199. 

  200. /*

  201.  * Double a point on an Edwards curve, in "extensible" coordinates.

  202.  */

  203. void

  204. p448_extensible_double (

  205.     struct extensible_t* a

  206. );

  207. 

  208. /*

  209.  * 4-isogeny from untwisted to twisted.

  210.  */

  211. void

  212. p448_isogeny_un_to_tw (

  213.     struct tw_extensible_t*    b,

  214.     const struct extensible_t* a

  215. );

  216. 

  217. /*

  218.  * Dual 4-isogeny from twisted to untwisted.

  219.  */

  220. void

  221. p448_isogeny_tw_to_un (

  222.     struct extensible_t*          b,

  223.     const struct tw_extensible_t* a

  224. );

  225. 

  226. void

  227. convert_tw_affine_to_tw_pniels (

  228.     struct tw_pniels_t*       b,

  229.     const struct tw_affine_t* a

  230. );

  231. 

  232. void

  233. convert_tw_affine_to_tw_extensible (

  234.     struct tw_extensible_t*   b,

  235.     const struct tw_affine_t* a

  236. );

  237. 

  238. void

  239. convert_affine_to_extensible (

  240.     struct extensible_t*   b,

  241.     const struct affine_t* a

  242. );

  243. 

  244. void

  245. convert_tw_extensible_to_tw_pniels (

  246.     struct tw_pniels_t*           b,

  247.     const struct tw_extensible_t* a

  248. );

  249. 

  250. void

  251. convert_tw_pniels_to_tw_extensible (

  252.     struct tw_extensible_t*   e,

  253.     const struct tw_pniels_t* d

  254. );

  255. 

  256. void

  257. convert_tw_niels_to_tw_extensible (

  258.     struct tw_extensible_t*  e,

  259.     const struct tw_niels_t* d

  260. );

  261. 

  262. void

  263. p448_montgomery_step (

  264.     struct montgomery_t* a

  265. );

  266. 

  267. void

  268. p448_montgomery_serialize (

  269.     struct p448_t*             sign,

  270.     struct p448_t*             ser,

  271.     const struct montgomery_t* a,

  272.     const struct p448_t*       sbz

  273. );

  274. 

  275. /*

  276.  * Serialize a point on an Edwards curve

  277.  * The serialized form would be sqrt((z-y)/(z+y)) with sign of xz

  278.  * It would be on 4y^2/(1-d) = x^3 + 2(1+d)/(1-d) * x^2 + x.

  279.  * But 4/(1-d) isn't square, so we need to twist it:

  280.  * -x is on 4y^2/(d-1) = x^3 + 2(d+1)/(d-1) * x^2 + x

  281.  */

  282. void

  283. extensible_serialize (

  284.     struct p448_t*             b,

  285.     const struct extensible_t* a

  286. );

  287. 

  288. /*

  289.  * 

  290.  */

  291. void

  292. isogeny_and_serialize (

  293.     struct p448_t*                b,

  294.     const struct tw_extensible_t* a

  295. );

  296. 

  297. /*

  298.  * Deserialize a point to an untwisted affine curve

  299.  */

  300. mask_t

  301. affine_deserialize (

  302.     struct affine_t*     a,

  303.     const struct p448_t* sz

  304. );

  305. 

  306. void

  307. set_identity_extensible (

  308.     struct extensible_t* a

  309. );

  310. 

  311. void

  312. set_identity_tw_extensible (

  313.     struct tw_extensible_t* a

  314. );

  315. 

  316. void

  317. set_identity_affine (

  318.     struct affine_t* a

  319. );

  320. 

  321. mask_t

  322. eq_affine (

  323.     const struct affine_t* a,

  324.     const struct affine_t* b

  325. );

  326. 

  327. mask_t

  328. eq_extensible (

  329.     const struct extensible_t* a,

  330.     const struct extensible_t* b

  331. );

  332. 

  333. mask_t

  334. eq_tw_extensible (

  335.     const struct tw_extensible_t* a,

  336.     const struct tw_extensible_t* b

  337. );

  338. 

  339. void

  340. elligator_2s_inject (

  341.     struct affine_t*     a,

  342.     const struct p448_t* r

  343. );

  344. 

  345. mask_t

  346. p448_affine_validate (

  347.     const struct affine_t* a

  348. );

  349. 

  350. /*

  351.  * Check the invariants for struct tw_extensible_t.

  352.  * PERF: This function was automatically generated

  353.  * with no regard for speed.

  354.  */

  355. mask_t

  356. p448_tw_extensible_validate (

  357.     const struct tw_extensible_t* ext

  358. );

  359. 

  360. 

  361. void

  362. copy_affine (

  363.     struct affine_t*       a,

  364.     const struct affine_t* ds

  365. ) {

  366.     p448_copy ( &a->x, &ds->x );

  367.     p448_copy ( &a->y, &ds->y );

  368. }

  369. 

  370. void

  371. copy_tw_affine (

  372.     struct tw_affine_t*       a,

  373.     const struct tw_affine_t* ds

  374. ) {

  375.     p448_copy ( &a->x, &ds->x );

  376.     p448_copy ( &a->y, &ds->y );

  377. }

  378. 

  379. void

  380. copy_montgomery (

  381.     struct montgomery_t*       a,

  382.     const struct montgomery_t* ds

  383. ) {

  384.     p448_copy ( &a->z0, &ds->z0 );

  385.     p448_copy ( &a->xd, &ds->xd );

  386.     p448_copy ( &a->zd, &ds->zd );

  387.     p448_copy ( &a->xa, &ds->xa );

  388.     p448_copy ( &a->za, &ds->za );

  389. }

  390. 

  391. void

  392. copy_extensible (

  393.     struct extensible_t*       a,

  394.     const struct extensible_t* ds

  395. ) {

  396.     p448_copy ( &a->x, &ds->x );

  397.     p448_copy ( &a->y, &ds->y );

  398.     p448_copy ( &a->z, &ds->z );

  399.     p448_copy ( &a->t, &ds->t );

  400.     p448_copy ( &a->u, &ds->u );

  401. }

  402. 

  403. void

  404. copy_tw_extensible (

  405.     struct tw_extensible_t*       a,

  406.     const struct tw_extensible_t* ds

  407. ) {

  408.     p448_copy ( &a->x, &ds->x );

  409.     p448_copy ( &a->y, &ds->y );

  410.     p448_copy ( &a->z, &ds->z );

  411.     p448_copy ( &a->t, &ds->t );

  412.     p448_copy ( &a->u, &ds->u );

  413. }

  414. 

  415. void

  416. copy_tw_niels (

  417.     struct tw_niels_t*       a,

  418.     const struct tw_niels_t* ds

  419. ) {

  420.     p448_copy ( &a->a, &ds->a );

  421.     p448_copy ( &a->b, &ds->b );

  422.     p448_copy ( &a->c, &ds->c );

  423. }

  424. 

  425. void

  426. copy_tw_pniels (

  427.     struct tw_pniels_t*       a,

  428.     const struct tw_pniels_t* ds

  429. ) {

  430.     copy_tw_niels( &a->n, &ds->n );

  431.     p448_copy ( &a->z, &ds->z );

  432. }

  433. 

  434. 

  435. 

  436. #ifdef __cplusplus

  437. }; /* extern "C" */

  438. #endif

  439. 

  440. #endif /* __CC_INCLUDED_P448_EDWARDS_H__ */