jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 25697caf5c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '25697caf5c'
${ noResults }
ed448goldilocks/scalarmul.h

113 lines
2.5 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P448_ALGO_H__

  5. #define __P448_ALGO_H__ 1

  6. 

  7. #include "ec_point.h"

  8. 

  9. #ifdef __cplusplus

  10. extern "C" {

  11. #endif

  12. 

  13. /*

  14.  * Out = scalar * in, encoded in inverse square root

  15.  * format.

  16.  *

  17.  * nbits is the number of bits in scalar.

  18.  *

  19.  * The scalar is to be presented in little-endian form,

  20.  * meaning that scalar[0] contains the least significant

  21.  * word of the scalar.

  22.  * 

  23.  * If the point "in" is on the curve, the return

  24.  * value will be set (to -1).

  25.  *

  26.  * If the point "in" is not on the curve, then the

  27.  * output will be incorrect.  If the scalar is even,

  28.  * this condition will be detected by returning 0,

  29.  * unless the output is the identity point (0; TODO).

  30.  * If the scalar is odd, the value returned will be

  31.  * set (to -1; TODO).

  32.  *

  33.  * The input and output points are always even.

  34.  * Therefore on a cofactor-4 curve like Goldilocks,

  35.  * it is sufficient for security to make the scalar

  36.  * even.  (TODO: detect when i/o has cofactor?)

  37.  *

  38.  * This function takes constant time, depending on

  39.  * nbits but not on in or scalar.

  40.  */

  41. mask_t

  42. p448_montgomery_ladder(

  43.     struct p448_t *out,

  44.     const struct p448_t *in,

  45.     const uint64_t *scalar,

  46.     int nbits,

  47.     int n_extra_doubles

  48. );

  49. 

  50. void

  51. edwards_scalar_multiply(

  52.     struct tw_extensible_t *working,

  53.     const uint64_t scalar[7]

  54.     /* TODO? int nbits */

  55. );

  56.     

  57. mask_t

  58. precompute_for_combs(

  59.   struct tw_niels_t *out,

  60.   const struct tw_extensible_t *const_base,

  61.   int n,

  62.   int t,

  63.   int s

  64. );

  65.     

  66. void

  67. edwards_comb(

  68.     struct tw_extensible_t *working,

  69.     const word_t scalar[7],

  70.     const struct tw_niels_t *table,

  71.     int n,

  72.     int t,

  73.     int s

  74. );

  75. 

  76. /* TODO: void.  int is just for diagnostic purposes. */

  77. int

  78. edwards_scalar_multiply_vt(

  79.     struct tw_extensible_t *working,

  80.     const uint64_t scalar[7]

  81. );

  82.     

  83. void

  84. edwards_scalar_multiply_vt_pre(

  85.     struct tw_extensible_t *working,

  86.     const uint64_t scalar[7],

  87.     const struct tw_niels_t *precmp,

  88.     int table_bits

  89. );

  90. 

  91. mask_t

  92. precompute_for_wnaf(

  93.     struct tw_niels_t *out,

  94.     const struct tw_extensible_t *const_base,

  95.     int tbits

  96. ); /* TODO: attr don't ignore... */

  97. 

  98. /* TODO: void.  int is just for diagnostic purposes. */

  99. int

  100. edwards_combo_var_fixed_vt(

  101.     struct tw_extensible_t *working,

  102.     const uint64_t scalar_var[7],

  103.     const uint64_t scalar_pre[7],

  104.     const struct tw_niels_t *precmp,

  105.     int table_bits_pre

  106. );

  107. 

  108. #ifdef __cplusplus

  109. };

  110. #endif

  111. 

  112. #endif /* __P448_ALGO_H__ */