jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: ed6fdbf3c3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed6fdbf3c3'
${ noResults }
ed448goldilocks/scalarmul.h

118 lines
2.5 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. #ifndef __P448_ALGO_H__

  5. #define __P448_ALGO_H__ 1

  6. 

  7. #include "ec_point.h"

  8. 

  9. #ifdef __cplusplus

  10. extern "C" {

  11. #endif

  12. 

  13. /*

  14.  * Out = scalar * in, encoded in inverse square root

  15.  * format.

  16.  *

  17.  * nbits is the number of bits in scalar.

  18.  *

  19.  * The scalar is to be presented in little-endian form,

  20.  * meaning that scalar[0] contains the least significant

  21.  * word of the scalar.

  22.  * 

  23.  * If the point "in" is on the curve, the return

  24.  * value will be set (to -1).

  25.  *

  26.  * If the point "in" is not on the curve, then the

  27.  * output will be incorrect.  If the scalar is even,

  28.  * this condition will be detected by returning 0,

  29.  * unless the output is the identity point (0; TODO).

  30.  * If the scalar is odd, the value returned will be

  31.  * set (to -1; TODO).

  32.  *

  33.  * The input and output points are always even.

  34.  * Therefore on a cofactor-4 curve like Goldilocks,

  35.  * it is sufficient for security to make the scalar

  36.  * even.  (TODO: detect when i/o has cofactor?)

  37.  *

  38.  * This function takes constant time, depending on

  39.  * nbits but not on in or scalar.

  40.  */

  41. mask_t

  42. p448_montgomery_ladder(

  43.     struct p448_t *out,

  44.     const struct p448_t *in,

  45.     const uint64_t *scalar,

  46.     int nbits,

  47.     int n_extra_doubles

  48. );

  49. 

  50. void

  51. edwards_scalar_multiply(

  52.     struct tw_extensible_t *working,

  53.     const uint64_t scalar[7]

  54.     /* TODO? int nbits */

  55. );

  56. 

  57. void

  58. edwards_scalar_multiply_vlook(

  59.     struct tw_extensible_t *working,

  60.     const uint64_t scalar[7]

  61.     /* TODO? int nbits */

  62. );

  63.     

  64. mask_t

  65. precompute_for_combs(

  66.   struct tw_niels_t *out,

  67.   const struct tw_extensible_t *const_base,

  68.   int n,

  69.   int t,

  70.   int s

  71. );

  72.     

  73. void

  74. edwards_comb(

  75.     struct tw_extensible_t *working,

  76.     const word_t scalar[7],

  77.     const struct tw_niels_t *table,

  78.     int n,

  79.     int t,

  80.     int s

  81. );

  82. 

  83. void

  84. edwards_scalar_multiply_vt(

  85.     struct tw_extensible_t *working,

  86.     const uint64_t scalar[7]

  87. );

  88.     

  89. void

  90. edwards_scalar_multiply_vt_pre(

  91.     struct tw_extensible_t *working,

  92.     const uint64_t scalar[7],

  93.     const struct tw_niels_t *precmp,

  94.     int table_bits

  95. );

  96. 

  97. mask_t

  98. precompute_for_wnaf(

  99.     struct tw_niels_t *out,

  100.     const struct tw_extensible_t *const_base,

  101.     int tbits

  102. ); /* TODO: attr don't ignore... */

  103. 

  104. void

  105. edwards_combo_var_fixed_vt(

  106.     struct tw_extensible_t *working,

  107.     const uint64_t scalar_var[7],

  108.     const uint64_t scalar_pre[7],

  109.     const struct tw_niels_t *precmp,

  110.     int table_bits_pre

  111. );

  112. 

  113. #ifdef __cplusplus

  114. };

  115. #endif

  116. 

  117. #endif /* __P448_ALGO_H__ */