|
- /**
- * @cond internal
- * @file field.c
- * @copyright
- * Copyright (c) 2014 Cryptography Research, Inc. \n
- * Released under the MIT License. See LICENSE.txt for license information.
- * @author Mike Hamburg
- * @brief High-level arithmetic routines, independent of field (except 3 mod 4).
- */
-
- #include "field.h"
- #include "ec_point.h"
-
- mask_t
- field_eq (
- const field_a_t a,
- const field_a_t b
- ) {
- field_a_t ra, rb;
- field_copy(ra, a);
- field_copy(rb, b);
- field_weak_reduce(ra);
- field_weak_reduce(rb);
- field_sub_RAW(ra, ra, rb);
- field_bias(ra, 2);
- return field_is_zero(ra);
- }
-
- void
- field_inverse (
- field_a_t a,
- const field_a_t x
- ) {
- field_a_t L0, L1;
- field_isr ( L0, x );
- field_sqr ( L1, L0 );
- field_sqr ( L0, L1 );
- field_mul ( a, x, L0 );
- }
-
- mask_t
- field_is_square (
- const field_a_t x
- ) {
- field_a_t L0, L1;
- field_isr ( L0, x );
- field_sqr ( L1, L0 );
- field_mul ( L0, x, L1 );
- field_subw( L0, 1 );
- return field_is_zero( L0 ) | field_is_zero( x );
- }
-
- void
- field_simultaneous_invert (
- field_a_t *__restrict__ out,
- const field_a_t *in,
- unsigned int n
- ) {
- if (n==0) {
- return;
- } else if (n==1) {
- field_inverse(out[0],in[0]);
- return;
- }
-
- field_copy(out[1], in[0]);
- int i;
- for (i=1; i<(int) (n-1); i++) {
- field_mul(out[i+1], out[i], in[i]);
- }
- field_mul(out[0], out[n-1], in[n-1]);
-
- field_a_t tmp;
- field_inverse(tmp, out[0]);
- field_copy(out[0], tmp);
-
- /* at this point, out[0] = product(in[i]) ^ -1
- * out[i] = product(in[0]..in[i-1]) if i != 0
- */
- for (i=n-1; i>0; i--) {
- field_mul(tmp, out[i], out[0]);
- field_copy(out[i], tmp);
-
- field_mul(tmp, out[0], in[i]);
- field_copy(out[0], tmp);
- }
- }
|
