From c94c477f24cc30cb8b5934234aeb8930d4db26ef Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 26 May 2020 13:01:00 +0200 Subject: [PATCH] Faster sc25519 inversion, with one less squaring --- .../crypto_core/ed25519/ref10/ed25519_ref10.c | 80 ++++++++++--------- 1 file changed, 43 insertions(+), 37 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index e7878266..b0328834 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -2071,46 +2071,52 @@ sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32]) void sc25519_invert(unsigned char recip[32], const unsigned char s[32]) { - unsigned char _10[32], _100[32], _11[32], _101[32], _111[32], - _1001[32], _1011[32], _1111[32]; + unsigned char _10[32], _100[32], _1000[32], _10000[32], _100000[32], + _1000000[32], _10010011[32], _10010111[32], _100110[32], _1010[32], + _1010000[32], _1010011[32], _1011[32], _10110[32], _10111101[32], + _11[32], _1100011[32], _1100111[32], _11010011[32], _1101011[32], + _11100111[32], _11101011[32], _11110101[32]; sc25519_sq(_10, s); - sc25519_sq(_100, _10); - sc25519_mul(_11, _10, s); - sc25519_mul(_101, _10, _11); - sc25519_mul(_111, _10, _101); - sc25519_mul(_1001, _10, _111); - sc25519_mul(_1011, _10, _1001); - sc25519_mul(_1111, _100, _1011); - sc25519_mul(recip, _1111, s); + sc25519_mul(_11, s, _10); + sc25519_mul(_100, s, _11); + sc25519_sq(_1000, _100); + sc25519_mul(_1010, _10, _1000); + sc25519_mul(_1011, s, _1010); + sc25519_sq(_10000, _1000); + sc25519_sq(_10110, _1011); + sc25519_mul(_100000, _1010, _10110); + sc25519_mul(_100110, _10000, _10110); + sc25519_sq(_1000000, _100000); + sc25519_mul(_1010000, _10000, _1000000); + sc25519_mul(_1010011, _11, _1010000); + sc25519_mul(_1100011, _10000, _1010011); + sc25519_mul(_1100111, _100, _1100011); + sc25519_mul(_1101011, _100, _1100111); + sc25519_mul(_10010011, _1000000, _1010011); + sc25519_mul(_10010111, _100, _10010011); + sc25519_mul(_10111101, _100110, _10010111); + sc25519_mul(_11010011, _10110, _10111101); + sc25519_mul(_11100111, _1010000, _10010111); + sc25519_mul(_11101011, _100, _11100111); + sc25519_mul(_11110101, _1010, _11101011); - sc25519_sqmul(recip, 123 + 3, _101); - sc25519_sqmul(recip, 2 + 2, _11); - sc25519_sqmul(recip, 1 + 4, _1111); - sc25519_sqmul(recip, 1 + 4, _1111); - sc25519_sqmul(recip, 4, _1001); - sc25519_sqmul(recip, 2, _11); - sc25519_sqmul(recip, 1 + 4, _1111); - sc25519_sqmul(recip, 1 + 3, _101); - sc25519_sqmul(recip, 3 + 3, _101); - sc25519_sqmul(recip, 3, _111); - sc25519_sqmul(recip, 1 + 4, _1111); - sc25519_sqmul(recip, 2 + 3, _111); - sc25519_sqmul(recip, 2 + 2, _11); - sc25519_sqmul(recip, 1 + 4, _1011); - sc25519_sqmul(recip, 2 + 4, _1011); - sc25519_sqmul(recip, 6 + 4, _1001); - sc25519_sqmul(recip, 2 + 2, _11); - sc25519_sqmul(recip, 3 + 2, _11); - sc25519_sqmul(recip, 3 + 2, _11); - sc25519_sqmul(recip, 1 + 4, _1001); - sc25519_sqmul(recip, 1 + 3, _111); - sc25519_sqmul(recip, 2 + 4, _1111); - sc25519_sqmul(recip, 1 + 4, _1011); - sc25519_sqmul(recip, 3, _101); - sc25519_sqmul(recip, 2 + 4, _1111); - sc25519_sqmul(recip, 3, _101); - sc25519_sqmul(recip, 1 + 2, _11); + sc25519_mul(recip, _1011, _11110101); + sc25519_sqmul(recip, 126, _1010011); + sc25519_sqmul(recip, 9, _10); + sc25519_mul(recip, recip, _11110101); + sc25519_sqmul(recip, 7, _1100111); + sc25519_sqmul(recip, 9, _11110101); + sc25519_sqmul(recip, 11, _10111101); + sc25519_sqmul(recip, 8, _11100111); + sc25519_sqmul(recip, 9, _1101011); + sc25519_sqmul(recip, 6, _1011); + sc25519_sqmul(recip, 14, _10010011); + sc25519_sqmul(recip, 10, _1100011); + sc25519_sqmul(recip, 9, _10010111); + sc25519_sqmul(recip, 10, _11110101); + sc25519_sqmul(recip, 8, _11010011); + sc25519_sqmul(recip, 8, _11101011); } /*