Add specialized ge_mul_l() to multiply by the order of the main subgroup
This commit is contained in:
parent
6de26b59d7
commit
eaab512788
@ -1913,6 +1913,61 @@ ge_scalarmult_base(ge_p3 *h, const unsigned char *a)
|
||||
}
|
||||
}
|
||||
|
||||
/* multiply by the order of the main subgroup l = 2^252+27742317777372353535851937790883648493 */
|
||||
void
|
||||
ge_mul_l(ge_p3 *r, const ge_p3 *A)
|
||||
{
|
||||
static const signed char aslide[253] = {
|
||||
13, 0, 0, 0, 0, -1, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, -5, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, -13, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, -13, 0, 0, 0, 0, 0, 0, -3, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 3, 0, 0, 0, 0, -11, 0, 0, 0, 0, 0, 0, 0, 15, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 7, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
|
||||
};
|
||||
ge_cached Ai[8];
|
||||
ge_p1p1 t;
|
||||
ge_p3 u;
|
||||
ge_p3 A2;
|
||||
int i;
|
||||
|
||||
ge_p3_to_cached(&Ai[0], A);
|
||||
ge_p3_dbl(&t, A);
|
||||
ge_p1p1_to_p3(&A2, &t);
|
||||
ge_add(&t, &A2, &Ai[0]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[1], &u);
|
||||
ge_add(&t, &A2, &Ai[1]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[2], &u);
|
||||
ge_add(&t, &A2, &Ai[2]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[3], &u);
|
||||
ge_add(&t, &A2, &Ai[3]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[4], &u);
|
||||
ge_add(&t, &A2, &Ai[4]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[5], &u);
|
||||
ge_add(&t, &A2, &Ai[5]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[6], &u);
|
||||
ge_add(&t, &A2, &Ai[6]);
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_p3_to_cached(&Ai[7], &u);
|
||||
|
||||
ge_p3_0(r);
|
||||
|
||||
for (i = 252; i >= 0; --i) {
|
||||
ge_p3_dbl(&t, r);
|
||||
|
||||
if (aslide[i] > 0) {
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_add(&t, &u, &Ai[aslide[i] / 2]);
|
||||
} else if (aslide[i] < 0) {
|
||||
ge_p1p1_to_p3(&u, &t);
|
||||
ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
|
||||
}
|
||||
|
||||
ge_p1p1_to_p3(r, &t);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
Input:
|
||||
a[0]+256*a[1]+...+256^31*a[31] = a
|
||||
|
@ -42,13 +42,6 @@ crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 2^252+27742317777372353535851937790883648493 */
|
||||
static const unsigned char L[32] = {
|
||||
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
|
||||
0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
|
||||
};
|
||||
|
||||
int
|
||||
crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
|
||||
const unsigned char *ed25519_pk)
|
||||
@ -62,7 +55,7 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
|
||||
ge_frombytes_negate_vartime(&A, ed25519_pk) != 0) {
|
||||
return -1;
|
||||
}
|
||||
ge_scalarmult_vartime(&pl, L, &A);
|
||||
ge_mul_l(&pl, &A);
|
||||
if (fe_isnonzero(pl.X)) {
|
||||
return -1;
|
||||
}
|
||||
|
@ -123,6 +123,7 @@ typedef struct {
|
||||
#define ge_scalarmult_base crypto_core_curve25519_ref10_ge_scalarmult_base
|
||||
#define ge_double_scalarmult_vartime crypto_core_curve25519_ref10_ge_double_scalarmult_vartime
|
||||
#define ge_scalarmult_vartime crypto_core_curve25519_ref10_ge_scalarmult_vartime
|
||||
#define ge_mul_l crypto_core_curve25519_ref10_ge_mul_l
|
||||
|
||||
extern void ge_tobytes(unsigned char *,const ge_p2 *);
|
||||
extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
|
||||
@ -145,6 +146,7 @@ extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
|
||||
extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
|
||||
extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
|
||||
extern void ge_scalarmult_vartime(ge_p3 *,const unsigned char *,const ge_p3 *);
|
||||
extern void ge_mul_l(ge_p3 *r, const ge_p3 *A);
|
||||
|
||||
/*
|
||||
The set of scalars is \Z/l
|
||||
|
Loading…
Reference in New Issue
Block a user