Skip to content

Commit

Permalink
ted448 point public fields.
Browse files Browse the repository at this point in the history
  • Loading branch information
armfazh committed Jun 10, 2020
1 parent f329f01 commit 537c053
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 67 deletions.
3 changes: 1 addition & 2 deletions .etc/golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ linters-settings:
statements: 80
nestif:
min-complexity: 6
dogsled:
max-blank-identifiers: 3

issues:
max-issues-per-linter: 0
max-same-issues: 0
Expand Down
41 changes: 21 additions & 20 deletions ecc/decaf/decaf.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
package decaf

import (
"unsafe"

"github.com/cloudflare/circl/internal/ted448"
fp "github.com/cloudflare/circl/math/fp448"
)
Expand Down Expand Up @@ -55,19 +57,13 @@ func Mul(c *Elt, n *Scalar, a *Elt) { ted448.ScalarMult(&c.p, n, &a.p) }
func MulGen(c *Elt, n *Scalar) { ted448.ScalarBaseMult(&c.p, n) }

// IsIdentity returns True if e is the identity of the group.
func (e *Elt) IsIdentity() bool {
x, y, _, _, z := e.p.Coordinates()
return fp.IsZero(&x) && !fp.IsZero(&y) && !fp.IsZero(&z)
}
func (e *Elt) IsIdentity() bool { return fp.IsZero(&e.p.X) && !fp.IsZero(&e.p.Y) && !fp.IsZero(&e.p.Z) }

// IsEqual returns True if e=a, where = is an equivalence relation.
func (e *Elt) IsEqual(a *Elt) bool {
x1, y1, _, _, _ := e.p.Coordinates()
x2, y2, _, _, _ := a.p.Coordinates()

l, r := &fp.Elt{}, &fp.Elt{}
fp.Mul(l, &x1, &y2)
fp.Mul(r, &x2, &y1)
fp.Mul(l, &e.p.X, &a.p.Y)
fp.Mul(r, &a.p.X, &e.p.Y)
fp.Sub(l, l, r)
return fp.IsZero(l)
}
Expand Down Expand Up @@ -116,22 +112,27 @@ func (e *Elt) UnmarshalBinary(data []byte) error {
fp.Mul(y, y, t0) // y = (1 - a*s^2)*isr*den

isValid := isPositiveS && isLessThanP && isQR
P, err := ted448.NewPoint(x, y)
if !isValid || err != nil {
return ErrInvalidDecoding
b := uint(*((*byte)(unsafe.Pointer(&isValid))))
fp.Cmov(&e.p.X, x, b)
fp.Cmov(&e.p.Y, y, b)
fp.Cmov(&e.p.Ta, x, b)
fp.Cmov(&e.p.Tb, y, b)
fp.Cmov(&e.p.Z, &one, b)
var err error
if !isValid {
err = ErrInvalidDecoding
}
e.p = *P
return nil
return err
}

// MarshalBinary returns a unique encoding of the element e.
func (e *Elt) MarshalBinary() ([]byte, error) {
x, _, ta, tb, z := e.p.Coordinates()
x, ta, tb, z := &e.p.X, &e.p.Ta, &e.p.Tb, &e.p.Z
one, t, t2, s := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
fp.SetOne(one)
fp.Mul(t, &ta, &tb) // t = ta*tb
t0, t1 := x, *t // (t0,t1) = (x,t)
fp.Sqr(t2, &x) // t2 = x^2
fp.Mul(t, ta, tb) // t = ta*tb
t0, t1 := *x, *t // (t0,t1) = (x,t)
fp.Sqr(t2, x) // t2 = x^2
fp.AddSub(&t0, &t1) // (t0,t1) = (x+t,x-t)
fp.Mul(&t1, &t0, &t1) // t1 = (x+t)*(x-t)
fp.Mul(&t0, &t1, &aMinusDTwist) // t0 = (a-d)*(x+t)*(x-t)
Expand All @@ -142,9 +143,9 @@ func (e *Elt) MarshalBinary() ([]byte, error) {
isNeg := fp.Parity(t2) // isNeg = sgn(t2)
fp.Neg(t2, &t1) // t2 = -t1
fp.Cmov(&t1, t2, uint(isNeg)) // if t2 is negative then t1 = -t1
fp.Mul(s, &t1, &z) // s = t1*z
fp.Mul(s, &t1, z) // s = t1*z
fp.Sub(s, s, t) // s = t1*z - t
fp.Mul(s, s, &x) // s = x*(t1*z - t)
fp.Mul(s, s, x) // s = x*(t1*z - t)
fp.Mul(s, s, &t0) // s = isr*x*(t1*z - t)
fp.Mul(s, s, &aMinusDTwist) // s = (a-d)*isr*x*(t1*z - t)
isNeg = fp.Parity(s) // isNeg = sgn(s)
Expand Down
16 changes: 8 additions & 8 deletions internal/ted448/curve.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ import (
)

// Identity returns the identity point.
func Identity() Point { return Point{y: fp.One(), z: fp.One()} }
func Identity() Point { return Point{Y: fp.One(), Z: fp.One()} }

// Generator returns the generator point.
func Generator() Point { return Point{x: genX, y: genY, z: fp.One(), ta: genX, tb: genY} }
func Generator() Point { return Point{X: genX, Y: genY, Z: fp.One(), Ta: genX, Tb: genY} }

// Order returns the number of points in the prime subgroup.
func Order() Scalar { return order }
Expand All @@ -23,18 +23,18 @@ func IsOnCurve(P *Point) bool {
eq0 := *P != Point{}
x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
rhs, lhs := &fp.Elt{}, &fp.Elt{}
fp.Mul(t, &P.ta, &P.tb) // t = ta*tb
fp.Sqr(x2, &P.x) // x^2
fp.Sqr(y2, &P.y) // y^2
fp.Sqr(z2, &P.z) // z^2
fp.Mul(t, &P.Ta, &P.Tb) // t = ta*tb
fp.Sqr(x2, &P.X) // x^2
fp.Sqr(y2, &P.Y) // y^2
fp.Sqr(z2, &P.Z) // z^2
fp.Sqr(t2, t) // t^2
fp.Sub(lhs, y2, x2) // -x^2 + y^2, since a=-1
fp.Mul(rhs, t2, &ParamD) // dt^2
fp.Add(rhs, rhs, z2) // z^2 + dt^2
fp.Sub(lhs, lhs, rhs) // ax^2 + y^2 - (z^2 + dt^2)
eq1 := fp.IsZero(lhs)
fp.Mul(lhs, &P.x, &P.y) // xy
fp.Mul(rhs, t, &P.z) // tz
fp.Mul(lhs, &P.X, &P.Y) // xy
fp.Mul(rhs, t, &P.Z) // tz
fp.Sub(lhs, lhs, rhs) // xy - tz
eq2 := fp.IsZero(lhs)
return eq0 && eq1 && eq2
Expand Down
61 changes: 24 additions & 37 deletions internal/ted448/point.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
package ted448

import (
"errors"
"fmt"

fp "github.com/cloudflare/circl/math/fp448"
)

// Point defines a point on the ted448 curve.
type Point struct{ x, y, z, ta, tb fp.Elt }
type Point struct{ X, Y, Z, Ta, Tb fp.Elt }

type prePointAffine struct{ addYX, subYX, dt2 fp.Elt }

Expand All @@ -18,36 +17,24 @@ type prePointProy struct {
}

func (P Point) String() string {
return fmt.Sprintf("x: %v\ny: %v\nta: %v\ntb: %v\nz: %v", P.x, P.y, P.ta, P.tb, P.z)
return fmt.Sprintf("x: %v\ny: %v\nta: %v\ntb: %v\nz: %v", P.X, P.Y, P.Ta, P.Tb, P.Z)
}

// NewPoint creates a point from affine coordinates.
func NewPoint(x, y *fp.Elt) (*Point, error) {
P := &Point{x: *x, y: *y, ta: *x, tb: *y, z: fp.One()}
if !IsOnCurve(P) {
return nil, errors.New("invalid point")
}
return P, nil
}

// Coordinates returns a copy of the coordinates.
func (P *Point) Coordinates() (x, y, ta, tb, z fp.Elt) { return P.x, P.y, P.ta, P.tb, P.z }

// cneg conditionally negates the point if b=1.
func (P *Point) cneg(b uint) {
t := &fp.Elt{}
fp.Neg(t, &P.x)
fp.Cmov(&P.x, t, b)
fp.Neg(t, &P.ta)
fp.Cmov(&P.ta, t, b)
fp.Neg(t, &P.X)
fp.Cmov(&P.X, t, b)
fp.Neg(t, &P.Ta)
fp.Cmov(&P.Ta, t, b)
}

// Double updates P with 2P.
func (P *Point) Double() {
// This is formula (7) from "ed448 Edwards Curves Revisited" by
// Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
// https://doi.org/10.1007/978-3-540-89255-7_20
Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
Px, Py, Pz, Pta, Ptb := &P.X, &P.Y, &P.Z, &P.Ta, &P.Tb
a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb
fp.Add(e, Px, Py) // x+y
fp.Sqr(a, Px) // A = x^2
Expand All @@ -66,7 +53,7 @@ func (P *Point) Double() {

// mixAdd calulates P= P+Q, where Q is a precomputed448 point with Z_Q = 1.
func (P *Point) mixAddZ1(Q *prePointAffine) {
fp.Add(&P.z, &P.z, &P.z) // D = 2*z1 (z2=1)
fp.Add(&P.Z, &P.Z, &P.Z) // D = 2*z1 (z2=1)
P.coreAddition(Q)
}

Expand All @@ -75,7 +62,7 @@ func (P *Point) coreAddition(Q *prePointAffine) {
// This is the formula following (5) from "ed448 Edwards Curves Revisited" by
// Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
// https://doi.org/10.1007/978-3-540-89255-7_20
Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
Px, Py, Pz, Pta, Ptb := &P.X, &P.Y, &P.Z, &P.Ta, &P.Tb
addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2
a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb
fp.Mul(c, Pta, Ptb) // t1 = ta*tb
Expand Down Expand Up @@ -113,37 +100,37 @@ func (P *prePointAffine) cmov(Q *prePointAffine, b uint) {

// mixAdd calculates P= P+Q, where Q is a precomputed448 point with Z_Q != 1.
func (P *Point) mixAdd(Q *prePointProy) {
fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2
fp.Mul(&P.Z, &P.Z, &Q.z2) // D = 2*z1*z2
P.coreAddition(&Q.prePointAffine)
}

// IsIdentity returns True is P is the identity.
func (P *Point) IsIdentity() bool {
return fp.IsZero(&P.x) && !fp.IsZero(&P.y) && !fp.IsZero(&P.z) && P.y == P.z
return fp.IsZero(&P.X) && !fp.IsZero(&P.Y) && !fp.IsZero(&P.Z) && P.Y == P.Z
}

// IsEqual returns True if P is equivalent to Q.
func (P *Point) IsEqual(Q *Point) bool {
l, r := &fp.Elt{}, &fp.Elt{}
fp.Mul(l, &P.x, &Q.z)
fp.Mul(r, &Q.x, &P.z)
fp.Mul(l, &P.X, &Q.Z)
fp.Mul(r, &Q.X, &P.Z)
fp.Sub(l, l, r)
b := fp.IsZero(l)
fp.Mul(l, &P.y, &Q.z)
fp.Mul(r, &Q.y, &P.z)
fp.Mul(l, &P.Y, &Q.Z)
fp.Mul(r, &Q.Y, &P.Z)
fp.Sub(l, l, r)
b = b && fp.IsZero(l)
fp.Mul(l, &P.ta, &P.tb)
fp.Mul(l, l, &Q.z)
fp.Mul(r, &Q.ta, &Q.tb)
fp.Mul(r, r, &P.z)
fp.Mul(l, &P.Ta, &P.Tb)
fp.Mul(l, l, &Q.Z)
fp.Mul(r, &Q.Ta, &Q.Tb)
fp.Mul(r, r, &P.Z)
fp.Sub(l, l, r)
b = b && fp.IsZero(l)
return b
}

// Neg obtains the inverse of P.
func (P *Point) Neg() { fp.Neg(&P.x, &P.x); fp.Neg(&P.ta, &P.ta) }
func (P *Point) Neg() { fp.Neg(&P.X, &P.X); fp.Neg(&P.Ta, &P.Ta) }

// Add calculates P = P+Q.
func (P *Point) Add(Q *Point) {
Expand Down Expand Up @@ -176,10 +163,10 @@ func (P *prePointProy) cmov(Q *prePointProy, b uint) {

// FromPoint precomputes some coordinates of Q for mised addition.
func (P *prePointProy) FromPoint(Q *Point) {
fp.Add(&P.addYX, &Q.y, &Q.x) // addYX = X + Y
fp.Sub(&P.subYX, &Q.y, &Q.x) // subYX = Y - X
fp.Mul(&P.dt2, &Q.ta, &Q.tb) // T = ta*tb
fp.Add(&P.addYX, &Q.Y, &Q.X) // addYX = X + Y
fp.Sub(&P.subYX, &Q.Y, &Q.X) // subYX = Y - X
fp.Mul(&P.dt2, &Q.Ta, &Q.Tb) // T = ta*tb
fp.Mul(&P.dt2, &P.dt2, &ParamD) // D*T
fp.Add(&P.dt2, &P.dt2, &P.dt2) // dt2 = 2*D*T
fp.Add(&P.z2, &Q.z, &Q.z) // z2 = 2*Z
fp.Add(&P.z2, &Q.Z, &Q.Z) // z2 = 2*Z
}

0 comments on commit 537c053

Please sign in to comment.