commit
03b155901e
64
src/fq.rs
64
src/fq.rs
|
@ -109,14 +109,7 @@ impl<'a, 'b> Add<&'b Fq> for &'a Fq {
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
fn add(self, rhs: &'b Fq) -> Fq {
|
fn add(self, rhs: &'b Fq) -> Fq {
|
||||||
let (d0, carry) = adc(self.0[0], rhs.0[0], 0);
|
self.field_add(rhs)
|
||||||
let (d1, carry) = adc(self.0[1], rhs.0[1], carry);
|
|
||||||
let (d2, carry) = adc(self.0[2], rhs.0[2], carry);
|
|
||||||
let (d3, _) = adc(self.0[3], rhs.0[3], carry);
|
|
||||||
|
|
||||||
// Attempt to subtract the modulus, to ensure the value
|
|
||||||
// is smaller than the modulus.
|
|
||||||
Fq([d0, d1, d2, d3]) - &MODULUS
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -554,7 +547,7 @@ impl Fq {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
const fn multiply(&self, rhs: &Self) -> Self {
|
pub(crate) const fn multiply(&self, rhs: &Self) -> Self {
|
||||||
// Schoolbook multiplication
|
// Schoolbook multiplication
|
||||||
|
|
||||||
let (r0, carry) = mac(0, self.0[0], rhs.0[0], 0);
|
let (r0, carry) = mac(0, self.0[0], rhs.0[0], 0);
|
||||||
|
@ -581,7 +574,7 @@ impl Fq {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
const fn subtract(&self, rhs: &Self) -> Self {
|
pub(crate) const fn subtract(&self, rhs: &Self) -> Self {
|
||||||
let (d0, borrow) = sbb(self.0[0], rhs.0[0], 0);
|
let (d0, borrow) = sbb(self.0[0], rhs.0[0], 0);
|
||||||
let (d1, borrow) = sbb(self.0[1], rhs.0[1], borrow);
|
let (d1, borrow) = sbb(self.0[1], rhs.0[1], borrow);
|
||||||
let (d2, borrow) = sbb(self.0[2], rhs.0[2], borrow);
|
let (d2, borrow) = sbb(self.0[2], rhs.0[2], borrow);
|
||||||
|
@ -596,6 +589,18 @@ impl Fq {
|
||||||
|
|
||||||
Fq([d0, d1, d2, d3])
|
Fq([d0, d1, d2, d3])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub(crate) const fn field_add(&self, rhs: &Self) -> Self {
|
||||||
|
let (d0, carry) = adc(self.0[0], rhs.0[0], 0);
|
||||||
|
let (d1, carry) = adc(self.0[1], rhs.0[1], carry);
|
||||||
|
let (d2, carry) = adc(self.0[2], rhs.0[2], carry);
|
||||||
|
let (d3, _) = adc(self.0[3], rhs.0[3], carry);
|
||||||
|
|
||||||
|
// Attempt to subtract the modulus, to ensure the value
|
||||||
|
// is smaller than the modulus.
|
||||||
|
Fq([d0, d1, d2, d3]).subtract(&MODULUS)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> From<&'a Fq> for [u8; 32] {
|
impl<'a> From<&'a Fq> for [u8; 32] {
|
||||||
|
@ -687,7 +692,8 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
0, 0, 0
|
0, 0, 0
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
Fq::zero()
|
Fq::zero()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -695,7 +701,8 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
0, 0, 0
|
0, 0, 0
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
Fq::one()
|
Fq::one()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -703,7 +710,8 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
254, 255, 255, 255, 1, 0, 0, 0, 2, 72, 3, 0, 250, 183, 132, 88, 245, 79, 188, 236, 239,
|
254, 255, 255, 255, 1, 0, 0, 0, 2, 72, 3, 0, 250, 183, 132, 88, 245, 79, 188, 236, 239,
|
||||||
79, 140, 153, 111, 5, 197, 172, 89, 177, 36, 24
|
79, 140, 153, 111, 5, 197, 172, 89, 177, 36, 24
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
R2
|
R2
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -712,8 +720,10 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
0, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
0, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
||||||
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
||||||
]).is_some()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_some()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
// modulus is invalid
|
// modulus is invalid
|
||||||
|
@ -721,8 +731,10 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
||||||
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
// Anything larger than the modulus is invalid
|
// Anything larger than the modulus is invalid
|
||||||
|
@ -730,22 +742,28 @@ fn test_from_bytes() {
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
2, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
2, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
||||||
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
assert!(
|
assert!(
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
||||||
216, 58, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
216, 58, 51, 72, 125, 157, 41, 83, 167, 237, 115
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
assert!(
|
assert!(
|
||||||
Fq::from_bytes([
|
Fq::from_bytes([
|
||||||
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
1, 0, 0, 0, 255, 255, 255, 255, 254, 91, 254, 255, 2, 164, 189, 83, 5, 216, 161, 9, 8,
|
||||||
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 116
|
216, 57, 51, 72, 125, 157, 41, 83, 167, 237, 116
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
39
src/fr.rs
39
src/fr.rs
|
@ -645,7 +645,8 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
0, 0, 0
|
0, 0, 0
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
Fr::zero()
|
Fr::zero()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -653,7 +654,8 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
0, 0, 0
|
0, 0, 0
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
Fr::one()
|
Fr::one()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -661,7 +663,8 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
217, 7, 150, 185, 179, 11, 248, 37, 80, 231, 182, 102, 47, 214, 21, 243, 244, 20, 136,
|
217, 7, 150, 185, 179, 11, 248, 37, 80, 231, 182, 102, 47, 214, 21, 243, 244, 20, 136,
|
||||||
235, 238, 20, 37, 147, 198, 85, 145, 71, 111, 252, 166, 9
|
235, 238, 20, 37, 147, 198, 85, 145, 71, 111, 252, 166, 9
|
||||||
]).unwrap(),
|
])
|
||||||
|
.unwrap(),
|
||||||
R2
|
R2
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -670,8 +673,10 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
182, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
182, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
||||||
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
||||||
]).is_some()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_some()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
// modulus is invalid
|
// modulus is invalid
|
||||||
|
@ -679,8 +684,10 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
||||||
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
// Anything larger than the modulus is invalid
|
// Anything larger than the modulus is invalid
|
||||||
|
@ -688,24 +695,30 @@ fn test_from_bytes() {
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
184, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
184, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
||||||
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
assert!(
|
assert!(
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
||||||
1, 1, 59, 104, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
1, 1, 59, 104, 6, 169, 175, 51, 101, 234, 180, 125, 14
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
|
|
||||||
assert!(
|
assert!(
|
||||||
Fr::from_bytes([
|
Fr::from_bytes([
|
||||||
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
183, 44, 247, 214, 94, 14, 151, 208, 130, 16, 200, 204, 147, 32, 104, 166, 0, 59, 52,
|
||||||
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 15
|
1, 1, 59, 103, 6, 169, 175, 51, 101, 234, 180, 125, 15
|
||||||
]).is_none()
|
])
|
||||||
.unwrap_u8() == 1
|
.is_none()
|
||||||
|
.unwrap_u8()
|
||||||
|
== 1
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
32
src/lib.rs
32
src/lib.rs
|
@ -371,11 +371,11 @@ impl AffinePoint {
|
||||||
|
|
||||||
/// Performs a pre-processing step that produces an `AffineNielsPoint`
|
/// Performs a pre-processing step that produces an `AffineNielsPoint`
|
||||||
/// for use in multiple additions.
|
/// for use in multiple additions.
|
||||||
pub fn to_niels(&self) -> AffineNielsPoint {
|
pub const fn to_niels(&self) -> AffineNielsPoint {
|
||||||
AffineNielsPoint {
|
AffineNielsPoint {
|
||||||
v_plus_u: &self.v + &self.u,
|
v_plus_u: self.v.field_add(&self.u),
|
||||||
v_minus_u: &self.v - &self.u,
|
v_minus_u: self.v.subtract(&self.u),
|
||||||
t2d: &self.u * &self.v * EDWARDS_D2,
|
t2d: self.u.multiply(&self.v).multiply(&EDWARDS_D2),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -545,7 +545,8 @@ impl ExtendedPoint {
|
||||||
v: vv_plus_uu,
|
v: vv_plus_uu,
|
||||||
z: vv_minus_uu,
|
z: vv_minus_uu,
|
||||||
t: &zz2 - &vv_minus_uu,
|
t: &zz2 - &vv_minus_uu,
|
||||||
}.into_extended()
|
}
|
||||||
|
.into_extended()
|
||||||
}
|
}
|
||||||
|
|
||||||
#[inline]
|
#[inline]
|
||||||
|
@ -630,7 +631,8 @@ impl<'a, 'b> Add<&'b ExtendedNielsPoint> for &'a ExtendedPoint {
|
||||||
v: &b + &a,
|
v: &b + &a,
|
||||||
z: &d + &c,
|
z: &d + &c,
|
||||||
t: &d - &c,
|
t: &d - &c,
|
||||||
}.into_extended()
|
}
|
||||||
|
.into_extended()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -648,7 +650,8 @@ impl<'a, 'b> Sub<&'b ExtendedNielsPoint> for &'a ExtendedPoint {
|
||||||
v: &b + &a,
|
v: &b + &a,
|
||||||
z: &d - &c,
|
z: &d - &c,
|
||||||
t: &d + &c,
|
t: &d + &c,
|
||||||
}.into_extended()
|
}
|
||||||
|
.into_extended()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -674,7 +677,8 @@ impl<'a, 'b> Add<&'b AffineNielsPoint> for &'a ExtendedPoint {
|
||||||
v: &b + &a,
|
v: &b + &a,
|
||||||
z: &d + &c,
|
z: &d + &c,
|
||||||
t: &d - &c,
|
t: &d - &c,
|
||||||
}.into_extended()
|
}
|
||||||
|
.into_extended()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -692,7 +696,8 @@ impl<'a, 'b> Sub<&'b AffineNielsPoint> for &'a ExtendedPoint {
|
||||||
v: &b + &a,
|
v: &b + &a,
|
||||||
z: &d - &c,
|
z: &d - &c,
|
||||||
t: &d + &c,
|
t: &d + &c,
|
||||||
}.into_extended()
|
}
|
||||||
|
.into_extended()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -890,7 +895,8 @@ fn test_assoc() {
|
||||||
0x46462e26d4edb8c7,
|
0x46462e26d4edb8c7,
|
||||||
0x10b4c1517ca82e9b,
|
0x10b4c1517ca82e9b,
|
||||||
]),
|
]),
|
||||||
}).mul_by_cofactor();
|
})
|
||||||
|
.mul_by_cofactor();
|
||||||
assert!(p.is_on_curve_vartime());
|
assert!(p.is_on_curve_vartime());
|
||||||
|
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
@ -915,7 +921,8 @@ fn test_batch_normalize() {
|
||||||
0x46462e26d4edb8c7,
|
0x46462e26d4edb8c7,
|
||||||
0x10b4c1517ca82e9b,
|
0x10b4c1517ca82e9b,
|
||||||
]),
|
]),
|
||||||
}).mul_by_cofactor();
|
})
|
||||||
|
.mul_by_cofactor();
|
||||||
|
|
||||||
let mut v = vec![];
|
let mut v = vec![];
|
||||||
for _ in 0..10 {
|
for _ in 0..10 {
|
||||||
|
@ -1149,7 +1156,8 @@ fn test_mul_consistency() {
|
||||||
0x46462e26d4edb8c7,
|
0x46462e26d4edb8c7,
|
||||||
0x10b4c1517ca82e9b,
|
0x10b4c1517ca82e9b,
|
||||||
]),
|
]),
|
||||||
}).mul_by_cofactor();
|
})
|
||||||
|
.mul_by_cofactor();
|
||||||
assert_eq!(p * c, (p * a) * b);
|
assert_eq!(p * c, (p * a) * b);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue