ristretto255: use multi-model arithmetic

2019-05-06 14:30:09 -07:00 · 2019-05-06 14:30:09 -07:00 · 0b5e1eb054
parent a360a6556f
commit 0b5e1eb054
3 changed files with 16 additions and 9 deletions
--- a/internal/edwards25519/edwards25519.go
+++ b/internal/edwards25519/edwards25519.go
@ -82,6 +82,13 @@ func (v *AffineCached) Zero() *AffineCached {
 	return v
 }

+// Assignments.
+
+func (v *ProjP3) Set(u *ProjP3) *ProjP3 {
+	*v = *u
+	return v
+}
+
 // Conversions.

 func (v *ProjP2) FromP1xP1(p *ProjP1xP1) *ProjP2 {
--- a/ristretto255.go
+++ b/ristretto255.go
@ -35,7 +35,7 @@ var (
 // The zero value of Element is not valid, but can be used as the receiver for
 // any operation.
 type Element struct {
-	r edwards25519.ExtendedGroupElement
+	r edwards25519.ProjP3
 }

 // Equal returns 1 if e is equivalent to ee, and 0 otherwise.
@ -65,18 +65,18 @@ func (e *Element) FromUniformBytes(b []byte) {
 	f := &radix51.FieldElement{}

 	f.FromBytes(b[:32])
-	p1 := &edwards25519.ExtendedGroupElement{}
-	mapToPoint(p1, f)
+	point1 := &Element{}
+	mapToPoint(&point1.r, f)

 	f.FromBytes(b[32:])
-	p2 := &edwards25519.ExtendedGroupElement{}
-	mapToPoint(p2, f)
+	point2 := &Element{}
+	mapToPoint(&point2.r, f)

-	e.r.Add(p1, p2)
+	e.Add(point1, point2)
 }

 // mapToPoint implements MAP from Section 3.2.4 of draft-hdevalence-cfrg-ristretto-00.
-func mapToPoint(out *edwards25519.ExtendedGroupElement, t *radix51.FieldElement) {
+func mapToPoint(out *edwards25519.ProjP3, t *radix51.FieldElement) {
 	// r = SQRT_M1 * t^2
 	r := &radix51.FieldElement{}
 	r.Mul(sqrtM1, r.Square(t))
@ -250,7 +250,7 @@ func (e *Element) Decode(in []byte) error {
 	// x = CT_ABS(2 * s * den_x)
 	// y = u1 * den_y
 	// t = x * y
-	var out edwards25519.ExtendedGroupElement
+	var out edwards25519.ProjP3
 	out.X.Mul(radix51.Two, s).Mul(&out.X, denX).Abs(&out.X)
 	out.Y.Mul(u1, denY)
 	out.Z.One()
--- a/ristretto255_test.go
+++ b/ristretto255_test.go
@ -71,7 +71,7 @@ var (
 	compressedRistrettoBasepoint, _ = hex.DecodeString("e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76")

 	// The representative Ristretto basepoint in extended coordinates.
-	ristrettoBasepoint = Element{r: edwards25519.ExtendedGroupElement{
+	ristrettoBasepoint = Element{r: edwards25519.ProjP3{
 		X: radix51.FieldElement([5]uint64{426475514619346, 2063872706840040, 14628272888959, 107677749330612, 288339085807592}),
 		Y: radix51.FieldElement([5]uint64{1934594822876571, 2049809580636559, 1991994783322914, 1758681962032007, 380046701118659}),
 		Z: radix51.FieldElement([5]uint64{1, 0, 0, 0, 0}),