sarah
/
ristretto255
mirror of https://github.com/gtank/ristretto255
1
0
Fork 0
Code Issues Releases Wiki Activity
23 Commits 5 Branches 3 Tags 402 KiB
Commit Graph

23 Commits

Author SHA1 Message Date
George Tankersley 8fecdaa6ca track register availability to reduce load/store 2018-05-29 05:08:22 +00:00
George Tankersley e430bd5d31 remove unnecessary MOVQ 2018-05-29 03:56:50 +00:00
George Tankersley bcd71dd378 actual test case 2018-05-29 03:55:05 +00:00
George Tankersley 72f03f6412 spaces 2018-05-28 05:19:40 +00:00
George Tankersley 9ca546367b stock multiplication seems to work. TODO: fuzz, wire in reduction and 51-bit packing 2018-05-28 04:34:05 +00:00
George Tankersley a4358ce581 double-width output seems to work 2018-05-28 03:54:42 +00:00
George Tankersley a12f6e84a9 carry-prop bugs 2018-05-28 03:02:42 +00:00
George Tankersley 699df1ec8a radix51: implement single-row ADX chain 2018-05-27 21:55:45 +00:00
George Tankersley 0a030f62c0 make things more generally presentable 2017-07-25 16:24:16 -07:00
George Tankersley 08a76875a4 Cache the field representation of d 2017-07-25 16:23:20 -07:00
George Tankersley ad98326f8c Remove 32-bit code and update license. 
The assembly is faster on target amd64 platforms.
 2017-07-25 16:23:20 -07:00
George Tankersley 86c2863f5b Add short randomized segment to TestScalarMult 2017-07-25 16:23:20 -07:00
George Tankersley f8bd1037cf Use Bits() for FeToBig. 
This doesn't help quite as much as it does with FeFromBig, because
FeToBig runtime is dominated by the reduction step. Still helps though.
 2017-07-25 16:23:19 -07:00
George Tankersley 0ba575b405 Implement ScalarMult using Montgomery pattern and dedicated 
extended-coordinates doubling. This will be slow.
 2017-07-25 16:23:19 -07:00
George Tankersley ce27eaf07c Explain Z1=1 again 2017-07-25 16:23:19 -07:00
George Tankersley c9f6a1c183 use faster FeFromBig & a horrible assortment of other random changes 2017-07-25 16:23:19 -07:00
George Tankersley 4d11c7b5a6 group logic WIP 2017-07-25 16:23:19 -07:00
George Tankersley 7ae6271616 add equality for field elements 2017-07-25 16:23:19 -07:00
George Tankersley ca2029ab22 Add radix51 FieldElement implementation 
This contains both a pure Go and an amd64 assembly implementation of
operations over GF(2^255-19) using radix 2^51. This results in notable
speedups when using the assembly, but doesn't help much in pure Go -
most of the possible gains are lost to the lack of widening multiply for
64 bit integers.
 2017-07-25 16:23:19 -07:00
George Tankersley 54cdb2aef0 Add documentation 2017-07-25 16:23:19 -07:00
George Tankersley 259e08bc29 Use mdbl-2008-bbjlp directly 
Since we are always converting from affine, we know that Z1=1. This
formula is slightly faster and avoids converting through
CompletedGroupElement unnecessarily.

Assumptions: Z1=1.

Cost: 2M + 4S + 1*a + 7add + 1*2.

Source: 2008 Bernstein-Birkner-Joye-Lange-Peters,
        https://eprint.iacr.org/2008/013,
        plus Z1=1, plus standard simplification.

Explicit formulas:
      B = (X1+Y1)^2
      C = X1^2
      D = Y1^2
      E = a*C
      F = E+D
      X3 = (B-C-D)*(F-2)
      Y3 = F*(E-D)
      Z3 = F2-2*F

https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-mdbl-2008-bbjlp
 2017-07-25 16:23:19 -07:00
George Tankersley 26b25b0ac0 Add LICENSE 2017-07-25 16:23:19 -07:00
George Tankersley 19d7f4d83d Implement an elliptic.Curve for ed25519 2017-07-25 16:23:19 -07:00