sarah
/
ristretto255
mirror of https://github.com/gtank/ristretto255
1
0
Fork 0
Code Issues Releases Wiki Activity
46 Commits 5 Branches 3 Tags 402 KiB
Commit Graph

46 Commits

Author SHA1 Message Date
Filippo Valsorda c37f1d8359 internal/radix51: minor tests cleanup 2019-03-30 22:12:39 -04:00
Filippo Valsorda 620415daa4 internal/radix51: make reduction an invariant and unexport Reduce 
Now every operation returns a light-reduced value, so the reduction is
an invariant, and there's no need to ever explicitly call Reduce.

Safety!
 2019-03-30 22:12:39 -04:00
Filippo Valsorda ce6d218ef3 internal/radix51: actually apply go:noescape 2019-03-30 22:12:39 -04:00
Dimitris Apostolou 09d9129779 all: fix typos 2019-03-30 21:29:01 -04:00
George Tankersley 71368c02ff internal/radix51: test field encoding roundtrip with fixed vectors 2019-03-30 21:23:15 -04:00
Filippo Valsorda 1e528602b8 internal/radix51: rename AppendBytes to Bytes 2019-03-30 21:23:15 -04:00
Filippo Valsorda c9d2135504 internal/radix51: rewrite FromBytes and AppendBytes with encoding/binary 2019-03-30 21:23:15 -04:00
Filippo Valsorda d23de5461e internal/radix51: add docs and some light readability refactors 2019-03-30 21:23:15 -04:00
Filippo Valsorda 010995eaa9 internal/radix51: remove unused (and a bit broken) SetInt 
It would return an invalid element if the input was greater than 2^54 - 1.
 2019-03-30 21:23:15 -04:00
Filippo Valsorda 22cdf749a2 internal/radix51: refactor ToBig and FromBig 2019-03-30 21:23:15 -04:00
Filippo Valsorda 2a0f4ba3cc internal/radix51: replace ToBytes with AppendBytes 2019-03-30 21:23:15 -04:00
George Tankersley 382beb7062 internal/radix51: fix aliasing bug in CondNeg (#21) 2019-03-24 20:32:49 -04:00
Filippo Valsorda ec44dec9b8 internal/radix51: actually, uhm, check the result of TestAliasing 2019-03-15 17:37:41 -04:00
George Tankersley ea3deb459c radix51: change API of FromBytes and ToBytes to use slices 2019-03-02 21:40:51 -05:00
Filippo Valsorda a68796f011 internal/radix51: test all combinations of argument and receiver aliasing 2019-03-02 19:44:59 -05:00
Henry de Valence 5758cbf76c internal/radix51: add property-based tests that multiplication distributes over addition 
Closes #12
 2019-03-02 19:44:59 -05:00
George Tankersley 4ac00273fd radix51: use go1.12 intrinsics for 128-bit multiplications 2019-02-19 18:36:55 -05:00
Filippo Valsorda 6b0cdf071a internal/radix51: define a mask64Bits constant 2019-01-28 10:53:34 -05:00
Filippo Valsorda 032d7f64e8 internal/group: set Z to 1, not 0 in FromAffine 2019-01-28 10:53:34 -05:00
Filippo Valsorda 6781d1fcec internal/group: fix typo 2019-01-28 10:53:34 -05:00
Filippo Valsorda b9aebb71e8 internal/group: derive twoD from D 2019-01-28 10:53:34 -05:00
George Tankersley 968377f9c5 ed25519: fix ScalarMult and improve test to catch the bug (#1) 2019-01-28 10:53:34 -05:00
Filippo Valsorda 982236110c internal/radix51: add MinusOne 2019-01-28 10:53:34 -05:00
Filippo Valsorda 380ecb67b1 internal/group: make conversion APIs caller-allocated 2019-01-28 10:53:34 -05:00
Filippo Valsorda 79589420d8 internal/group: rewrite DoubleZ1 because stack is cheaper than mental state 2019-01-28 10:53:34 -05:00
Filippo Valsorda 2925e841f7 internal: make all APIs chainable 2019-01-28 10:53:34 -05:00
Filippo Valsorda 6c2fda803c internal/radix51: make all APIs not consider the receiver an input 2019-01-28 10:53:34 -05:00
Filippo Valsorda 930ef44224 all: refactor field API to be methods based 2019-01-28 10:53:34 -05:00
Filippo Valsorda fe6e0954e0 internal/radix51: add constant time field operations 2019-01-21 17:58:03 -05:00
Filippo Valsorda 7ec609da40 internal/radix51: remove FeEqual 
It does not normalize the representative before comparing them so it
will have false negatives.
 2019-01-21 17:58:03 -05:00
Filippo Valsorda 0e8b4dbb24 internal/radix51: remove FeCSwap 
It's unused and it does not do what it says in the docs.
 2019-01-21 17:58:03 -05:00
George Tankersley 0a030f62c0 make things more generally presentable 2017-07-25 16:24:16 -07:00
George Tankersley 08a76875a4 Cache the field representation of d 2017-07-25 16:23:20 -07:00
George Tankersley ad98326f8c Remove 32-bit code and update license. 
The assembly is faster on target amd64 platforms.
 2017-07-25 16:23:20 -07:00
George Tankersley 86c2863f5b Add short randomized segment to TestScalarMult 2017-07-25 16:23:20 -07:00
George Tankersley f8bd1037cf Use Bits() for FeToBig. 
This doesn't help quite as much as it does with FeFromBig, because
FeToBig runtime is dominated by the reduction step. Still helps though.
 2017-07-25 16:23:19 -07:00
George Tankersley 0ba575b405 Implement ScalarMult using Montgomery pattern and dedicated 
extended-coordinates doubling. This will be slow.
 2017-07-25 16:23:19 -07:00
George Tankersley ce27eaf07c Explain Z1=1 again 2017-07-25 16:23:19 -07:00
George Tankersley c9f6a1c183 use faster FeFromBig & a horrible assortment of other random changes 2017-07-25 16:23:19 -07:00
George Tankersley 4d11c7b5a6 group logic WIP 2017-07-25 16:23:19 -07:00
George Tankersley 7ae6271616 add equality for field elements 2017-07-25 16:23:19 -07:00
George Tankersley ca2029ab22 Add radix51 FieldElement implementation 
This contains both a pure Go and an amd64 assembly implementation of
operations over GF(2^255-19) using radix 2^51. This results in notable
speedups when using the assembly, but doesn't help much in pure Go -
most of the possible gains are lost to the lack of widening multiply for
64 bit integers.
 2017-07-25 16:23:19 -07:00
George Tankersley 54cdb2aef0 Add documentation 2017-07-25 16:23:19 -07:00
George Tankersley 259e08bc29 Use mdbl-2008-bbjlp directly 
Since we are always converting from affine, we know that Z1=1. This
formula is slightly faster and avoids converting through
CompletedGroupElement unnecessarily.

Assumptions: Z1=1.

Cost: 2M + 4S + 1*a + 7add + 1*2.

Source: 2008 Bernstein-Birkner-Joye-Lange-Peters,
        https://eprint.iacr.org/2008/013,
        plus Z1=1, plus standard simplification.

Explicit formulas:
      B = (X1+Y1)^2
      C = X1^2
      D = Y1^2
      E = a*C
      F = E+D
      X3 = (B-C-D)*(F-2)
      Y3 = F*(E-D)
      Z3 = F2-2*F

https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-mdbl-2008-bbjlp
 2017-07-25 16:23:19 -07:00
George Tankersley 26b25b0ac0 Add LICENSE 2017-07-25 16:23:19 -07:00
George Tankersley 19d7f4d83d Implement an elliptic.Curve for ed25519 2017-07-25 16:23:19 -07:00