sarah
/
ristretto255
mirror of https://github.com/gtank/ristretto255
1
0
Fork 0
Code Issues Releases Wiki Activity
46 Commits 5 Branches 3 Tags 402 KiB
Commit Graph

13 Commits

Author SHA1 Message Date
Dimitris Apostolou 09d9129779 all: fix typos 2019-03-30 21:29:01 -04:00
George Tankersley 968377f9c5 ed25519: fix ScalarMult and improve test to catch the bug (#1) 2019-01-28 10:53:34 -05:00
Filippo Valsorda 930ef44224 all: refactor field API to be methods based 2019-01-28 10:53:34 -05:00
George Tankersley 0a030f62c0 make things more generally presentable 2017-07-25 16:24:16 -07:00
George Tankersley 86c2863f5b Add short randomized segment to TestScalarMult 2017-07-25 16:23:20 -07:00
George Tankersley f8bd1037cf Use Bits() for FeToBig. 
This doesn't help quite as much as it does with FeFromBig, because
FeToBig runtime is dominated by the reduction step. Still helps though.
 2017-07-25 16:23:19 -07:00
George Tankersley 0ba575b405 Implement ScalarMult using Montgomery pattern and dedicated 
extended-coordinates doubling. This will be slow.
 2017-07-25 16:23:19 -07:00
George Tankersley c9f6a1c183 use faster FeFromBig & a horrible assortment of other random changes 2017-07-25 16:23:19 -07:00
George Tankersley 4d11c7b5a6 group logic WIP 2017-07-25 16:23:19 -07:00
George Tankersley ca2029ab22 Add radix51 FieldElement implementation 
This contains both a pure Go and an amd64 assembly implementation of
operations over GF(2^255-19) using radix 2^51. This results in notable
speedups when using the assembly, but doesn't help much in pure Go -
most of the possible gains are lost to the lack of widening multiply for
64 bit integers.
 2017-07-25 16:23:19 -07:00
George Tankersley 259e08bc29 Use mdbl-2008-bbjlp directly 
Since we are always converting from affine, we know that Z1=1. This
formula is slightly faster and avoids converting through
CompletedGroupElement unnecessarily.

Assumptions: Z1=1.

Cost: 2M + 4S + 1*a + 7add + 1*2.

Source: 2008 Bernstein-Birkner-Joye-Lange-Peters,
        https://eprint.iacr.org/2008/013,
        plus Z1=1, plus standard simplification.

Explicit formulas:
      B = (X1+Y1)^2
      C = X1^2
      D = Y1^2
      E = a*C
      F = E+D
      X3 = (B-C-D)*(F-2)
      Y3 = F*(E-D)
      Z3 = F2-2*F

https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-mdbl-2008-bbjlp
 2017-07-25 16:23:19 -07:00
George Tankersley 26b25b0ac0 Add LICENSE 2017-07-25 16:23:19 -07:00
George Tankersley 19d7f4d83d Implement an elliptic.Curve for ed25519 2017-07-25 16:23:19 -07:00