Michael Hamburg
11 years ago
3 changed files with 61 additions and 0 deletions
Unified View
Diff Options
-
+0 -0aux/curve.sage
-
+61 -0aux/decaffeinate_curve25519.sage
-
+0 -0aux/idealized.sage
test/curve.sage → aux/curve.sage
View File
+ 61
- 0
aux/decaffeinate_curve25519.sage
View File
| @@ -0,0 +1,61 @@ | |||||
| # This is as sketch of how to decaffeinate Curve25519 | |||||
| F = GF(2^255-19) | |||||
| d = -121665 | |||||
| M = EllipticCurve(F,[0,2-4*d,0,1,0]) | |||||
| def maybe(): return randint(0,1) | |||||
| def qpositive(x): | |||||
| return int(x) <= (2^255-19-1)/2 | |||||
| def M_to_E(P): | |||||
| # P must be even | |||||
| (x,y) = P.xy() | |||||
| assert x.is_square() | |||||
| s = sqrt(x) | |||||
| if s == 0: t = 1 | |||||
| else: t = y/s | |||||
| X,Y = 2*s / (1+s^2), (1-s^2) / t | |||||
| if maybe(): X,Y = -X,-Y | |||||
| if maybe(): X,Y = Y,-X | |||||
| # OK, have point in ed | |||||
| return X,Y | |||||
| def decaf_encode_from_E(X,Y): | |||||
| assert X^2 + Y^2 == 1 + d*X^2*Y^2 | |||||
| if not qpositive(X*Y): X,Y = Y,-X | |||||
| assert qpositive(X*Y) | |||||
| assert (1-X^2).is_square() | |||||
| sx = sqrt(1-X^2) | |||||
| tos = -2*sx/X/Y | |||||
| if not qpositive(tos): sx = -sx | |||||
| s = (1 + sx) / X | |||||
| if not qpositive(s): s = -s | |||||
| return s | |||||
| def is_rotation((X,Y),(x,y)): | |||||
| return x*Y == X*y or x*X == -y*Y | |||||
| def decaf_decode_to_E(s): | |||||
| assert qpositive(s) | |||||
| t = sqrt(s^4 + (2-4*d)*s^2 + 1) | |||||
| if not qpositive(t/s): t = -t | |||||
| X,Y = 2*s / (1+s^2), (1-s^2) / t | |||||
| assert qpositive(X*Y) | |||||
| return X,Y | |||||
| def test(): | |||||
| P = 2*M.random_point() | |||||
| X,Y = M_to_E(P) | |||||
| s = decaf_encode_from_E(X,Y) | |||||
| XX,YY = decaf_decode_to_E(s) | |||||
| assert is_rotation((X,Y),(XX,YY)) | |||||