From ea6c8cdd83f6d95ccaba8cb084e050a89410f78c Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Sun, 21 Jan 2018 16:12:44 -0800 Subject: [PATCH] add tests for identity and torquing --- aux/ristretto/ristretto.sage | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/aux/ristretto/ristretto.sage b/aux/ristretto/ristretto.sage index 04cf4f9..41b0d22 100644 --- a/aux/ristretto/ristretto.sage +++ b/aux/ristretto/ristretto.sage @@ -218,7 +218,7 @@ class RistrettoPoint(QuotientEdwardsPoint): g = Y^2-a*X^2 h = Z^2-d*T^2 - inv1 = 1/(e*f*g*h) + inv1 = inv0(e*f*g*h) z_inv = inv1*e*g # 1 / (f*h) t_inv = inv1*f*h @@ -236,7 +236,7 @@ class RistrettoPoint(QuotientEdwardsPoint): else: foo = Y^2+a*X^2 bar = X*Y - den = 1/(foo*bar) + den = inv0(foo*bar) if negative(2*bar^2*den): tmp = a*X^2 else: tmp = Y^2 s = self.magic*(Z^2-tmp)*foo*den @@ -525,7 +525,7 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): h = Z^2-d*T^2 eim = e*self.isoMagic - inv = 1/(eim*g*f*h) + inv = inv0(eim*g*f*h) fh_inv = eim*g*inv*self.i if negative(eim*g*fh_inv): @@ -545,7 +545,7 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): else: xy = X*Y h = Z^2-d*T^2 - inv = 1/(xy*h) + inv = inv0(xy*h) if negative(inv*2*xy^2*self.isoMagic): tmp = Y else: tmp = X s = tmp^2*h*inv # = X/Y or Y/X, interestingly @@ -830,11 +830,18 @@ def gangtest(classes,n): def testDoubleAndEncode(cls,n): print "Testing doubleAndEncode on %s" % cls.__name__ + + P = cls() + for i in xrange(cls.cofactor): + Q = P.torque() + assert P.doubleAndEncode() == Q.doubleAndEncode() + P = Q + for i in xrange(n): r1 = randombytes(cls.encLen) r2 = randombytes(cls.encLen) u = cls.elligator(r1) + cls.elligator(r2) - u.doubleAndEncode() + assert u.doubleAndEncode() == u.torque().doubleAndEncode() testDoubleAndEncode(Ed25519Point,100) testDoubleAndEncode(NegEd25519Point,100)