Michael Hamburg
8 years ago
1 changed files with 12 additions and 5 deletions
Unified View
Diff Options
-
+12 -5aux/ristretto/ristretto.sage
+ 12
- 5
aux/ristretto/ristretto.sage
View File
| @@ -218,7 +218,7 @@ class RistrettoPoint(QuotientEdwardsPoint): | |||||
| g = Y^2-a*X^2 | g = Y^2-a*X^2 | ||||
| h = Z^2-d*T^2 | h = Z^2-d*T^2 | ||||
| inv1 = 1/(e*f*g*h) | |||||
| inv1 = inv0(e*f*g*h) | |||||
| z_inv = inv1*e*g # 1 / (f*h) | z_inv = inv1*e*g # 1 / (f*h) | ||||
| t_inv = inv1*f*h | t_inv = inv1*f*h | ||||
| @@ -236,7 +236,7 @@ class RistrettoPoint(QuotientEdwardsPoint): | |||||
| else: | else: | ||||
| foo = Y^2+a*X^2 | foo = Y^2+a*X^2 | ||||
| bar = X*Y | bar = X*Y | ||||
| den = 1/(foo*bar) | |||||
| den = inv0(foo*bar) | |||||
| if negative(2*bar^2*den): tmp = a*X^2 | if negative(2*bar^2*den): tmp = a*X^2 | ||||
| else: tmp = Y^2 | else: tmp = Y^2 | ||||
| s = self.magic*(Z^2-tmp)*foo*den | s = self.magic*(Z^2-tmp)*foo*den | ||||
| @@ -525,7 +525,7 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): | |||||
| h = Z^2-d*T^2 | h = Z^2-d*T^2 | ||||
| eim = e*self.isoMagic | eim = e*self.isoMagic | ||||
| inv = 1/(eim*g*f*h) | |||||
| inv = inv0(eim*g*f*h) | |||||
| fh_inv = eim*g*inv*self.i | fh_inv = eim*g*inv*self.i | ||||
| if negative(eim*g*fh_inv): | if negative(eim*g*fh_inv): | ||||
| @@ -545,7 +545,7 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): | |||||
| else: | else: | ||||
| xy = X*Y | xy = X*Y | ||||
| h = Z^2-d*T^2 | h = Z^2-d*T^2 | ||||
| inv = 1/(xy*h) | |||||
| inv = inv0(xy*h) | |||||
| if negative(inv*2*xy^2*self.isoMagic): tmp = Y | if negative(inv*2*xy^2*self.isoMagic): tmp = Y | ||||
| else: tmp = X | else: tmp = X | ||||
| s = tmp^2*h*inv # = X/Y or Y/X, interestingly | s = tmp^2*h*inv # = X/Y or Y/X, interestingly | ||||
| @@ -830,11 +830,18 @@ def gangtest(classes,n): | |||||
| def testDoubleAndEncode(cls,n): | def testDoubleAndEncode(cls,n): | ||||
| print "Testing doubleAndEncode on %s" % cls.__name__ | print "Testing doubleAndEncode on %s" % cls.__name__ | ||||
| P = cls() | |||||
| for i in xrange(cls.cofactor): | |||||
| Q = P.torque() | |||||
| assert P.doubleAndEncode() == Q.doubleAndEncode() | |||||
| P = Q | |||||
| for i in xrange(n): | for i in xrange(n): | ||||
| r1 = randombytes(cls.encLen) | r1 = randombytes(cls.encLen) | ||||
| r2 = randombytes(cls.encLen) | r2 = randombytes(cls.encLen) | ||||
| u = cls.elligator(r1) + cls.elligator(r2) | u = cls.elligator(r1) + cls.elligator(r2) | ||||
| u.doubleAndEncode() | |||||
| assert u.doubleAndEncode() == u.torque().doubleAndEncode() | |||||
| testDoubleAndEncode(Ed25519Point,100) | testDoubleAndEncode(Ed25519Point,100) | ||||
| testDoubleAndEncode(NegEd25519Point,100) | testDoubleAndEncode(NegEd25519Point,100) | ||||