Commit b0af873f authored by Michael Hamburg's avatar Michael Hamburg

double and encode in ristretto.sage for decaf ed25519. kinda sloppy, but good...

double and encode in ristretto.sage for decaf ed25519.  kinda sloppy, but good enough for a poc since im not going to implement in c yet anyway
parent 1b7b5099
......@@ -510,44 +510,37 @@ class Decaf_1_1_Point(QuotientEdwardsPoint):
a,d = self.a,self.d
if self.cofactor == 8:
# TODO: optimized version with no isqrt
e = 2*X*Y
f = Z^2+d*T^2
g = Y^2-a*X^2
h = Z^2-d*T^2
x = e*h
y = f*g
z = f*h
t = e*g
# Cofactor 8 version
# Simulate IMAGINE_TWIST because that's how libdecaf does it
x = self.i*x
t = self.i*t
X = self.i*X
T = self.i*T
a = -a
d = -d
# TODO: This is only being called for a=-1, so could
# be wrong for a=1
# OK, the actual libdecaf code should be here
num = (z+y)*(z-y)
den = x*y
isr = isqrt(num*(a-d)*den^2)
iden = isr * den * self.isoMagic
inum = isr * num
e = 2*X*Y
f = Y^2+a*X^2
g = Y^2-a*X^2
h = Z^2-d*T^2
if negative(iden*inum*self.i*t^2*(d-a)):
iden,inum = inum,iden
fac = x*sqrt(a)
toggle=(a==-1)
else:
fac = y
toggle=False
eim = e*self.isoMagic
inv = 1/(eim*g*f*h)
fh_inv = eim*g*inv*self.i
imi = self.isoMagic * self.i
if negative(inum*t*imi) != toggle: inum =- inum
if negative(eim*g*fh_inv):
idf = g*self.isoMagic*self.i
bar = f
foo = g
test = eim*f
else:
idf = eim
bar = h
foo = -eim
test = g*h
tmp = fac*(inum*z + 1)
s = iden*tmp*imi
if negative(test*fh_inv): bar =- bar
s = idf*(foo+bar)*inv*f*h
else:
xy = X*Y
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment