Commit 5828ed16 authored by Niels Möller's avatar Niels Möller

Comment fixes and notation for ecc_dup_eh

parent e21efefa
...@@ -43,65 +43,69 @@ ecc_dup_eh (const struct ecc_curve *ecc, ...@@ -43,65 +43,69 @@ ecc_dup_eh (const struct ecc_curve *ecc,
mp_limb_t *scratch) mp_limb_t *scratch)
{ {
/* Formulas (from djb, /* Formulas (from djb,
http://www.hyperelliptic.org/EFD/g1p/auto-edwards-projective.html#doubling-dbl-2007-bl): http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-dbl-2008-bbjlp):
B = (X1+Y1)^2
C = X1^2
D = Y1^2
(E = a*C = -C)
F = E+D
H = Z1^2
J = F-2*H
X3 = (B-C-D)*J
Y3 = F*(E-D)
Z3 = F*J (-C+D)*(-C+D - 2Z1^2)
In the formula for Y3, we have E - D = -(C+D). To avoid explicit
negation, negate all of X3, Y3, Z3, and use
Computation Operation Live variables Computation Operation Live variables
b = (x+y)^2 sqr b
c = x^2 sqr b, c
d = y^2 sqr b, c, d
e = c+d b, c, d, e
h = z^2 sqr b, c, d, e, h
j = e-2*h b, c, d, e, j
x' = (b-e)*j mul c, d, e, j
y' = e*(c-d) mul e, j
z' = e*j mul
But for the twisted curve, we need some sign changes.
b = (x+y)^2 sqr b B = (X1+Y1)^2 sqr B
c = x^2 sqr b, c C = X1^2 sqr B, C
d = y^2 sqr b, c, d D = Y1^2 sqr B, C, D
! e = -c+d b, c, d, e F = -C+D B, C, D, F
h = z^2 sqr b, c, d, e, h H = Z1^2 sqr B, C, D, F, H
! j = -e+2*h b, c, d, e, j J = 2*H - F B, C, D, F, J
! x' = (b-c-d)*j mul c, d, e, j X3 = (B-C-D)*J mul C, D, F, J
! y' = e*(c+d) mul e, j Y3 = F*(C+D) mul F, J
z' = e*j mul Z3 = F*J mul
3M+4S
*/ */
#define b scratch #define B scratch
#define c (scratch + ecc->p.size) #define C (scratch + ecc->p.size)
#define d (scratch + 2*ecc->p.size) #define D (scratch + 2*ecc->p.size)
#define e (scratch + 3*ecc->p.size) #define F (scratch + 3*ecc->p.size)
#define j (scratch + 4*ecc->p.size) #define J (scratch + 4*ecc->p.size)
/* b */ /* B */
ecc_modp_add (ecc, e, p, p + ecc->p.size); ecc_modp_add (ecc, F, p, p + ecc->p.size);
ecc_modp_sqr (ecc, b, e); ecc_modp_sqr (ecc, B, F);
/* c */ /* C */
ecc_modp_sqr (ecc, c, p); ecc_modp_sqr (ecc, C, p);
/* d */ /* D */
ecc_modp_sqr (ecc, d, p + ecc->p.size); ecc_modp_sqr (ecc, D, p + ecc->p.size);
/* h, can use r as scratch, even for in-place operation. */ /* Can use r as scratch, even for in-place operation. */
ecc_modp_sqr (ecc, r, p + 2*ecc->p.size); ecc_modp_sqr (ecc, r, p + 2*ecc->p.size);
/* e, */ /* F, */
ecc_modp_sub (ecc, e, d, c); ecc_modp_sub (ecc, F, D, C);
/* b - c - d */ /* B - C - D */
ecc_modp_sub (ecc, b, b, c); ecc_modp_sub (ecc, B, B, C);
ecc_modp_sub (ecc, b, b, d); ecc_modp_sub (ecc, B, B, D);
/* j */ /* J */
ecc_modp_add (ecc, r, r, r); ecc_modp_add (ecc, r, r, r);
ecc_modp_sub (ecc, j, r, e); ecc_modp_sub (ecc, J, r, F);
/* x' */ /* x' */
ecc_modp_mul (ecc, r, b, j); ecc_modp_mul (ecc, r, B, J);
/* y' */ /* y' */
ecc_modp_add (ecc, c, c, d); /* Redundant */ ecc_modp_add (ecc, C, C, D); /* Redundant */
ecc_modp_mul (ecc, r + ecc->p.size, e, c); ecc_modp_mul (ecc, r + ecc->p.size, F, C);
/* z' */ /* z' */
ecc_modp_mul (ecc, b, e, j); ecc_modp_mul (ecc, B, F, J);
mpn_copyi (r + 2*ecc->p.size, b, ecc->p.size); mpn_copyi (r + 2*ecc->p.size, B, ecc->p.size);
} }
void void
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment