Ejemplo n.º 1
0
void
double_extensible (
    struct extensible_t* a
) {
    struct p448_t L0, L1, L2;
    p448_sqr  (   &L2, &a->x );
    p448_sqr  (   &L0, &a->y );
    p448_add  (   &L1,   &L2,   &L0 );
    p448_add  ( &a->t, &a->y, &a->x );
    p448_sqr  ( &a->u, &a->t );
    p448_sub  ( &a->t, &a->u,   &L1 );
    p448_bias ( &a->t,     3 );
    IF32( p448_weak_reduce( &a->t ) );
    p448_sub  ( &a->u,   &L0,   &L2 );
    p448_bias ( &a->u,     2 );
    IF32( p448_weak_reduce( &a->u ) );
    p448_sqr  ( &a->x, &a->z );
    p448_bias ( &a->x,     2 );
    p448_add  ( &a->z, &a->x, &a->x );
    p448_sub  (   &L0, &a->z,   &L1 );
    IF32( p448_weak_reduce(   &L0 ) );
    p448_mul  ( &a->z,   &L1,   &L0 );
    p448_mul  ( &a->x,   &L0, &a->t );
    p448_mul  ( &a->y,   &L1, &a->u );
}
Ejemplo n.º 2
0
void
untwist_and_double (
    struct extensible_t*          b,
    const struct tw_extensible_t* a
) {
    struct p448_t L0;
    p448_sqr  ( &b->x, &a->x );
    p448_sqr  ( &b->z, &a->y );
    p448_add  (   &L0, &b->x, &b->z );
    p448_add  ( &b->t, &a->y, &a->x );
    p448_sqr  ( &b->u, &b->t );
    p448_sub  ( &b->t, &b->u,   &L0 );
    p448_bias ( &b->t,     3 );
    IF32( p448_weak_reduce( &b->t ) );
    p448_sub  ( &b->u, &b->z, &b->x );
    p448_bias ( &b->u,     2 );
    IF32( p448_weak_reduce( &b->u ) );
    p448_sqr  ( &b->x, &a->z );
    p448_bias ( &b->x,     2-is32 /*is32 ? 1 : 2*/ );
    p448_add  ( &b->z, &b->x, &b->x );
    p448_sub  ( &b->y, &b->z, &b->u );
    IF32( p448_weak_reduce( &b->y ) );
    p448_mul  ( &b->z,   &L0, &b->y );
    p448_mul  ( &b->x, &b->y, &b->t );
    p448_mul  ( &b->y,   &L0, &b->u );
}
Ejemplo n.º 3
0
void montgomery_step(struct montgomery_t* a) {
  struct p448_t L0, L1;
  p448_add(&L0, &a->zd, &a->xd);
  p448_sub(&L1, &a->xd, &a->zd);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_sub(&a->zd, &a->xa, &a->za);
  p448_bias(&a->zd, 2);
  p448_weak_reduce(&a->zd);
  p448_mul(&a->xd, &L0, &a->zd);
  p448_add(&a->zd, &a->za, &a->xa);
  p448_mul(&a->za, &L1, &a->zd);
  p448_add(&a->xa, &a->za, &a->xd);
  p448_sqr(&a->zd, &a->xa);
  p448_mul(&a->xa, &a->z0, &a->zd);
  p448_sub(&a->zd, &a->xd, &a->za);
  p448_bias(&a->zd, 2);
  p448_weak_reduce(&a->zd);
  p448_sqr(&a->za, &a->zd);
  p448_sqr(&a->xd, &L0);
  p448_sqr(&L0, &L1);
  p448_mulw(&a->zd, &a->xd, 39082);
  p448_sub(&L1, &a->xd, &L0);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_mul(&a->xd, &L0, &a->zd);
  p448_sub(&L0, &a->zd, &L1);
  p448_bias(&L0, 2);
  p448_weak_reduce(&L0);
  p448_mul(&a->zd, &L0, &L1);
}
Ejemplo n.º 4
0
void convert_tw_pniels_to_tw_extensible(struct tw_extensible_t* e,
                                        const struct tw_pniels_t* d) {
    p448_add(&e->u, &d->n.b, &d->n.a);
    p448_sub(&e->t, &d->n.b, &d->n.a);
    p448_bias(&e->t, 2);
    p448_mul(&e->x, &d->z, &e->t);
    p448_mul(&e->y, &d->z, &e->u);
    p448_sqr(&e->z, &d->z);
}
Ejemplo n.º 5
0
void twist_even(struct tw_extensible_t* b, const struct extensible_t* a) {
  mask_t L0, L1;
  p448_sqr(&b->y, &a->z);
  p448_sqr(&b->z, &a->x);
  p448_sub(&b->u, &b->y, &b->z);
  p448_bias(&b->u, 2);
  p448_weak_reduce(&b->u);
  p448_sub(&b->z, &a->z, &a->x);
  p448_bias(&b->z, 2);
  p448_weak_reduce(&b->z);
  p448_mul(&b->y, &b->z, &a->y);
  p448_sub(&b->z, &a->z, &a->y);
  p448_bias(&b->z, 2);
  p448_weak_reduce(&b->z);
  p448_mul(&b->x, &b->z, &b->y);
  p448_mul(&b->t, &b->x, &b->u);
  p448_mul(&b->y, &b->x, &b->t);
  p448_isr(&b->t, &b->y);
  p448_mul(&b->u, &b->x, &b->t);
  p448_sqr(&b->x, &b->t);
  p448_mul(&b->t, &b->y, &b->x);
  p448_mul(&b->x, &a->x, &b->u);
  p448_mul(&b->y, &a->y, &b->u);
  L1 = p448_is_zero(&b->z);
  L0 = -L1;
  p448_addw(&b->y, L0);
  p448_weak_reduce(&b->y);
  p448_set_ui(&b->z, 1);
  p448_copy(&b->t, &b->x);
  p448_copy(&b->u, &b->y);
}
Ejemplo n.º 6
0
mask_t deserialize_affine(struct affine_t* a, const struct p448_t* sz) {
  struct p448_t L0, L1, L2, L3;
  p448_sqr(&L1, sz);
  p448_copy(&L3, &L1);
  p448_addw(&L3, 1);
  p448_sqr(&a->x, &L3);
  p448_mulw(&L3, &a->x, 39082);
  p448_neg(&a->x, &L3);
  p448_add(&L3, &L1, &L1);
  p448_bias(&L3, 1);
  p448_add(&a->y, &L3, &L3);
  p448_add(&L3, &a->y, &a->x);
  p448_weak_reduce(&L3);
  p448_copy(&a->y, &L1);
  p448_subw(&a->y, 1);
  p448_neg(&a->x, &a->y);
  p448_bias(&a->x, 2);
  p448_weak_reduce(&a->x);
  p448_mul(&a->y, &a->x, &L3);
  p448_sqr(&L2, &a->x);
  p448_mul(&L0, &L2, &a->y);
  p448_mul(&a->y, &a->x, &L0);
  p448_isr(&L3, &a->y);
  p448_mul(&a->y, &L2, &L3);
  p448_sqr(&L2, &L3);
  p448_mul(&L3, &L0, &L2);
  p448_mul(&L0, &a->x, &L3);
  p448_add(&L2, &a->y, &a->y);
  p448_mul(&a->x, sz, &L2);
  p448_addw(&L1, 1);
  p448_mul(&a->y, &L1, &L3);
  p448_subw(&L0, 1);
  p448_bias(&L0, 1);
  return p448_is_zero(&L0);
}
Ejemplo n.º 7
0
void
test_only_twist (
    struct tw_extensible_t*    b,
    const struct extensible_t* a
) {
    mask_t L2, L3;
    struct p448_t L0, L1;
    p448_sqr  ( &b->u, &a->z );
    p448_sqr  ( &b->y, &a->x );
    p448_sub  ( &b->z, &b->u, &b->y );
    p448_bias ( &b->z,     2 );
    p448_add  ( &b->y, &b->z, &b->z );
    p448_add  ( &b->u, &b->y, &b->y );
    IF32( p448_weak_reduce( &b->u ) );
    p448_sub  ( &b->y, &a->z, &a->x );
    p448_bias ( &b->y,     2 );
    IF32( p448_weak_reduce( &b->y ) );
    p448_mul  ( &b->x, &b->y, &a->y );
    p448_sub  ( &b->z, &a->z, &a->y );
    p448_bias ( &b->z,     2 );
    IF32( p448_weak_reduce( &b->z ) );
    p448_mul  ( &b->t, &b->z, &b->x );
    p448_mul  (   &L1, &b->t, &b->u );
    p448_mul  ( &b->x, &b->t,   &L1 );
    p448_isr  (   &L0, &b->x );
    p448_mul  ( &b->u, &b->t,   &L0 );
    p448_sqr  (   &L1,   &L0 );
    p448_mul  ( &b->t, &b->x,   &L1 );
    p448_add  (   &L1, &a->y, &a->x );
    IF32( p448_weak_reduce(   &L1 ) );
    p448_sub  (   &L0, &a->x, &a->y );
    p448_bias (   &L0,     2 );
    IF32( p448_weak_reduce(   &L0 ) );
    p448_mul  ( &b->x, &b->t,   &L0 );
    p448_add  (   &L0, &b->x,   &L1 );
    p448_sub  ( &b->t,   &L1, &b->x );
    p448_bias ( &b->t,     2 );
    IF32( p448_weak_reduce( &b->t ) );
    p448_mul  ( &b->x,   &L0, &b->u );
       L2 = p448_is_zero( &b->y );
       L3 = -   L2;
    p448_addw ( &b->x,    L3 );
    p448_weak_reduce( &b->x );
    p448_mul  ( &b->y, &b->t, &b->u );
       L2 = p448_is_zero( &b->z );
       L3 = -   L2;
    p448_addw ( &b->y,    L3 );
    p448_weak_reduce( &b->y );
       L3 = p448_is_zero( &a->y );
       L2 =    L3 +     1;
    p448_set_ui( &b->z,    L2 );
    p448_copy ( &b->t, &b->x );
    p448_copy ( &b->u, &b->y );
}
Ejemplo n.º 8
0
mask_t eq_extensible(const struct extensible_t* a, const struct extensible_t* b) {
  mask_t L3, L4;
  struct p448_t L0, L1, L2;
  p448_mul(&L2, &b->z, &a->x);
  p448_mul(&L1, &a->z, &b->x);
  p448_sub(&L0, &L2, &L1);
  p448_bias(&L0, 2);
  L4 = p448_is_zero(&L0);
  p448_mul(&L2, &b->z, &a->y);
  p448_mul(&L1, &a->z, &b->y);
  p448_sub(&L0, &L2, &L1);
  p448_bias(&L0, 2);
  L3 = p448_is_zero(&L0);
  return L4 & L3;
}
Ejemplo n.º 9
0
mask_t eq_extensible(const struct extensible_t* a, const struct extensible_t* b) {
    mask_t L0, L1;
    struct p448_t L2, L3, L4;
    p448_mul(&L4, &b->z, &a->x);
    p448_mul(&L3, &a->z, &b->x);
    p448_sub(&L2, &L4, &L3);
    p448_bias(&L2, 2);
    L1 = p448_is_zero(&L2);
    p448_mul(&L4, &b->z, &a->y);
    p448_mul(&L3, &a->z, &b->y);
    p448_sub(&L2, &L4, &L3);
    p448_bias(&L2, 2);
    L0 = p448_is_zero(&L2);
    return L1 & L0;
}
Ejemplo n.º 10
0
void add_tw_pniels_to_tw_extensible(struct tw_extensible_t* e,
                                    const struct tw_pniels_t* a) {
  struct p448_t L0;
  p448_mul(&L0, &e->z, &a->z);
  p448_copy(&e->z, &L0);
  add_tw_niels_to_tw_extensible(e, &a->n);
}
Ejemplo n.º 11
0
void p448_inverse(struct p448_t* a, const struct p448_t* x) {
  struct p448_t L0, L1;
  p448_isr(&L0, x);
  p448_sqr(&L1, &L0);
  p448_sqr(&L0, &L1);
  p448_mul(a, x, &L0);
}
Ejemplo n.º 12
0
void
sub_tw_niels_from_tw_extensible (
    struct tw_extensible_t*  d,
    const struct tw_niels_t* e
) {
    struct p448_t L0, L1;
    p448_sub  (   &L1, &d->y, &d->x );
    p448_bias (   &L1,     2 );
    IF32( p448_weak_reduce(   &L1 ) );
    p448_mul  (   &L0, &e->b,   &L1 );
    p448_add  (   &L1, &d->x, &d->y );
    p448_mul  ( &d->y, &e->a,   &L1 );
    p448_mul  (   &L1, &d->u, &d->t );
    p448_mul  ( &d->x, &e->c,   &L1 );
    p448_add  ( &d->u,   &L0, &d->y );
    p448_sub  ( &d->t, &d->y,   &L0 );
    p448_bias ( &d->t,     2 );
    IF32( p448_weak_reduce( &d->t ) );
    p448_add  ( &d->y, &d->x, &d->z );
    p448_sub  (   &L0, &d->z, &d->x );
    p448_bias (   &L0,     2 );
    IF32( p448_weak_reduce(   &L0 ) );
    p448_mul  ( &d->z,   &L0, &d->y );
    p448_mul  ( &d->x, &d->y, &d->t );
    p448_mul  ( &d->y,   &L0, &d->u );
}
Ejemplo n.º 13
0
void untwist_and_double(struct extensible_t* b, const struct tw_extensible_t* a) {
    struct p448_t L0;
    p448_sqr(&b->x, &a->x);
    p448_sqr(&b->z, &a->y);
    p448_add(&L0, &b->x, &b->z);
    p448_add(&b->t, &a->y, &a->x);
    p448_sqr(&b->u, &b->t);
    p448_sub(&b->t, &b->u, &L0);
    p448_bias(&b->t, 3);
    p448_sub(&b->u, &b->z, &b->x);
    p448_bias(&b->u, 2);
    p448_sqr(&b->x, &a->z);
    p448_bias(&b->x, 2);
    p448_add(&b->z, &b->x, &b->x);
    p448_sub(&b->y, &b->z, &b->u);
    p448_mul(&b->z, &L0, &b->y);
    p448_mul(&b->x, &b->y, &b->t);
    p448_mul(&b->y, &L0, &b->u);
}
Ejemplo n.º 14
0
void double_tw_extensible(struct tw_extensible_t* a) {
    struct p448_t L0, L1, L2;
    p448_sqr(&L2, &a->x);
    p448_sqr(&L0, &a->y);
    p448_add(&a->u, &L2, &L0);
    p448_add(&a->t, &a->y, &a->x);
    p448_sqr(&L1, &a->t);
    p448_sub(&a->t, &L1, &a->u);
    p448_bias(&a->t, 3);
    p448_sub(&L1, &L0, &L2);
    p448_bias(&L1, 2);
    p448_sqr(&a->x, &a->z);
    p448_bias(&a->x, 2);
    p448_add(&a->z, &a->x, &a->x);
    p448_sub(&L0, &a->z, &L1);
    p448_mul(&a->z, &L1, &L0);
    p448_mul(&a->x, &L0, &a->t);
    p448_mul(&a->y, &L1, &a->u);
}
Ejemplo n.º 15
0
mask_t
validate_tw_extensible (
    const struct tw_extensible_t* ext
) {
    mask_t L4, L5;
    struct p448_t L0, L1, L2, L3;
    /*
     * Check invariant:
     * 0 = -x*y + z*t*u
     */
    p448_mul  (   &L1, &ext->t, &ext->u );
    p448_mul  (   &L2, &ext->z,   &L1 );
    p448_addw (   &L2,     0 );
    p448_mul  (   &L0, &ext->x, &ext->y );
    p448_neg  (   &L1,   &L0 );
    p448_add  (   &L0,   &L1,   &L2 );
    p448_bias (   &L0,     2 );
       L5 = p448_is_zero(   &L0 );
    /*
     * Check invariant:
     * 0 = d*t^2*u^2 + x^2 - y^2 + z^2 - t^2*u^2
     */
    p448_sqr  (   &L2, &ext->y );
    p448_neg  (   &L1,   &L2 );
    p448_addw (   &L1,     0 );
    p448_sqr  (   &L0, &ext->x );
    p448_add  (   &L2,   &L0,   &L1 );
    p448_sqr  (   &L3, &ext->u );
    p448_sqr  (   &L0, &ext->t );
    p448_mul  (   &L1,   &L0,   &L3 );
    p448_mulw (   &L0,   &L1, 39081 );
    p448_neg  (   &L3,   &L0 );
    p448_add  (   &L0,   &L3,   &L2 );
    p448_neg  (   &L3,   &L1 );
    p448_add  (   &L2,   &L3,   &L0 );
    p448_sqr  (   &L1, &ext->z );
    p448_add  (   &L0,   &L1,   &L2 );
    p448_bias (   &L0,     4 );
       L4 = p448_is_zero(   &L0 );
    return    L5 &    L4;
}
Ejemplo n.º 16
0
mask_t is_square(const struct p448_t* x) {
  mask_t L2, L3;
  struct p448_t L0, L1;
  p448_isr(&L0, x);
  p448_sqr(&L1, &L0);
  p448_mul(&L0, x, &L1);
  p448_subw(&L0, 1);
  p448_bias(&L0, 1);
  L3 = p448_is_zero(&L0);
  L2 = p448_is_zero(x);
  return L3 | L2;
}
Ejemplo n.º 17
0
mask_t is_square(const struct p448_t* x) {
    mask_t L0, L1;
    struct p448_t L2, L3;
    p448_isr(&L2, x);
    p448_sqr(&L3, &L2);
    p448_mul(&L2, x, &L3);
    p448_subw(&L2, 1);
    p448_bias(&L2, 1);
    L1 = p448_is_zero(&L2);
    L0 = p448_is_zero(x);
    return L1 | L0;
}
Ejemplo n.º 18
0
void untwist_and_double_and_serialize(struct p448_t* b, const struct tw_extensible_t* a) {
  struct p448_t L0, L1, L2, L3;
  p448_mul(&L3, &a->y, &a->x);
  p448_add(b, &a->y, &a->x);
  p448_sqr(&L1, b);
  p448_add(&L2, &L3, &L3);
  p448_sub(b, &L1, &L2);
  p448_bias(b, 3);
  p448_weak_reduce(b);
  p448_sqr(&L2, &a->z);
  p448_sqr(&L1, &L2);
  p448_add(&L2, b, b);
  p448_mulw(b, &L2, 39082);
  p448_neg(&L2, b);
  p448_bias(&L2, 2);
  p448_mulw(&L0, &L2, 39082);
  p448_neg(b, &L0);
  p448_bias(b, 2);
  p448_mul(&L0, &L2, &L1);
  p448_mul(&L2, b, &L0);
  p448_isr(&L0, &L2);
  p448_mul(&L1, b, &L0);
  p448_sqr(b, &L0);
  p448_mul(&L0, &L2, b);
  p448_mul(b, &L1, &L3);
}
Ejemplo n.º 19
0
void convert_tw_affine_to_tw_pniels(struct tw_pniels_t* b, const struct tw_affine_t* a) {
  p448_sub(&b->n.a, &a->y, &a->x);
  p448_bias(&b->n.a, 2);
  p448_weak_reduce(&b->n.a);
  p448_add(&b->n.b, &a->x, &a->y);
  p448_weak_reduce(&b->n.b);
  p448_mul(&b->n.c, &a->y, &a->x);
  p448_mulw(&b->z, &b->n.c, 78164);
  p448_neg(&b->n.c, &b->z);
  p448_bias(&b->n.c, 2);
  p448_weak_reduce(&b->n.c);
  p448_set_ui(&b->z, 2);
}
Ejemplo n.º 20
0
void test_only_twist(struct tw_extensible_t* b, const struct extensible_t* a) {
    mask_t L0, L1;
    struct p448_t L2, L3;
    p448_sqr(&b->u, &a->z);
    p448_sqr(&b->y, &a->x);
    p448_sub(&b->z, &b->u, &b->y);
    p448_bias(&b->z, 2);
    p448_add(&b->y, &b->z, &b->z);
    p448_add(&b->u, &b->y, &b->y);
    p448_sub(&b->y, &a->z, &a->x);
    p448_bias(&b->y, 2);
    p448_mul(&b->x, &b->y, &a->y);
    p448_sub(&b->z, &a->z, &a->y);
    p448_bias(&b->z, 2);
    p448_mul(&b->t, &b->z, &b->x);
    p448_mul(&L3, &b->t, &b->u);
    p448_mul(&b->x, &b->t, &L3);
    p448_isr(&L2, &b->x);
    p448_mul(&b->u, &b->t, &L2);
    p448_sqr(&L3, &L2);
    p448_mul(&b->t, &b->x, &L3);
    p448_add(&L3, &a->y, &a->x);
    p448_sub(&L2, &a->x, &a->y);
    p448_bias(&L2, 2);
    p448_mul(&b->x, &b->t, &L2);
    p448_add(&L2, &b->x, &L3);
    p448_sub(&b->t, &L3, &b->x);
    p448_bias(&b->t, 2);
    p448_mul(&b->x, &L2, &b->u);
    L0 = p448_is_zero(&b->y);
    L1 = -L0;
    p448_addw(&b->x, L1);
    p448_weak_reduce(&b->x);
    p448_mul(&b->y, &b->t, &b->u);
    L0 = p448_is_zero(&b->z);
    L1 = -L0;
    p448_addw(&b->y, L1);
    p448_weak_reduce(&b->y);
    L1 = p448_is_zero(&a->y);
    L0 = L1 + 1;
    p448_set_ui(&b->z, L0);
    p448_copy(&b->t, &b->x);
    p448_copy(&b->u, &b->y);
}
Ejemplo n.º 21
0
mask_t validate_affine(const struct affine_t* a) {
  struct p448_t L0, L1, L2, L3;
  p448_sqr(&L0, &a->y);
  p448_sqr(&L2, &a->x);
  p448_add(&L3, &L2, &L0);
  p448_subw(&L3, 1);
  p448_mulw(&L1, &L2, 39081);
  p448_neg(&L2, &L1);
  p448_bias(&L2, 2);
  p448_mul(&L1, &L0, &L2);
  p448_sub(&L0, &L3, &L1);
  p448_bias(&L0, 3);
  return p448_is_zero(&L0);
}
Ejemplo n.º 22
0
mask_t validate_extensible(const struct extensible_t* ext) {
    mask_t L0, L1;
    struct p448_t L2, L3, L4, L5;
    /*
     * Check invariant:
     * 0 = d*t^2*u^2 - x^2 - y^2 + z^2
     */
    p448_sqr(&L4, &ext->y);
    p448_neg(&L3, &L4);
    p448_addw(&L3, 0);
    p448_sqr(&L2, &ext->z);
    p448_add(&L4, &L2, &L3);
    p448_sqr(&L5, &ext->u);
    p448_sqr(&L2, &ext->t);
    p448_mul(&L3, &L2, &L5);
    p448_mulw(&L5, &L3, 39081);
    p448_neg(&L2, &L5);
    p448_add(&L3, &L2, &L4);
    p448_sqr(&L2, &ext->x);
    p448_neg(&L4, &L2);
    p448_add(&L2, &L4, &L3);
    p448_bias(&L2, 4);
    L1 = p448_is_zero(&L2);
    /*
     * Check invariant:
     * 0 = -x*y + z*t*u
     */
    p448_mul(&L3, &ext->t, &ext->u);
    p448_mul(&L4, &ext->z, &L3);
    p448_addw(&L4, 0);
    p448_mul(&L2, &ext->x, &ext->y);
    p448_neg(&L3, &L2);
    p448_add(&L2, &L3, &L4);
    p448_bias(&L2, 2);
    L0 = p448_is_zero(&L2);
    return L1 & L0;
}
Ejemplo n.º 23
0
void serialize_extensible(struct p448_t* b, const struct extensible_t* a) {
    struct p448_t L0, L1, L2;
    p448_sub(&L0, &a->y, &a->z);
    p448_bias(&L0, 2);
    p448_add(b, &a->z, &a->y);
    p448_mul(&L1, &a->z, &a->x);
    p448_mul(&L2, &L0, &L1);
    p448_mul(&L1, &L2, &L0);
    p448_mul(&L0, &L2, b);
    p448_mul(&L2, &L1, &L0);
    p448_isr(&L0, &L2);
    p448_mul(b, &L1, &L0);
    p448_sqr(&L1, &L0);
    p448_mul(&L0, &L2, &L1);
}
Ejemplo n.º 24
0
void add_tw_niels_to_tw_extensible(struct tw_extensible_t* d,
                                   const struct tw_niels_t* e) {
    struct p448_t L0, L1;
    p448_sub(&L1, &d->y, &d->x);
    p448_bias(&L1, 2);
    p448_mul(&L0, &e->a, &L1);
    p448_add(&L1, &d->x, &d->y);
    p448_mul(&d->y, &e->b, &L1);
    p448_mul(&L1, &d->u, &d->t);
    p448_mul(&d->x, &e->c, &L1);
    p448_add(&d->u, &L0, &d->y);
    p448_sub(&d->t, &d->y, &L0);
    p448_bias(&d->t, 2);
    p448_sub(&d->y, &d->z, &d->x);
    p448_bias(&d->y, 2);
    p448_add(&L0, &d->x, &d->z);
    p448_mul(&d->z, &L0, &d->y);
    p448_mul(&d->x, &d->y, &d->t);
    p448_mul(&d->y, &L0, &d->u);
}
Ejemplo n.º 25
0
void elligator_2s_inject(struct affine_t* a, const struct p448_t* r) {
  mask_t L0, L1;
  struct p448_t L2, L3, L4, L5, L6, L7, L8;
  p448_sqr(&a->x, r);
  p448_sqr(&L3, &a->x);
  p448_copy(&a->y, &L3);
  p448_subw(&a->y, 1);
  p448_neg(&L4, &a->y);
  p448_bias(&L4, 2);
  p448_weak_reduce(&L4);
  p448_sqr(&L2, &L4);
  p448_mulw(&L7, &L2, 1527402724);
  p448_mulw(&L8, &L3, 6108985600);
  p448_add(&a->y, &L8, &L7);
  p448_weak_reduce(&a->y);
  p448_mulw(&L8, &L2, 6109454568);
  p448_sub(&L7, &a->y, &L8);
  p448_bias(&L7, 2);
  p448_weak_reduce(&L7);
  p448_mulw(&L6, &a->y, 78160);
  p448_mul(&L5, &L7, &L6);
  p448_mul(&L8, &L5, &L4);
  p448_mul(&L4, &L5, &L6);
  p448_mul(&L5, &L7, &L8);
  p448_mul(&L8, &L5, &L4);
  p448_mul(&L4, &L7, &L8);
  p448_isr(&L6, &L4);
  p448_mul(&L4, &L5, &L6);
  p448_sqr(&L5, &L6);
  p448_mul(&L6, &L8, &L5);
  p448_mul(&L8, &L7, &L6);
  p448_mul(&L7, &L8, &L6);
  p448_copy(&L6, &a->x);
  p448_subw(&L6, 1);
  p448_addw(&a->x, 1);
  p448_mul(&L5, &a->x, &L8);
  p448_sub(&a->x, &L6, &L5);
  p448_bias(&a->x, 3);
  p448_weak_reduce(&a->x);
  p448_mul(&L5, &L4, &a->x);
  p448_mulw(&L4, &L5, 78160);
  p448_neg(&a->x, &L4);
  p448_bias(&a->x, 2);
  p448_weak_reduce(&a->x);
  p448_add(&L4, &L3, &L3);
  p448_add(&L3, &L4, &L2);
  p448_subw(&L3, 2);
  p448_bias(&L3, 1);
  p448_weak_reduce(&L3);
  p448_mul(&L2, &L3, &L8);
  p448_mulw(&L3, &L2, 3054649120);
  p448_add(&L2, &L3, &a->y);
  p448_mul(&a->y, &L7, &L2);
  L1 = p448_is_zero(&L8);
  L0 = -L1;
  p448_addw(&a->y, L0);
  p448_weak_reduce(&a->y);
}
Ejemplo n.º 26
0
mask_t deserialize_and_twist_approx(struct tw_extensible_t* a,
                                    const struct p448_t* sdm1,
                                    const struct p448_t* sz) {
  struct p448_t L0, L1;
  p448_sqr(&a->z, sz);
  p448_copy(&a->y, &a->z);
  p448_addw(&a->y, 1);
  p448_sqr(&a->x, &a->y);
  p448_mulw(&a->y, &a->x, 39082);
  p448_neg(&a->x, &a->y);
  p448_add(&a->y, &a->z, &a->z);
  p448_bias(&a->y, 1);
  p448_add(&a->u, &a->y, &a->y);
  p448_add(&a->y, &a->u, &a->x);
  p448_weak_reduce(&a->y);
  p448_sqr(&a->x, &a->z);
  p448_subw(&a->x, 1);
  p448_neg(&a->u, &a->x);
  p448_bias(&a->u, 2);
  p448_weak_reduce(&a->u);
  p448_mul(&a->x, sdm1, &a->u);
  p448_mul(&L0, &a->x, &a->y);
  p448_mul(&a->t, &L0, &a->y);
  p448_mul(&a->u, &a->x, &a->t);
  p448_mul(&a->t, &a->u, &L0);
  p448_mul(&a->y, &a->x, &a->t);
  p448_isr(&L0, &a->y);
  p448_mul(&a->y, &a->u, &L0);
  p448_sqr(&L1, &L0);
  p448_mul(&a->u, &a->t, &L1);
  p448_mul(&a->t, &a->x, &a->u);
  p448_add(&a->x, sz, sz);
  p448_mul(&L0, &a->u, &a->x);
  p448_copy(&a->x, &a->z);
  p448_subw(&a->x, 1);
  p448_neg(&L1, &a->x);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_mul(&a->x, &L1, &L0);
  p448_mul(&L0, &a->u, &a->y);
  p448_addw(&a->z, 1);
  p448_mul(&a->y, &a->z, &L0);
  p448_subw(&a->t, 1);
  p448_bias(&a->t, 1);
  mask_t ret = p448_is_zero(&a->t);
  p448_set_ui(&a->z, 1);
  p448_copy(&a->t, &a->x);
  p448_copy(&a->u, &a->y);
  return ret;
}
Ejemplo n.º 27
0
mask_t serialize_montgomery(struct p448_t* b,
                            const struct montgomery_t* a,
                            const struct p448_t* sbz) {
    mask_t L0, L1, L2;
    struct p448_t L3, L4, L5, L6;
    p448_mul(&L6, &a->z0, &a->zd);
    p448_sub(&L4, &L6, &a->xd);
    p448_bias(&L4, 2);
    p448_mul(&L6, &a->za, &L4);
    p448_mul(&L5, &a->z0, &a->xd);
    p448_sub(&L4, &L5, &a->zd);
    p448_bias(&L4, 2);
    p448_mul(&L3, &a->xa, &L4);
    p448_add(&L5, &L3, &L6);
    p448_sub(&L4, &L6, &L3);
    p448_bias(&L4, 2);
    p448_mul(&L6, &L4, &L5);
    p448_copy(&L5, &a->z0);
    p448_addw(&L5, 1);
    p448_sqr(&L4, &L5);
    p448_mulw(&L5, &L4, 39082);
    p448_neg(&L4, &L5);
    p448_add(&L3, &a->z0, &a->z0);
    p448_bias(&L3, 1);
    p448_add(&L5, &L3, &L3);
    p448_add(&L3, &L5, &L4);
    p448_mul(&L5, &a->xd, &L3);
    L1 = p448_is_zero(&a->zd);
    L2 = -L1;
    p448_mask(&L4, &L5, L1);
    p448_add(&L5, &L4, &a->zd);
    L0 = ~L1;
    p448_mul(&L4, sbz, &L6);
    p448_addw(&L4, L2);
    p448_mul(&L6, &L5, &L4);
    p448_mul(&L4, &L6, &L5);
    p448_mul(&L5, &L6, &a->xd);
    p448_mul(&L6, &L4, &L5);
    p448_isr(&L3, &L6);
    p448_mul(&L5, &L4, &L3);
    p448_sqr(&L4, &L3);
    p448_mul(&L3, &L6, &L4);
    p448_mask(b, &L5, L0);
    p448_subw(&L3, 1);
    p448_bias(&L3, 1);
    L1 = p448_is_zero(&L3);
    L0 = p448_is_zero(sbz);
    return L1 | L0;
}
Ejemplo n.º 28
0
void p448_isr(struct p448_t* a, const struct p448_t* x) {
  struct p448_t L0, L1, L2;
  p448_sqr(&L1, x);
  p448_mul(&L2, x, &L1);
  p448_sqr(&L1, &L2);
  p448_mul(&L2, x, &L1);
  p448_sqrn(&L1, &L2, 3);
  p448_mul(&L0, &L2, &L1);
  p448_sqrn(&L1, &L0, 3);
  p448_mul(&L0, &L2, &L1);
  p448_sqrn(&L2, &L0, 9);
  p448_mul(&L1, &L0, &L2);
  p448_sqr(&L0, &L1);
  p448_mul(&L2, x, &L0);
  p448_sqrn(&L0, &L2, 18);
  p448_mul(&L2, &L1, &L0);
  p448_sqrn(&L0, &L2, 37);
  p448_mul(&L1, &L2, &L0);
  p448_sqrn(&L0, &L1, 37);
  p448_mul(&L1, &L2, &L0);
  p448_sqrn(&L0, &L1, 111);
  p448_mul(&L2, &L1, &L0);
  p448_sqr(&L0, &L2);
  p448_mul(&L1, x, &L0);
  p448_sqrn(&L0, &L1, 223);
  p448_mul(a, &L2, &L0);
}
Ejemplo n.º 29
0
mask_t serialize_montgomery(struct p448_t* b,
                            const struct montgomery_t* a,
                            const struct p448_t* sbz) {
  mask_t L4, L5, L6;
  struct p448_t L0, L1, L2, L3;
  p448_mul(&L3, &a->z0, &a->zd);
  p448_sub(&L1, &L3, &a->xd);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_mul(&L3, &a->za, &L1);
  p448_mul(&L2, &a->z0, &a->xd);
  p448_sub(&L1, &L2, &a->zd);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_mul(&L0, &a->xa, &L1);
  p448_add(&L2, &L0, &L3);
  p448_sub(&L1, &L3, &L0);
  p448_bias(&L1, 2);
  p448_weak_reduce(&L1);
  p448_mul(&L3, &L1, &L2);
  p448_copy(&L2, &a->z0);
  p448_addw(&L2, 1);
  p448_sqr(&L1, &L2);
  p448_mulw(&L2, &L1, 39082);
  p448_neg(&L1, &L2);
  p448_add(&L2, &a->z0, &a->z0);
  p448_bias(&L2, 1);
  p448_add(&L0, &L2, &L2);
  p448_add(&L2, &L0, &L1);
  p448_weak_reduce(&L2);
  p448_mul(&L0, &a->xd, &L2);
  L5 = p448_is_zero(&a->zd);
  L6 = -L5;
  p448_mask(&L1, &L0, L5);
  p448_add(&L2, &L1, &a->zd);
  L4 = ~L5;
  p448_mul(&L1, sbz, &L3);
  p448_addw(&L1, L6);
  p448_mul(&L3, &L2, &L1);
  p448_mul(&L1, &L3, &L2);
  p448_mul(&L2, &L3, &a->xd);
  p448_mul(&L3, &L1, &L2);
  p448_isr(&L0, &L3);
  p448_mul(&L2, &L1, &L0);
  p448_sqr(&L1, &L0);
  p448_mul(&L0, &L3, &L1);
  p448_mask(b, &L2, L4);
  p448_subw(&L0, 1);
  p448_bias(&L0, 1);
  L5 = p448_is_zero(&L0);
  L4 = p448_is_zero(sbz);
  return L5 | L4;
}