void curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { felem bp[10], x[10], z[10], zmone[10]; fexpand(bp, basepoint); cmult(x, z, secret, bp); crecip(zmone, z); fmul(z, x, zmone); fcontract(mypublic, z); }
bits256 cards777_initcrypt(bits256 data,bits256 privkey,bits256 pubkey,int32_t invert) { bits256 hash; bits320 hexp; hash = curve25519_shared(privkey,pubkey); hexp = fexpand(hash); if ( invert != 0 ) hexp = crecip(hexp); return(fcontract(fmul(fexpand(data),hexp))); }
int crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) { felem bp[5], x[5], z[5], zmone[5]; unsigned char e[32]; int i; for (i = 0;i < 32;++i) e[i] = secret[i]; e[0] &= 248; e[31] &= 127; e[31] |= 64; fexpand(bp, basepoint); cmult(x, z, e, bp); crecip(zmone, z); fmul(z, x, zmone); fcontract(mypublic, z); return 0; }
// Simultaneous modular inversion; See Section 2.25 of Guide to Elliptic Curve Cryptography (2004) void batch_inverse(felem *a, int n) { felem c[BATCH_SIZE]; fcopy(c[0], a[0]); for ( int i = 1; i < n; i ++ ) { fmul(c[i], c[i-1], a[i]); } felem u; crecip(u, c[n - 1]); for ( int i = n - 1; i > 0; i-- ) { felem t1, t2; fmul(t1, u, c[i-1]); fmul(t2, u, a[i]); fcopy(a[i], t1); fcopy(u, t2); } fcopy(a[0], u); }