void curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
felem bp[10], x[10], z[10], zmone[10];
fexpand(bp, basepoint);
cmult(x, z, secret, bp);
crecip(zmone, z);
fmul(z, x, zmone);
fcontract(mypublic, z);
}
bits256 cards777_initcrypt(bits256 data,bits256 privkey,bits256 pubkey,int32_t invert)
{
bits256 hash; bits320 hexp;
hash = curve25519_shared(privkey,pubkey);
hexp = fexpand(hash);
if ( invert != 0 )
hexp = crecip(hexp);
return(fcontract(fmul(fexpand(data),hexp)));
}
int
crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
felem bp[5], x[5], z[5], zmone[5];
unsigned char e[32];
int i;
for (i = 0;i < 32;++i) e[i] = secret[i];
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;
fexpand(bp, basepoint);
cmult(x, z, e, bp);
crecip(zmone, z);
fmul(z, x, zmone);
fcontract(mypublic, z);
return 0;
}
// Simultaneous modular inversion; See Section 2.25 of Guide to Elliptic Curve Cryptography (2004)
void batch_inverse(felem *a, int n)
{
felem c[BATCH_SIZE];
fcopy(c[0], a[0]);
for ( int i = 1; i < n; i ++ ) {
fmul(c[i], c[i-1], a[i]);
}
felem u;
crecip(u, c[n - 1]);
for ( int i = n - 1; i > 0; i-- ) {
felem t1, t2;
fmul(t1, u, c[i-1]);
fmul(t2, u, a[i]);
fcopy(a[i], t1);
fcopy(u, t2);
}
fcopy(a[0], u);
}
