// Point doubling; See http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-mdbl-1987-m void xz_ge_double(felem xout, felem zout, const felem xin) { static const felem fone = {1}; felem xx1, t0, t1, t2; fsquare_times(xx1, xin, 1); fcopy(t0, fone); fdifference_backwards(t0, xx1); fsquare_times(xout, t0, 1); fscalar_product(t1, xin, 486662); fsum(t1, xx1); fsum(t1, fone); fmul(t2, xin, t1); fscalar_product(zout, t2, 4); }
/* Input: Q, Q', Q-Q' * Output: 2Q, Q+Q' * * x2 z3: long form * x3 z3: long form * x z: short form, destroyed * xprime zprime: short form, destroyed * qmqp: short form, preserved */ void fmonty(felem *x2, felem *z2, /* output 2Q */ felem *x3, felem *z3, /* output Q + Q' */ felem *x, felem *z, /* input Q */ felem *xprime, felem *zprime, /* input Q' */ const felem *qmqp /* input Q - Q' */) { felem origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19], zzprime[19], zzzprime[19], xxxprime[19]; memcpy(origx, x, 10 * sizeof(felem)); fsum(x, z); fdifference(z, origx); /* does x - z */ memcpy(origxprime, xprime, sizeof(felem) * 10); fsum(xprime, zprime); fdifference(zprime, origxprime); fproduct(xxprime, xprime, z); fproduct(zzprime, x, zprime); freduce_degree(xxprime); freduce_coefficients(xxprime); freduce_degree(zzprime); freduce_coefficients(zzprime); memcpy(origxprime, xxprime, sizeof(felem) * 10); fsum(xxprime, zzprime); fdifference(zzprime, origxprime); fsquare(xxxprime, xxprime); fsquare(zzzprime, zzprime); fproduct(zzprime, zzzprime, qmqp); freduce_degree(zzprime); freduce_coefficients(zzprime); memcpy(x3, xxxprime, sizeof(felem) * 10); memcpy(z3, zzprime, sizeof(felem) * 10); fsquare(xx, x); fsquare(zz, z); fproduct(x2, xx, zz); freduce_degree(x2); freduce_coefficients(x2); fdifference(zz, xx); /* does zz = xx - zz */ memset(zzz + 10, 0, sizeof(felem) * 9); fscalar_product(zzz, zz, 121665); freduce_degree(zzz); freduce_coefficients(zzz); fsum(zzz, xx); fproduct(z2, zz, zzz); freduce_degree(z2); freduce_coefficients(z2); }