/*
* h = a * B
* where a = a[0]+256*a[1]+...+256^31 a[31]
* B is the Ed25519 base point (x,4/5) with x positive.
*
* Preconditions:
* a[31] <= 127
*/
public static void ge_scalarmult_base(Ge_p3 h, byte[] a)
{
byte[] e = new byte[64];
byte carry;
Ge_p1p1 r = new Ge_p1p1();
Ge_p2 s = new Ge_p2();
Ge_precomp t = new Ge_precomp();
int i;
for (i = 0; i < 32; ++i)
{
e[2 * i + 0] = (byte)((((uint)a[i]) >> 0) & 15);
e[2 * i + 1] = (byte)((((uint)a[i]) >> 4) & 15);
}
/* each e[i] is between 0 and 15 */
/* e[63] is between 0 and 7 */
carry = 0;
for (i = 0; i < 63; ++i)
{
e[i] += carry;
carry = (byte)(e[i] + 8);
carry >>= 4;
e[i] -= (byte)(carry << 4);
}
e[63] += carry;
/* each e[i] is between -8 and 8 */
Ge_p3_0.ge_p3_0(h);
for (i = 1; i < 64; i += 2)
{
select(t, i / 2, e[i]);
Ge_madd.ge_madd(r, h, t); Ge_p1p1_to_p3.ge_p1p1_to_p3(h, r);
}
Ge_p3_dbl.ge_p3_dbl(r, h); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p3.ge_p1p1_to_p3(h, r);
for (i = 0; i < 64; i += 2)
{
select(t, i / 2, e[i]);
Ge_madd.ge_madd(r, h, t); Ge_p1p1_to_p3.ge_p1p1_to_p3(h, r);
}
}
/*
* h = a * B
* where a = a[0]+256*a[1]+...+256^31 a[31]
* B is the Ed25519 base point (x,4/5) with x positive.
*
* Preconditions:
* a[31] <= 127
*/
public static void ge_scalarmult(Ge_p3 h, byte[] a, Ge_p3 A)
{
byte[] e = new byte[64];
byte carry;
Ge_p1p1 r = new Ge_p1p1();
Ge_p2 s = new Ge_p2();
Ge_p3 t0 = new Ge_p3();
Ge_p3 t1 = new Ge_p3();
Ge_p3 t2 = new Ge_p3();
Ge_cached t = new Ge_cached();
Ge_cached[] pre = new Ge_cached[8];
for (int count = 0; count < pre.Length; count++)
{
pre[count] = new Ge_cached();
}
int i;
for (i = 0; i < 32; ++i)
{
e[2 * i + 0] = (byte)((((uint)a[i]) >> 0) & 15);
e[2 * i + 1] = (byte)((((uint)a[i]) >> 4) & 15);
}
/* each e[i] is between 0 and 15 */
/* e[63] is between 0 and 7 */
carry = 0;
for (i = 0; i < 63; ++i)
{
e[i] += carry;
carry = (byte)(e[i] + 8);
carry >>= 4;
e[i] -= (byte)(carry << 4);
}
e[63] += carry;
/* each e[i] is between -8 and 8 */
// Precomputation:
Ge_p3_to_cached.ge_p3_to_cached(pre[0], A); // A
Ge_p3_dbl.ge_p3_dbl(r, A);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t0, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[1], t0); // 2A
Ge_add.ge_add(r, A, pre[1]);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t1, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[2], t1); // 3A
Ge_p3_dbl.ge_p3_dbl(r, t0);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t0, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[3], t0); // 4A
Ge_add.ge_add(r, A, pre[3]);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t2, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[4], t2); // 5A
Ge_p3_dbl.ge_p3_dbl(r, t1);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t1, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[5], t1); // 6A
Ge_add.ge_add(r, A, pre[5]);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t1, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[6], t1); // 7A
Ge_p3_dbl.ge_p3_dbl(r, t0);
Ge_p1p1_to_p3.ge_p1p1_to_p3(t0, r);
Ge_p3_to_cached.ge_p3_to_cached(pre[7], t0); // 8A
Ge_p3_0.ge_p3_0(h);
for (i = 63; i > 0; i--)
{
select(t, pre, e[i]);
Ge_add.ge_add(r, h, t);
Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p2.ge_p1p1_to_p2(s, r);
Ge_p2_dbl.ge_p2_dbl(r, s); Ge_p1p1_to_p3.ge_p1p1_to_p3(h, r);
}
select(t, pre, e[0]);
Ge_add.ge_add(r, h, t);
Ge_p1p1_to_p3.ge_p1p1_to_p3(h, r);
}