/* r = a * A + b * B where a = a[0]+256*a[1]+...+256^31 a[31]. and b = b[0]+256*b[1]+...+256^31 b[31]. B is the Ed25519 base point (x,4/5) with x positive. */ public static void ge_double_scalarmult_vartime(out GroupElementP2 r, byte[] a, ref GroupElementP3 A, byte[] b) { GroupElementPreComp[] Bi = LookupTables.Base2; sbyte[] aslide = new sbyte[256]; sbyte[] bslide = new sbyte[256]; GroupElementCached[] Ai = new GroupElementCached[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ GroupElementP1P1 t; GroupElementP3 u; GroupElementP3 A2; int i; slide(aslide, a); slide(bslide, b); ge_p3_to_cached(out Ai[0], ref A); ge_p3_dbl(out t, ref A); ge_p1p1_to_p3(out A2, ref t); ge_add(out t, ref A2, ref Ai[0]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[1], ref u); ge_add(out t, ref A2, ref Ai[1]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[2], ref u); ge_add(out t, ref A2, ref Ai[2]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[3], ref u); ge_add(out t, ref A2, ref Ai[3]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[4], ref u); ge_add(out t, ref A2, ref Ai[4]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[5], ref u); ge_add(out t, ref A2, ref Ai[5]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[6], ref u); ge_add(out t, ref A2, ref Ai[6]); ge_p1p1_to_p3(out u, ref t); ge_p3_to_cached(out Ai[7], ref u); ge_p2_0(out r); for (i = 255; i >= 0; --i) { if ((aslide[i] != 0) || (bslide[i] != 0)) break; } for (; i >= 0; --i) { ge_p2_dbl(out t, ref r); if (aslide[i] > 0) { ge_p1p1_to_p3(out u, ref t); ge_add(out t, ref u, ref Ai[aslide[i] / 2]); } else if (aslide[i] < 0) { ge_p1p1_to_p3(out u, ref t); ge_sub(out t, ref u, ref Ai[(-aslide[i]) / 2]); } if (bslide[i] > 0) { ge_p1p1_to_p3(out u, ref t); ge_madd(out t, ref u, ref Bi[bslide[i] / 2]); } else if (bslide[i] < 0) { ge_p1p1_to_p3(out u, ref t); ge_msub(out t, ref u, ref Bi[(-bslide[i]) / 2]); } ge_p1p1_to_p2(out r, ref t); } }
public static void ge_tobytes(byte[] s, int offset, ref GroupElementP2 h) { FieldElement recip; FieldElement x, y; FieldOperations.fe_invert(out recip, ref h.Z); FieldOperations.fe_mul(out x, ref h.X, ref recip); FieldOperations.fe_mul(out y, ref h.Y, ref recip); FieldOperations.fe_tobytes(s, offset, ref y); s[offset + 31] ^= (byte)(FieldOperations.fe_isnegative(ref x) << 7); }
/* r = 2 * p */ public static void ge_p2_dbl(out GroupElementP1P1 r, ref GroupElementP2 p) { FieldElement t0; /* qhasm: XX=X1^2 */ /* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */ /* asm 2: fe_sq(>XX=r.X,<X1=p.X); */ FieldOperations.fe_sq(out r.X, ref p.X); /* qhasm: YY=Y1^2 */ /* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */ /* asm 2: fe_sq(>YY=r.Z,<Y1=p.Y); */ FieldOperations.fe_sq(out r.Z, ref p.Y); /* qhasm: B=2*Z1^2 */ /* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */ /* asm 2: fe_sq2(>B=r.T,<Z1=p.Z); */ FieldOperations.fe_sq2(out r.T, ref p.Z); /* qhasm: A=X1+Y1 */ /* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */ /* asm 2: fe_add(>A=r.Y,<X1=p.X,<Y1=p.Y); */ FieldOperations.fe_add(out r.Y, ref p.X, ref p.Y); /* qhasm: AA=A^2 */ /* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */ /* asm 2: fe_sq(>AA=t0,<A=r.Y); */ FieldOperations.fe_sq(out t0, ref r.Y); /* qhasm: Y3=YY+XX */ /* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */ /* asm 2: fe_add(>Y3=r.Y,<YY=r.Z,<XX=r.X); */ FieldOperations.fe_add(out r.Y, ref r.Z, ref r.X); /* qhasm: Z3=YY-XX */ /* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */ /* asm 2: fe_sub(>Z3=r.Z,<YY=r.Z,<XX=r.X); */ FieldOperations.fe_sub(out r.Z, ref r.Z, ref r.X); /* qhasm: X3=AA-Y3 */ /* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */ /* asm 2: fe_sub(>X3=r.X,<AA=t0,<Y3=r.Y); */ FieldOperations.fe_sub(out r.X, ref t0, ref r.Y); /* qhasm: T3=B-Z3 */ /* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */ /* asm 2: fe_sub(>T3=r.T,<B=r.T,<Z3=r.Z); */ FieldOperations.fe_sub(out r.T, ref r.T, ref r.Z); /* qhasm: return */ }
public static void ge_p2_0(out GroupElementP2 h) { FieldOperations.fe_0(out h.X); FieldOperations.fe_1(out h.Y); FieldOperations.fe_1(out h.Z); }
/* r = p */ public static void ge_p3_to_p2(out GroupElementP2 r, ref GroupElementP3 p) { r.X = p.X; r.Y = p.Y; r.Z = p.Z; }
/* r = p */ public static void ge_p1p1_to_p2(out GroupElementP2 r, ref GroupElementP1P1 p) { FieldOperations.fe_mul(out r.X, ref p.X, ref p.T); FieldOperations.fe_mul(out r.Y, ref p.Y, ref p.Z); FieldOperations.fe_mul(out r.Z, ref p.Z, ref p.T); }