toggle elligator sign back to match Dalek

70303957 · Michael Hamburg · 2bcccebd · 70303957 · 70303957 · 70303957
Commit 70303957 authored Oct 13, 2017 by Michael Hamburg
--- a/aux/ristretto/ristretto.sage
+++ b/aux/ristretto/ristretto.sage
@@ -50,7 +50,7 @@ def isqrt(x,exn=InvalidEncodingException("Not on curve")):
    if x==0: return 0
    if not is_square(x): raise exn
    s = sqrt(x)
-    if negative(s): s=-s
+    #if negative(s): s=-s
    return 1/s

 def inv0(x): return 1/x if x != 0 else 0

--- a/src/GENERATED/c/curve25519/decaf.c
+++ b/src/GENERATED/c/curve25519/decaf.c
@@ -50,7 +50,7 @@ const uint8_t decaf_x25519_base_point[DECAF_X25519_PUBLIC_BYTES] = { 0x09 };

 #define RISTRETTO_FACTOR DECAF_255_RISTRETTO_FACTOR
 const gf RISTRETTO_FACTOR = {{{
-    0x0fdaa805d40ea, 0x2eb482e57d339, 0x007610274bc58, 0x6510b613dc8ff, 0x786c8905cfaff
+    0x702557fa2bf03, 0x514b7d1a82cc6, 0x7f89efd8b43a7, 0x1aef49ec23700, 0x079376fa30500
 }}};

 #if IMAGINE_TWIST

--- a/src/GENERATED/c/curve25519/decaf_tables.c
+++ b/src/GENERATED/c/curve25519/decaf_tables.c
--- a/src/per_curve/decaf.tmpl.c
+++ b/src/per_curve/decaf.tmpl.c
@@ -39,7 +39,7 @@ const uint8_t decaf_x$(gf_shortname)_base_point[DECAF_X$(gf_shortname)_PUBLIC_BY

 #define RISTRETTO_FACTOR $(C_NS)_RISTRETTO_FACTOR
 const gf RISTRETTO_FACTOR = {{{
-    $(ser(msqrt(d-1 if imagine_twist else -d,modulus,lo_bit_clear=True),gf_lit_limb_bits))
+    $(ser(msqrt(d-1 if imagine_twist else -d,modulus,hi_bit_clear=True),gf_lit_limb_bits))
 }}};

 #if IMAGINE_TWIST