Unverified Commit 03d3a82d authored by Sofia Celi's avatar Sofia Celi

Michael Hamburg commit: double and encode in ristretto.sage for decaf ed25519....

Michael Hamburg commit: double and encode in ristretto.sage for decaf ed25519. kinda sloppy, but good enough for a poc since im not going to implement in c yet anyway
parent b7937d56
...@@ -509,44 +509,38 @@ class Decaf_1_1_Point(QuotientEdwardsPoint): ...@@ -509,44 +509,38 @@ class Decaf_1_1_Point(QuotientEdwardsPoint):
a,d = self.a,self.d a,d = self.a,self.d
if self.cofactor == 8: if self.cofactor == 8:
# TODO: optimized version with no isqrt
e = 2*X*Y
f = Z^2+d*T^2
g = Y^2-a*X^2
h = Z^2-d*T^2
x = e*h
y = f*g
z = f*h
t = e*g
# Cofactor 8 version # Cofactor 8 version
# Simulate IMAGINE_TWIST because that's how libdecaf does it # Simulate IMAGINE_TWIST because that's how libdecaf does it
x = self.i*x X = self.i*X
t = self.i*t T = self.i*T
a = -a a = -a
d = -d d = -d
# TODO: This is only being called for a=-1, so could
# be wrong for a=1
# OK, the actual libdecaf code should be here e = 2*X*Y
num = (z+y)*(z-y) f = Y^2+a*X^2
den = x*y g = Y^2-a*X^2
isr = isqrt(num*(a-d)*den^2) h = Z^2-d*T^2
iden = isr * den * self.isoMagic eim = e*self.isoMagic
inum = isr * num inv = 1/(eim*g*f*h)
fh_inv = eim*g*inv*self.i
if negative(iden*inum*self.i*t^2*(d-a)): if negative(eim*g*fh_inv):
iden,inum = inum,iden idf = g*self.isoMagic*self.i
fac = x*sqrt(a) bar = f
toggle=(a==-1) foo = g
else: test = eim*f
fac = y
toggle=False
imi = self.isoMagic * self.i else:
if negative(inum*t*imi) != toggle: inum =- inum idf = eim
bar = h
foo = -eim
test = g*h
tmp = fac*(inum*z + 1) if negative(test*fh_inv): bar =- bar
s = iden*tmp*imi s = idf*(foo+bar)*inv*f*h
else: else:
xy = X*Y xy = X*Y
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment