From 1920c5fc69989447524559b3e6f351a4753e21b0 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 26 Mar 2014 18:37:38 +0900 Subject: [PATCH] improve a bit --- ChangeLog | 7 ++++++ src/ecc-edwards.c | 15 ++---------- src/mod25638.c | 62 +++++++++++++++++++++++++---------------------- 3 files changed, 42 insertions(+), 42 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5ad582c..f68fd7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2014-03-26 Niibe Yutaka + + * src/mod25638.c (mod25638_reduce): New. + (mod25638_mul, mod25638_sqr): Use mod25638_reduce. + + * src/ecc-edwards.c (ptc_to_ac_25519): No need to subtract p25519. + 2014-03-25 Niibe Yutaka * misc/t-eddsa.c: New. diff --git a/src/ecc-edwards.c b/src/ecc-edwards.c index d5b86d2..82feab1 100644 --- a/src/ecc-edwards.c +++ b/src/ecc-edwards.c @@ -219,20 +219,9 @@ ptc_to_ac_25519 (ac *X, const ptc *A) /* * A->z may be bigger than p25519, or two times bigger than p25519. - * We try to subtract p25519 twice. + * But this is no problem for computation of mod_inv. */ - borrow = bn256_sub (z_inv, A->z, p25519); - if (borrow) - memcpy (z_inv, A->z, sizeof (bn256)); - else - memcpy (z, A->z, sizeof (bn256)); /* dumy copy */ - borrow = bn256_sub (z, z_inv, p25519); - if (borrow) - memcpy (z, z_inv, sizeof (bn256)); - else - memcpy (z_inv, z, sizeof (bn256)); /* dumy copy */ - - mod_inv (z_inv, z, p25519); + mod_inv (z_inv, A->z, p25519); mod25638_mul (X->x, A->x, z_inv); borrow = bn256_sub (z, X->x, p25519); diff --git a/src/mod25638.c b/src/mod25638.c index ebfb3ef..7a6e36a 100644 --- a/src/mod25638.c +++ b/src/mod25638.c @@ -123,39 +123,29 @@ mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B) /** - * @brief X = (A * B) mod 2^256-38 + * @brief X = A mod 25638 + * + * Note that the second argument is not "const bn512 *". + * A is modified during the computation of modulo. */ -void -mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) +static void +mod25638_reduce (bn256 *X, bn512 *A) { - uint32_t word[BN256_WORDS*2]; const uint32_t *s; uint32_t *d; uint32_t w; - uint32_t c, c0; #if ASM_IMPLEMENTATION - memset (word, 0, sizeof (uint32_t)*BN256_WORDS); + uint32_t c, c0; - s = A->word; d = &word[0]; w = B->word[0]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[1]; w = B->word[1]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[2]; w = B->word[2]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[3]; w = B->word[3]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[4]; w = B->word[4]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[5]; w = B->word[5]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[6]; w = B->word[6]; MULADD_256 (s, d, w, c); - s = A->word; d = &word[7]; w = B->word[7]; MULADD_256 (s, d, w, c); - s = &word[8]; d = &word[0]; w = 38; MULADD_256 (s, d, w, c); - c0 = word[8] * 38; - s = word; + s = &A->word[8]; d = &A->word[0]; w = 38; MULADD_256 (s, d, w, c); + c0 = A->word[8] * 38; + s = &A->word[0]; ADDWORD_256 (s, c0, c); - word[0] += c * 38; - memcpy (X, word, sizeof (bn256)); + A->word[0] += c * 38; + memcpy (X, A, sizeof (bn256)); #else - (void)c; (void)c0; - bn256_mul ((bn512 *)word, A, B); - - s = &word[8]; d = &word[0]; w = 38; + s = &A->word[8]; d = &A->word[0]; w = 38; { int i; uint64_t r; @@ -179,8 +169,8 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) } d[i] = (uint32_t)r; - r0 = word[8] * 38; - d = word; + r0 = A->word[8] * 38; + d = &A->word[0]; for (i = 0; i < BN256_WORDS; i++) { r0 += d[i]; @@ -188,21 +178,35 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) d[i] = r0; r0 = carry; } - word[0] += r0 * 38; + A->word[0] += r0 * 38; } - memcpy (X, word, sizeof (bn256)); + memcpy (X, A, sizeof (bn256)); #endif } +/** + * @brief X = (A * B) mod 2^256-38 + */ +void +mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) +{ + bn512 tmp[1]; + + bn256_mul (tmp, A, B); + mod25638_reduce (X, tmp); +} + /** * @brief X = A * A mod 2^256-38 */ void mod25638_sqr (bn256 *X, const bn256 *A) { - /* This could be improved a bit, see bn256_sqr. */ - mod25638_mul (X, A, A); + bn512 tmp[1]; + + bn256_sqr (tmp, A); + mod25638_reduce (X, tmp); }