improve a bit

2014-03-26 18:37:38 +09:00
parent fc53d507ce
commit 1920c5fc69
3 changed files with 42 additions and 42 deletions
--- a/7
+++ b/7
@@ -1,3 +1,10 @@
 2014-03-26  Niibe Yutaka  <gniibe@fsij.org>
 	* src/mod25638.c (mod25638_reduce): New.
 	(mod25638_mul, mod25638_sqr): Use mod25638_reduce.
 	* src/ecc-edwards.c (ptc_to_ac_25519): No need to subtract p25519.
 2014-03-25  Niibe Yutaka  <gniibe@fsij.org>
 	* misc/t-eddsa.c: New.
--- a/src/ecc-edwards.c
+++ b/src/ecc-edwards.c
@@ -219,20 +219,9 @@ ptc_to_ac_25519 (ac *X, const ptc *A)
  /*
   * A->z may be bigger than p25519, or two times bigger than p25519.
-   * We try to subtract p25519 twice.
+   * But this is no problem for computation of mod_inv.
   */
-  borrow = bn256_sub (z_inv, A->z, p25519);
+  mod_inv (z_inv, A->z, p25519);
  if (borrow)
    memcpy (z_inv, A->z, sizeof (bn256));
  else
    memcpy (z, A->z, sizeof (bn256)); /* dumy copy */
  borrow = bn256_sub (z, z_inv, p25519);
  if (borrow)
    memcpy (z, z_inv, sizeof (bn256));
  else
    memcpy (z_inv, z, sizeof (bn256)); /* dumy copy */
  mod_inv (z_inv, z, p25519);
  mod25638_mul (X->x, A->x, z_inv);
  borrow = bn256_sub (z, X->x, p25519);
--- a/src/mod25638.c
+++ b/src/mod25638.c
@@ -123,39 +123,29 @@ mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B)
 /**
- * @brief  X = (A * B) mod 2^256-38
+ * @brief  X = A mod 25638
 *
 * Note that the second argument is not "const bn512 *".
 * A is modified during the computation of modulo.
 */
-void
+static void
-mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
+mod25638_reduce (bn256 *X, bn512 *A)
 {
  uint32_t word[BN256_WORDS*2];
  const uint32_t *s;
  uint32_t *d;
  uint32_t w;
  uint32_t c, c0;
 #if ASM_IMPLEMENTATION
-  memset (word, 0, sizeof (uint32_t)*BN256_WORDS);
+  uint32_t c, c0;
-  s = A->word;  d = &word[0];  w = B->word[0];  MULADD_256 (s, d, w, c);
+  s = &A->word[8]; d = &A->word[0]; w = 38; MULADD_256 (s, d, w, c);
-  s = A->word;  d = &word[1];  w = B->word[1];  MULADD_256 (s, d, w, c);
+  c0 = A->word[8] * 38;
-  s = A->word;  d = &word[2];  w = B->word[2];  MULADD_256 (s, d, w, c);
+  s = &A->word[0];
  s = A->word;  d = &word[3];  w = B->word[3];  MULADD_256 (s, d, w, c);
  s = A->word;  d = &word[4];  w = B->word[4];  MULADD_256 (s, d, w, c);
  s = A->word;  d = &word[5];  w = B->word[5];  MULADD_256 (s, d, w, c);
  s = A->word;  d = &word[6];  w = B->word[6];  MULADD_256 (s, d, w, c);
  s = A->word;  d = &word[7];  w = B->word[7];  MULADD_256 (s, d, w, c);
  s = &word[8]; d = &word[0];  w = 38;          MULADD_256 (s, d, w, c);
  c0 = word[8] * 38;
  s = word;
  ADDWORD_256 (s, c0, c);
-  word[0] += c * 38;
+  A->word[0] += c * 38;
-  memcpy (X, word, sizeof (bn256));
+  memcpy (X, A, sizeof (bn256));
 #else
-  (void)c;  (void)c0;
+  s = &A->word[8]; d = &A->word[0]; w = 38;
  bn256_mul ((bn512 *)word, A, B);
  s = &word[8]; d = &word[0];  w = 38;
  {
    int i;
    uint64_t r;
@@ -179,8 +169,8 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
      }
    d[i] = (uint32_t)r;
-    r0 = word[8] * 38;
+    r0 = A->word[8] * 38;
-    d = word;
+    d = &A->word[0];
    for (i = 0; i < BN256_WORDS; i++)
      {
 	r0 += d[i];
@@ -188,21 +178,35 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
 	d[i] = r0;
 	r0 = carry;
      }
-    word[0] += r0 * 38;
+    A->word[0] += r0 * 38;
  }
-  memcpy (X, word, sizeof (bn256));
+  memcpy (X, A, sizeof (bn256));
 #endif
 }
 /**
 * @brief  X = (A * B) mod 2^256-38
 */
 void
 mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
 {
  bn512 tmp[1];
  bn256_mul (tmp, A, B);
  mod25638_reduce (X, tmp);
 }
 /**
 * @brief  X = A * A mod 2^256-38
 */
 void
 mod25638_sqr (bn256 *X, const bn256 *A)
 {
-  /* This could be improved a bit, see bn256_sqr.  */
+  bn512 tmp[1];
-  mod25638_mul (X, A, A);
+
  bn256_sqr (tmp, A);
  mod25638_reduce (X, tmp);
 }