more minor improvement around 2^256-38.

2014-04-17 12:21:00 +09:00
parent 4f1343e154
commit 62a59b56fe
4 changed files with 37 additions and 18 deletions
--- a/8
+++ b/8
@@ -1,3 +1,11 @@
+2014-04-17  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/mod25638.c (mod25638_add, mod25638_sub): Simplify.
+	(n25638): Remove.
+	(mod25638_neg): New.
+
+	* src/ecc-edwards.c (point_double): Use mod25638_neg.
+
 2014-04-16  Niibe Yutaka  <gniibe@fsij.org>

 	* VERSION: 1.1.3.
--- a/src/ecc-edwards.c
+++ b/src/ecc-edwards.c
@@ -127,7 +127,6 @@ mod25519_is_neg (const bn256 *a)
 static void
 point_double (ptc *X, const ptc *A)
 {
-  uint32_t borrow;
  bn256 b[1], d[1], e[1];

  /* Compute: B = (X1 + Y1)^2 */
@@ -143,12 +142,7 @@ point_double (ptc *X, const ptc *A)
  /* E = aC; where a = -1 */
  /* Compute: E - D = -(C+D)  : Y3_tmp */
  mod25638_add (X->y, e, d);
-  /* Negation: it can result borrow, as it is in redundant representation. */
-  borrow = bn256_sub (X->y, n25638, X->y);
-  if (borrow)
-    bn256_add (X->y, X->y, n25638); /* carry ignored */
-  else
-    bn256_add (X->x, X->y, n25638); /* dummy calculation */
+  mod25638_neg (X->y, X->y);

  /* Compute: F = E + D = D - C; where a = -1 : E */
  mod25638_sub (e, d, e);
--- a/src/mod25638.c
+++ b/src/mod25638.c
@@ -68,17 +68,13 @@
 256      224      192      160      128       96       64       32        0
 2^256
  1 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-2^256 - 32
-  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffe0
-2^256 - 32 - 4
-  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffdc
-2^256 - 32 - 4 - 2
-  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffda
+2^256 - 16
+  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffff0
+2^256 - 16 - 2
+  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffee
+2^256 - 16 - 2 - 1
+  0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffed
 */
-const bn256 n25638[1] = {
-  {{0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff,
-    0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }} };
-
 const bn256 p25519[1] = {
  {{ 0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff,
     0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff }} };
@@ -93,6 +89,27 @@ const bn256 p25519[1] = {
 * 256-bit.
 */

+/**
+ * @brief  X = -A mod 2^256-38
+ */
+void
+mod25638_neg (bn256 *X, const bn256 *A)
+{
+  int i;
+  uint32_t borrow;
+  uint32_t *px;
+  const uint32_t *pa;
+
+  px = X->word;
+  pa = A->word;
+
+  for (i = 0; i < BN256_WORDS; i++)
+    *px++ = ~*pa++;
+
+  borrow = bn256_sub_uint (X, X, 37);
+  X->word[0] -= borrow * 38;
+}
+
 /**
 * @brief  X = (A + B) mod 2^256-38
 */
--- a/src/mod25638.h
+++ b/src/mod25638.h
@@ -1,6 +1,6 @@
-extern const bn256 n25638[1];
 extern const bn256 p25519[1];

+void mod25638_neg (bn256 *X, const bn256 *A);
 void mod25638_add (bn256 *X, const bn256 *A, const bn256 *B);
 void mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B);
 void mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B);