From 856a0970ef2877a34a0d3ee7c92babfe480a3c25 Mon Sep 17 00:00:00 2001 From: "Diego F. Aranha" Date: Sat, 30 Mar 2024 20:54:03 +0100 Subject: [PATCH] Refactor API for RHS. --- bench/bench_eb.c | 2 +- bench/bench_ed.c | 2 +- include/relic_eb.h | 8 ++--- include/relic_ed.h | 8 ++--- src/eb/relic_eb_map.c | 2 +- src/eb/relic_eb_pck.c | 2 +- src/eb/relic_eb_util.c | 8 ++--- src/ed/relic_ed_util.c | 73 +++++++++++++++++------------------------- 8 files changed, 45 insertions(+), 60 deletions(-) diff --git a/bench/bench_eb.c b/bench/bench_eb.c index 1bd9d94d3..c6b4b945f 100644 --- a/bench/bench_eb.c +++ b/bench/bench_eb.c @@ -116,7 +116,7 @@ static void util(void) { BENCH_RUN("eb_rhs") { eb_rand(p); - BENCH_ADD(eb_rhs(q->x, p)); + BENCH_ADD(eb_rhs(q->x, p->x)); } BENCH_END; BENCH_RUN("eb_tab (4)") { diff --git a/bench/bench_ed.c b/bench/bench_ed.c index f2db37565..8f1f5f939 100644 --- a/bench/bench_ed.c +++ b/bench/bench_ed.c @@ -116,7 +116,7 @@ static void util(void) { BENCH_RUN("ed_rhs") { ed_rand(p); - BENCH_ADD(ed_rhs(q->x, p)); + BENCH_ADD(ed_rhs(q->x, p->x)); } BENCH_END; BENCH_RUN("ed_tab (4)") { diff --git a/include/relic_eb.h b/include/relic_eb.h index 8fbd928b0..1a5da9899 100644 --- a/include/relic_eb.h +++ b/include/relic_eb.h @@ -511,13 +511,13 @@ void eb_rand(eb_t p); void eb_blind(eb_t r, const eb_t p); /** - * Computes the right-hand side of the elliptic curve equation at a certain - * elliptic curve point. + * Computes the right-hand side of the elliptic curve equation at the + * x-coordinate of a certain binary elliptic curve point. * * @param[out] rhs - the result. - * @param[in] p - the point. + * @param[in] x - the x-coordinate of the point. */ -void eb_rhs(fb_t rhs, const eb_t p); +void eb_rhs(fb_t rhs, const fb_t p); /** Tests if a point is in the curve. * diff --git a/include/relic_ed.h b/include/relic_ed.h index abc888f3f..b30d196fe 100644 --- a/include/relic_ed.h +++ b/include/relic_ed.h @@ -321,13 +321,13 @@ void ed_rand(ed_t p); void ed_blind(ed_t r, const ed_t p); /** - * Computes the right-hand side of the elliptic curve equation at a certain - * Edwards elliptic curve point. + * Computes the right-hand side of the elliptic curve equation at the + * x-coordinate of a certain Edwards elliptic curve point. * * @param[out] rhs - the result. - * @param[in] p - the point. + * @param[in] x - the x-coordinate of the point. */ -void ed_rhs(fp_t rhs, const ed_t p); +void ed_rhs(fp_t rhs, const fp_t p); /** * Copies the second argument to the first argument. diff --git a/src/eb/relic_eb_map.c b/src/eb/relic_eb_map.c index bbc61810f..2f87783ae 100644 --- a/src/eb/relic_eb_map.c +++ b/src/eb/relic_eb_map.c @@ -58,7 +58,7 @@ void eb_map(eb_t p, const uint8_t *msg, size_t len) { while (1) { dv_copy(p->x, k->dp, RLC_FB_DIGS); - eb_rhs(t1, p); + eb_rhs(t1, p->x); /* t0 = 1/x1^2. */ fb_sqr(t0, p->x); diff --git a/src/eb/relic_eb_pck.c b/src/eb/relic_eb_pck.c index 3766a2a2a..b012e47e3 100644 --- a/src/eb/relic_eb_pck.c +++ b/src/eb/relic_eb_pck.c @@ -63,7 +63,7 @@ int eb_upk(eb_t r, const eb_t p) { fb_new(t0); fb_new(t1); - eb_rhs(t1, p); + eb_rhs(t1, p->x); fb_sqr(t0, p->x); /* t0 = 1/x1^2. */ diff --git a/src/eb/relic_eb_util.c b/src/eb/relic_eb_util.c index fc44b7096..92316d739 100644 --- a/src/eb/relic_eb_util.c +++ b/src/eb/relic_eb_util.c @@ -78,7 +78,7 @@ void eb_rand(eb_t p) { } } -void eb_rhs(fb_t rhs, const eb_t p) { +void eb_rhs(fb_t rhs, const fb_t x) { fb_t t0, t1; fb_null(t0); @@ -89,9 +89,9 @@ void eb_rhs(fb_t rhs, const eb_t p) { fb_new(t1); /* t0 = x1^2. */ - fb_sqr(t0, p->x); + fb_sqr(t0, x); /* t1 = x1^3. */ - fb_mul(t1, t0, p->x); + fb_mul(t1, t0, x); /* t1 = x1^3 + a * x1^2 + b. */ switch (eb_curve_opt_a()) { @@ -171,7 +171,7 @@ int eb_on_curve(const eb_t p) { eb_norm(t, p); fb_mul(lhs, t->x, t->y); - eb_rhs(t->x, t); + eb_rhs(t->x, t->x); fb_sqr(t->y, t->y); fb_add(lhs, lhs, t->y); r = (fb_cmp(lhs, t->x) == RLC_EQ) || eb_is_infty(p); diff --git a/src/ed/relic_ed_util.c b/src/ed/relic_ed_util.c index 8602a16bd..698780ac5 100644 --- a/src/ed/relic_ed_util.c +++ b/src/ed/relic_ed_util.c @@ -128,61 +128,46 @@ void ed_blind(ed_t r, const ed_t p) { } } -void ed_rhs(fp_t rhs, const ed_t p) { - fp_t t0, t1; - - fp_null(t0); - fp_null(t1); - - RLC_TRY { - fp_new(t0); - fp_new(t1); - - // 1 = a * X^2 + Y^2 - d * X^2 * Y^2 - fp_sqr(t0, p->x); - fp_mul(t0, t0, core_get()->ed_a); - fp_sqr(t1, p->y); - fp_add(t1, t1, t0); - fp_mul(t0, p->x, p->y); - fp_sqr(t0, t0); - fp_mul(t0, t0, core_get()->ed_d); - fp_sub(rhs, t1, t0); - } RLC_CATCH_ANY { - RLC_THROW(ERR_CAUGHT); - } RLC_FINALLY { - fp_free(t0); - fp_free(t1); - } +void ed_rhs(fp_t rhs, const fp_t x) { + /* y^2 * (d * x^2 - 1) = 1a * x^2 - 1. */ + fp_sqr(rhs, x); + fp_mul(rhs, rhs, core_get()->ed_a); + fp_sub_dig(rhs, rhs, 1); } int ed_on_curve(const ed_t p) { ed_t t; - int r = 0; + int r = 1; ed_null(t); if (fp_is_zero(p->z)) { - r = 0; - } else { - RLC_TRY { - ed_new(t); - ed_norm(t, p); + return 0; + } + + RLC_TRY { + ed_new(t); + ed_norm(t, p); - ed_rhs(t->z, t); + /* Compute y^2 * (d * x^2 - 1) */ #if ED_ADD == EXTND - fp_mul(t->y, t->x, t->y); - r = ((fp_cmp_dig(t->z, 1) == RLC_EQ) && - (fp_cmp(t->y, t->t) == RLC_EQ)) || ed_is_infty(p); -#else - r = (fp_cmp_dig(t->z, 1) == RLC_EQ) || ed_is_infty(p); + fp_mul(t->z, t->x, t->y); + r &= (fp_cmp(t->z, t->t) == RLC_EQ); #endif - } - RLC_CATCH_ANY { - RLC_THROW(ERR_CAUGHT); - } - RLC_FINALLY { - ed_free(t); - } + fp_sqr(t->z, t->y); + fp_sqr(t->t, t->x); + fp_mul(t->t, t->t, core_get()->ed_d); + fp_sub_dig(t->t, t->t, 1); + fp_mul(t->t, t->t, t->z); + ed_rhs(t->z, t->x); + r &= (fp_cmp(t->t, t->z) == RLC_EQ); + r |= ed_is_infty(p); + } + RLC_CATCH_ANY { + RLC_THROW(ERR_CAUGHT); + } + RLC_FINALLY { + ed_free(t); } return r; }