diff --git a/src/P434/P434_compressed.c b/src/P434/P434_compressed.c index cf894a5..3c84740 100644 --- a/src/P434/P434_compressed.c +++ b/src/P434/P434_compressed.c @@ -201,9 +201,6 @@ const unsigned int ph3_path[PLEN_3] = { const uint64_t u_entang[2*NWORDS64_FIELD] = { 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xE858,0x0,0x0,0x721FE809F8000000,0xB00349F6AB3F59A9,0xD264A8A8BEEE8219,0x1D9DD4F7A5DB5}; -const uint64_t u0_entang[2*NWORDS64_FIELD] = { -0x742C,0x0,0x0,0xB90FF404FC000000,0xD801A4FB559FACD4,0xE93254545F77410C,0xECEEA7BD2EDA,0x742C,0x0,0x0,0xB90FF404FC000000,0xD801A4FB559FACD4,0xE93254545F77410C,0xECEEA7BD2EDA}; - // Elligator constant U = min{u0+k} for k=1,2... such that u0+k is a square in F_p^2 for generating 3^n torsion bases const uint64_t U3[2*NWORDS64_FIELD] = {0xE858,0x0,0x0,0x721FE809F8000000,0xB00349F6AB3F59A9,0xD264A8A8BEEE8219,0x1D9DD4F7A5DB5,0x742C,0x0,0x0,0xB90FF404FC000000,0xD801A4FB559FACD4,0xE93254545F77410C,0xECEEA7BD2EDA}; diff --git a/src/P503/P503_compressed.c b/src/P503/P503_compressed.c index 85dda42..d3611e2 100644 --- a/src/P503/P503_compressed.c +++ b/src/P503/P503_compressed.c @@ -206,10 +206,6 @@ const unsigned int ph3_path[PLEN_3] = { const uint64_t u_entang[2 * NWORDS64_FIELD] = { 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x7F3,0x0,0x0,0xBC00000000000000,0xB48DD9032BABBDC8,0x87354452517EE94B,0xB55528D05AECDDB4,0xD90684A9D9488 }; -const uint64_t u0_entang[2 * NWORDS64_FIELD] = { -0x3F9,0x0,0x0,0xB400000000000000,0x63CB1A6EA6DED2B4,0x51689D8D667EB37D,0x8ACD77C71AB24142,0x26FBAEC60F5953,0x3F9,0x0,0x0,0xB400000000000000, -0x63CB1A6EA6DED2B4,0x51689D8D667EB37D,0x8ACD77C71AB24142,0x26FBAEC60F5953 }; - // Elligator constant U = min{u0+k} for k=1,2... such that u0+k is a square in F_p^2 for generating 3^n torsion bases const uint64_t U3[2*NWORDS64_FIELD] = {0x7F3,0x0,0x0,0xBC00000000000000,0xB48DD9032BABBDC8,0x87354452517EE94B,0xB55528D05AECDDB4,0xD90684A9D9488,0x3F9,0x0,0x0,0xB400000000000000,0x63CB1A6EA6DED2B4,0x51689D8D667EB37D,0x8ACD77C71AB24142,0x26FBAEC60F5953}; diff --git a/src/P610/P610_compressed.c b/src/P610/P610_compressed.c index 20bafb8..e07b35f 100644 --- a/src/P610/P610_compressed.c +++ b/src/P610/P610_compressed.c @@ -195,10 +195,6 @@ const unsigned int ph3_path[PLEN_3] = { const uint64_t u_entang[2*NWORDS64_FIELD] = { 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xCE1991CC,0x0,0x0,0x0,0x3468000000000000,0x9B33857A50E2F47F,0x149430734647A838,0xA56C442BA0D5A3C4,0x26D204DD0C595E7B,0x21129D2C8}; -const uint64_t u0_entang[2*NWORDS64_FIELD] = { -0x670CC8E6,0x0,0x0,0x0,0x9A34000000000000,0x4D99C2BD28717A3F,0xA4A1839A323D41C,0xD2B62215D06AD1E2,0x1369026E862CAF3D,0x10894E964,0x670CC8E6,0x0,0x0,0x0,0x9A34000000000000, -0x4D99C2BD28717A3F,0xA4A1839A323D41C,0xD2B62215D06AD1E2,0x1369026E862CAF3D,0x10894E964}; - // Elligator constant U = min{u0+k} for k=1,2... such that u0+k is a square in F_p^2 for generating 3^n torsion bases const uint64_t U3[2*NWORDS64_FIELD] = {0x2033FEC80,0x0,0x0,0x0,0x2700000000000000,0x211031E0758202E1,0xFDA2FA9626933136,0xB8E34478F08DCF14,0x5DECEAA3FB0FBB1B,0x32FB4023,0x670CC8E6,0x0,0x0,0x0,0x9A34000000000000,0x4D99C2BD28717A3F,0xA4A1839A323D41C,0xD2B62215D06AD1E2,0x1369026E862CAF3D,0x10894E964}; diff --git a/src/P751/P751_compressed.c b/src/P751/P751_compressed.c index a735aec..a3ef462 100644 --- a/src/P751/P751_compressed.c +++ b/src/P751/P751_compressed.c @@ -211,12 +211,6 @@ const uint64_t u_entang[2*NWORDS64_FIELD] = { 0x000000000004935a, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0620000000000000, 0xaa4f63c86eb8d8cd, 0xd2ef2f7e7e9e49a0, 0x913b6f6558b89c5c, 0x99496873a40ed2ad, 0x21ef24d8ea258fd2, 0x00005ab64979cbc4}; -const uint64_t u0_entang[2*NWORDS64_FIELD] = { -0x00000000000249ad, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x8310000000000000, -0x5527b1e4375c6c66, 0x697797bf3f4f24d0, 0xc89db7b2ac5c4e2e, 0x4ca4b439d2076956, 0x10f7926c7512c7e9, 0x00002d5b24bce5e2, -0x00000000000249ad, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x8310000000000000, -0x5527b1e4375c6c66, 0x697797bf3f4f24d0, 0xc89db7b2ac5c4e2e, 0x4ca4b439d2076956, 0x10f7926c7512c7e9, 0x00002d5b24bce5e2}; - // Elligator constant U = min{u0+k} for k=1,2... such that u0+k is a square in F_p^2 for generating 3^n torsion bases const uint64_t U3[2*NWORDS64_FIELD] = {0x926B5,0x0,0x0,0x0,0x0,0x1D90000000000000,0x70B2310B937938F1,0xCB48C3E2E944C6CA,0x1A284662DA855042,0xAD301BE2EB6B4E13,0x35CBB9123C90433E,0x4586BDB1A06C,0x249AD,0x0,0x0,0x0,0x0,0x8310000000000000,0x5527B1E4375C6C66,0x697797BF3F4F24D0,0xC89DB7B2AC5C4E2E,0x4CA4B439D2076956,0x10F7926C7512C7E9,0x2D5B24BCE5E2}; diff --git a/src/compression/dlog.c b/src/compression/dlog.c index 6d9036e..b893d55 100644 --- a/src/compression/dlog.c +++ b/src/compression/dlog.c @@ -131,14 +131,14 @@ int ord2w_dlog(const felm_t *r, const int *logT, const felm_t *Texp) } return 0; } - +#include // Input: h =[x,y] = rho^D in G_{ell=2,w} generated by rho, i.e., |h| <= 2^w // Output: The signed digit D in {-ell^(w-1), ..., ell^(w-1)} int ord2w_dloghyb(const felm_t *h, const int *logT, const felm_t *Texp, const felm_t *G) { int k = 0, d = 0, index = 0, ord = 0, tmp = 0, w = W_2, w2 = w - W_2_1, i_j = 0, t; uint8_t inv = 0, flag = 0; - f2elm_t H[W_2_1] = {0}; // Size of H should be max of {W_2_1, W_2 - W_2_1} + f2elm_t H[W_2_1+1] = {0}; // Size of H should be max of {W_2_1+1, W_2 - W_2_1} felm_t one = {0}; fpcopy((digit_t*)&Montgomery_one, one); diff --git a/src/compression/torsion_basis.c b/src/compression/torsion_basis.c index 8be392c..f1e391d 100644 --- a/src/compression/torsion_basis.c +++ b/src/compression/torsion_basis.c @@ -449,7 +449,7 @@ static void BuildOrdinary2nBasis_dual(const f2elm_t A, const f2elm_t Ds[][2], po unsigned int i; felm_t t0; f2elm_t A6 = {0}; - point_proj_t xs[3] = {0}; + point_proj_t xs[3] = {0}; // Generate x-only entangled basis BuildEntangledXonly(A, xs, qnr, ind); @@ -470,7 +470,7 @@ static void BuildOrdinary2nBasis_dual(const f2elm_t A, const f2elm_t Ds[][2], po fpadd(t0, t0, A6[0]); fpadd(A6[0], t0, A6[0]); - CompleteMPoint(A6, xs[0], Rs[0]); + CompleteMPoint(A6, xs[0]->X, xs[0]->Z, Rs[0]); RecoverY(A6, xs, Rs); } diff --git a/src/ec_isogeny.c b/src/ec_isogeny.c index d2dc767..b373fc5 100644 --- a/src/ec_isogeny.c +++ b/src/ec_isogeny.c @@ -424,25 +424,25 @@ static void CompletePoint(const point_proj_t P, point_full_proj_t R) } -void CompleteMPoint(const f2elm_t A, point_proj_t P, point_full_proj_t R) +void CompleteMPoint(const f2elm_t A, const f2elm_t PX, const f2elm_t PZ, point_full_proj_t R) { // Given an xz-only representation on a montgomery curve, compute its affine representation f2elm_t zero = {0}, one = {0}, xz, yz, s2, r2, invz, temp0, temp1; fpcopy((digit_t*)&Montgomery_one, one[0]); - if (memcmp(P->Z[0], zero, NBITS_TO_NBYTES(NBITS_FIELD)) != 0 || memcmp(P->Z[1], zero, NBITS_TO_NBYTES(NBITS_FIELD)) != 0) { - fp2mul_mont(P->X, P->Z, xz); // xz = x*z; - fpsub(P->X[0], P->Z[1], temp0[0]); - fpadd(P->X[1], P->Z[0], temp0[1]); - fpadd(P->X[0], P->Z[1], temp1[0]); - fpsub(P->X[1], P->Z[0], temp1[1]); + if (memcmp(PZ[0], zero, NBITS_TO_NBYTES(NBITS_FIELD)) != 0 || memcmp(PZ[1], zero, NBITS_TO_NBYTES(NBITS_FIELD)) != 0) { + fp2mul_mont(PX, PZ, xz); // xz = x*z; + fpsub(PX[0], PZ[1], temp0[0]); + fpadd(PX[1], PZ[0], temp0[1]); + fpadd(PX[0], PZ[1], temp1[0]); + fpsub(PX[1], PZ[0], temp1[1]); fp2mul_mont(temp0, temp1, s2); // s2 = (x + i*z)*(x - i*z); fp2mul_mont(A, xz, temp0); fp2add(temp0, s2, temp1); fp2mul_mont(xz, temp1, r2); // r2 = xz*(A*xz + s2); sqrt_Fp2(r2, yz); - fp2copy(P->Z, invz); + fp2copy(PZ, invz); fp2inv_mont_bingcd(invz); - fp2mul_mont(P->X, invz, R->X); + fp2mul_mont(PX, invz, R->X); fp2sqr_mont(invz, temp0); fp2mul_mont(yz, temp0, R->Y); // R = EM![x*invz, yz*invz^2]; fp2copy(one, R->Z); diff --git a/src/fpx.c b/src/fpx.c index 49a170d..ee43591 100644 --- a/src/fpx.c +++ b/src/fpx.c @@ -1482,7 +1482,7 @@ void recover_os(const f2elm_t X1, const f2elm_t Z1, const f2elm_t X2, const f2el int mod(int a, unsigned int b) { - unsigned int r; + int r; if (b == 0) return 0; // avoid invalid operation r = a % b; while (r < 0) r += b;