Adding some helper functions.

cloudflare · Jul 24, 2020 · d4fc865 · d4fc865
1 parent 6173c83
commit d4fc865
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 31 deletions.
diff --git a/ecc/goldilocks/curve.go b/ecc/goldilocks/curve.go
@@ -14,28 +14,6 @@ func (Curve) Identity() *Point {
 	}
 }
 
-// IsOnCurve returns true if the point lies on the curve.
-func (Curve) IsOnCurve(P *Point) bool {
-	x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
-	rhs, lhs := &fp.Elt{}, &fp.Elt{}
-	fp.Mul(t, &P.ta, &P.tb)  // t = ta*tb
-	fp.Sqr(x2, &P.x)         // x^2
-	fp.Sqr(y2, &P.y)         // y^2
-	fp.Sqr(z2, &P.z)         // z^2
-	fp.Sqr(t2, t)            // t^2
-	fp.Add(lhs, x2, y2)      // x^2 + y^2
-	fp.Mul(rhs, t2, &paramD) // dt^2
-	fp.Add(rhs, rhs, z2)     // z^2 + dt^2
-	fp.Sub(lhs, lhs, rhs)    // x^2 + y^2 - (z^2 + dt^2)
-	eq0 := fp.IsZero(lhs)
-
-	fp.Mul(lhs, &P.x, &P.y) // xy
-	fp.Mul(rhs, t, &P.z)    // tz
-	fp.Sub(lhs, lhs, rhs)   // xy - tz
-	eq1 := fp.IsZero(lhs)
-	return eq0 && eq1
-}
-
 // Generator returns the generator point.
 func (Curve) Generator() *Point {
 	return &Point{
@@ -47,6 +25,9 @@ func (Curve) Generator() *Point {
 	}
 }
 
+// IsOnCurve returns true if the point lies on the curve.
+func (Curve) IsOnCurve(P *Point) bool { return isOnCurve(&P.x, &P.y, &P.ta, &P.tb, &P.z, false) }
+
 // Order returns the number of points in the prime subgroup.
 func (Curve) Order() Scalar { return order }
 

diff --git a/ecc/goldilocks/decaf.go b/ecc/goldilocks/decaf.go
@@ -12,7 +12,7 @@ type Elt struct{ p twistPoint }
 func (e Elt) String() string { return e.p.String() }
 
 // IsValid is
-func (d Decaf) IsValid(a *Elt) bool { return false /*d.c.IsOnCurve(a.p) */ }
+func (d Decaf) IsValid(a *Elt) bool { return d.c.IsOnCurve(&a.p) }
 
 // IsIdentity is
 func (d Decaf) IsIdentity(a *Elt) bool { return fp.IsZero(&a.p.x) }
@@ -27,16 +27,16 @@ func (d Decaf) Generator() *Elt { return &Elt{*d.c.pull(Curve{}.Generator())} }
 func (d Decaf) Order() Scalar { return order }
 
 // Add is
-func (d Decaf) Add(a, b *Elt) *Elt { R := a.p; R.Add(&b.p); return &Elt{R} }
+func (d Decaf) Add(c, a, b *Elt) { c.p = a.p; c.p.Add(&b.p) }
 
 // Neg is
-func (d Decaf) Neg(a *Elt) *Elt { R := a.p; R.cneg(1); return &Elt{R} }
+func (d Decaf) Neg(c, a *Elt) { c.p = a.p; c.p.cneg(1) }
 
 // Mul is
-func (d Decaf) Mul(a *Elt, n *Scalar) *Elt { return &Elt{*d.c.ScalarMult(n, &a.p)} }
+func (d Decaf) Mul(c *Elt, n *Scalar, a *Elt) { c.p = *d.c.ScalarMult(n, &a.p) }
 
 // MulGen is
-func (d Decaf) MulGen(n *Scalar) *Elt { return &Elt{*d.c.ScalarBaseMult(n)} }
+func (d Decaf) MulGen(c *Elt, n *Scalar) { c.p = *d.c.ScalarBaseMult(n) }
 
 // AreEqual is
 func (d Decaf) AreEqual(a, b *Elt) bool {

diff --git a/ecc/goldilocks/decaf_test.go b/ecc/goldilocks/decaf_test.go
@@ -1,15 +1,17 @@
-package goldilocks
+package goldilocks_test
 
 import (
+	"crypto/rand"
 	"encoding/hex"
 	"fmt"
 	"testing"
 
+	"github.com/cloudflare/circl/ecc/goldilocks"
 	"github.com/cloudflare/circl/internal/test"
 )
 
 func TestDecafDevel(t *testing.T) {
-	var d Decaf
+	var d goldilocks.Decaf
 	G := d.Generator()
 	fmt.Printf("G: %v\n%v\n\n", G, hex.EncodeToString(G.Marshal()))
 
@@ -27,7 +29,7 @@ func TestDecafDevel(t *testing.T) {
 			fmt.Printf("%v\n", decP)
 			test.ReportError(t, got, want, i)
 		}
-		Q = d.Add(Q, G)
+		d.Add(Q, Q, G)
 	}
 	// fmt.Printf("2GE: %v\n%v\n\n", GE, enc(GE))
 
@@ -47,9 +49,29 @@ func TestDecafDevel(t *testing.T) {
 }
 
 func BenchmarkDecaf(b *testing.B) {
-	var d Decaf
+	var d goldilocks.Decaf
+	var k, l goldilocks.Scalar
+	_, _ = rand.Read(k[:])
+	_, _ = rand.Read(l[:])
 	G := d.Generator()
+	P := d.Generator()
 	enc := G.Marshal()
+
+	b.Run("Add", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			d.Add(P, P, G)
+		}
+	})
+	b.Run("Mul", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			d.Mul(G, &k, G)
+		}
+	})
+	b.Run("MulGen", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			d.MulGen(P, &k)
+		}
+	})
 	b.Run("Marshal", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			G.Marshal()

diff --git a/ecc/goldilocks/twist.go b/ecc/goldilocks/twist.go
@@ -20,6 +20,37 @@ func (twistCurve) Identity() *twistPoint {
 	}
 }
 
+func isOnCurve(x, y, ta, tb, z *fp.Elt, isOnTwist bool) bool {
+	x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
+	rhs, lhs := &fp.Elt{}, &fp.Elt{}
+	fp.Mul(t, ta, tb) // t = ta*tb
+	fp.Sqr(x2, x)     // x^2
+	fp.Sqr(y2, y)     // y^2
+	fp.Sqr(z2, z)     // z^2
+	fp.Sqr(t2, t)     // t^2
+	if isOnTwist {
+		fp.Sub(lhs, y2, x2)           // ax^2 + y^2
+		fp.Mul(rhs, t2, &paramDTwist) // dt^2
+	} else {
+		fp.Add(lhs, y2, x2)      // ax^2 + y^2
+		fp.Mul(rhs, t2, &paramD) // dt^2
+	}
+	fp.Add(rhs, rhs, z2)  // z^2 + dt^2
+	fp.Sub(lhs, lhs, rhs) // ax^2 + y^2 - (z^2 + dt^2)
+	eq0 := fp.IsZero(lhs)
+
+	fp.Mul(lhs, x, y)     // xy
+	fp.Mul(rhs, t, z)     // tz
+	fp.Sub(lhs, lhs, rhs) // xy - tz
+	eq1 := fp.IsZero(lhs)
+	return eq0 && eq1
+}
+
+// IsOnCurve returns true if the point lies on the curve.
+func (twistCurve) IsOnCurve(P *twistPoint) bool {
+	return isOnCurve(&P.x, &P.y, &P.ta, &P.tb, &P.z, true)
+}
+
 // subYDiv16 update x = (x - y) / 16.
 func subYDiv16(x *scalar64, y int64) {
 	s := uint64(y >> 63)