crypto/ecpointgrouplaw: support Ed25519

crypto/ecpointgrouplaw/ecpointgrouplaw_test.go

@@ -19,6 +19,7 @@ import (
 	"testing"
 
 	"github.com/btcsuite/btcd/btcec"
+	"github.com/decred/dcrd/dcrec/edwards/v2"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -30,7 +31,7 @@ func TestEllipticcurve(t *testing.T) {
 }
 
 var (
-	curveList = []elliptic.Curve{elliptic.P224(), elliptic.P256(), elliptic.P384(), btcec.S256()}
+	curveList = []elliptic.Curve{elliptic.P224(), elliptic.P256(), elliptic.P384(), btcec.S256(), edwards.Edwards()}
 )
 
 var _ = Describe("Elliptic curves", func() {

crypto/ecpointgrouplaw/point.go

@@ -22,6 +22,7 @@ import (
 	"reflect"
 
 	"github.com/btcsuite/btcd/btcec"
+	"github.com/decred/dcrd/dcrec/edwards"
 )
 
 var (
@@ -103,13 +104,10 @@ func (p *ECPoint) Add(p1 *ECPoint) (*ECPoint, error) {
 		return p.Copy(), nil
 	}
 
-	// The case : aG+(-a)G. Assume that the coordinate of aG = (x,y). Then (-a)G = (x,-y). Then aG + (-a)G = identity = (nil, nil).
-	if p1.x.Cmp(p.x) == 0 {
-		tempNegative := new(big.Int).Neg(p1.y)
-		tempNegative.Mod(tempNegative, p.curve.Params().P)
-		if tempNegative.Cmp(p.y) == 0 {
-			return NewIdentity(p.curve), nil
-		}
+	// The case : aG+(-a)G.
+	minusP1 := p1.Neg()
+	if minusP1.Equal(p) {
+		return NewIdentity(p.curve), nil
 	}
 	// The case : aG + aG = 2aG.
 	if p1.x.Cmp(p.x) == 0 && p1.y.Cmp(p.y) == 0 {
@@ -138,6 +136,17 @@ func (p *ECPoint) Neg() *ECPoint {
 	if p.IsIdentity() {
 		return NewIdentity(p.curve)
 	}
+
+	// TODO: Not compare cofactor terms
+	if isSameCurve(p.curve, edwards.Edwards()) {
+		negativeX := new(big.Int).Neg(p.x)
+		negativeX = negativeX.Mod(negativeX, p.curve.Params().P)
+		return &ECPoint{
+			curve: p.curve,
+			x:     negativeX,
+			y:     new(big.Int).Set(p.y),
+		}
+	}
 	negativeY := new(big.Int).Neg(p.y)
 	negativeY = negativeY.Mod(negativeY, p.curve.Params().P)
 	return &ECPoint{
@@ -233,7 +242,10 @@ func isIdentity(x *big.Int, y *big.Int) bool {
 }
 
 func isSameCurve(curve1 elliptic.Curve, curve2 elliptic.Curve) bool {
-	return reflect.DeepEqual(curve1, curve2)
+	if curve1 == nil || curve2 == nil {
+		return false
+	}
+	return reflect.DeepEqual(curve1.Params(), curve2.Params())
 }
 
 func isOnCurve(curve elliptic.Curve, x, y *big.Int) bool {
@@ -257,6 +269,8 @@ func (c EcPointMessage_Curve) GetEllipticCurve() (elliptic.Curve, error) {
 		return elliptic.P384(), nil
 	case EcPointMessage_S256:
 		return btcec.S256(), nil
+	case EcPointMessage_EDWARD25519:
+		return edwards.Edwards(), nil
 	}
 	return nil, ErrInvalidCurve
 }
@@ -272,5 +286,9 @@ func ToCurve(c elliptic.Curve) (EcPointMessage_Curve, error) {
 	case btcec.S256():
 		return EcPointMessage_S256, nil
 	}
+	// TODO: Rewrite it to be a switch case.
+	if isSameCurve(c, edwards.Edwards()) {
+		return EcPointMessage_EDWARD25519, nil
+	}
 	return 0, ErrInvalidCurve
 }

crypto/ecpointgrouplaw/point.proto

@@ -24,6 +24,7 @@ message EcPointMessage {
     P256 = 1;
     P384 = 2;
     S256 = 3;
+    EDWARD25519 = 4;
   }
   Curve curve = 1;
   bytes x = 2;

crypto/ecpointgrouplaw/point_test.go

@@ -457,7 +457,7 @@ var _ = Describe("Point", func() {
 			})
 
 			It("ToPoint()", func() {
-				const UnSupportedEcPointMessage EcPointMessage_Curve = 4
+				const UnSupportedEcPointMessage EcPointMessage_Curve = 100
 				msg := &EcPointMessage{
 					Curve: UnSupportedEcPointMessage,
 				}