Accueil Explorer Aide
Connexion
byuu
/
higan
miroir de https://github.com/byuu/higan
Suivre 2
Voter 0
Fork 0
Fichiers Tickets 0 Wiki
Branche: master
Branches Tags
higan
/
nall
/
elliptic-curve
/
modulo25519-reference.hpp

modulo25519-reference.hpp 2.4 KB
Lien permanent Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. #pragma once
    2. 

  2. 

  3. //warning: this implementation leaks side-channel information
    4. 

  4. //use modulo25519-optimized.hpp in production
    5. 

  5. 

  6. #include <nall/arithmetic/barrett.hpp>
    7. 

  7. 

  8. namespace nall::EllipticCurve {
    9. 

  9. 

  10. static const uint256_t P = (1_u256 << 255) - 19;
    11. 

  11. 

  12. struct Modulo25519 {
    13. 

  13.   Modulo25519() = default;
    14. 

  14.   Modulo25519(const Modulo25519& source) : value(source.value) {}
    15. 

  15.   template<typename T> Modulo25519(const T& value) : value(value) {}
    16. 

  16.   explicit operator bool() const { return (bool)value; }
    17. 

  17.   auto operator()() const -> uint256_t { return value; }
    18. 

  18. 

  19. private:
    20. 

  20.   uint256_t value;
    21. 

  21. };
    22. 

  22. 

  23. inline auto operator-(const Modulo25519& lhs) -> Modulo25519 {
    24. 

  24.   return P - lhs();
    25. 

  25. }
    26. 

  26. 

  27. inline auto operator+(const Modulo25519& lhs, const Modulo25519& rhs) -> Modulo25519 {
    28. 

  28.   uint512_t value = (uint512_t)lhs() + rhs();
    29. 

  29.   if(value >= P) value -= P;
    30. 

  30.   return value;
    31. 

  31. }
    32. 

  32. 

  33. inline auto operator-(const Modulo25519& lhs, const Modulo25519& rhs) -> Modulo25519 {
    34. 

  34.   uint512_t value = (uint512_t)lhs();
    35. 

  35.   if(value < rhs()) value += P;
    36. 

  36.   return uint256_t(value - rhs());
    37. 

  37. }
    38. 

  38. 

  39. inline auto operator*(const Modulo25519& lhs, const Modulo25519& rhs) -> Modulo25519 {
    40. 

  40.   static const BarrettReduction<256> P{EllipticCurve::P};
    41. 

  41.   uint256_t hi, lo;
    42. 

  42.   mul(lhs(), rhs(), hi, lo);
    43. 

  43.   return uint512_t{hi, lo} % P;
    44. 

  44. }
    45. 

  45. 

  46. inline auto operator&(const Modulo25519& lhs, uint256_t rhs) -> uint256_t {
    47. 

  47.   return lhs() & rhs;
    48. 

  48. }
    49. 

  49. 

  50. inline auto square(const Modulo25519& lhs) -> Modulo25519 {
    51. 

  51.   static const BarrettReduction<256> P{EllipticCurve::P};
    52. 

  52.   uint256_t hi, lo;
    53. 

  53.   square(lhs(), hi, lo);
    54. 

  54.   return uint512_t{hi, lo} % P;
    55. 

  55. }
    56. 

  56. 

  57. inline auto exponentiate(const Modulo25519& lhs, uint256_t exponent) -> Modulo25519 {
    58. 

  58.   if(exponent == 0) return 1;
    59. 

  59.   Modulo25519 value = square(exponentiate(lhs, exponent >> 1));
    60. 

  60.   if(exponent & 1) value = value * lhs;
    61. 

  61.   return value;
    62. 

  62. }
    63. 

  63. 

  64. inline auto reciprocal(const Modulo25519& lhs) -> Modulo25519 {
    65. 

  65.   return exponentiate(lhs, P - 2);
    66. 

  66. }
    67. 

  67. 

  68. inline auto squareRoot(const Modulo25519& lhs) -> Modulo25519 {
    69. 

  69.   static const Modulo25519 I = exponentiate(Modulo25519(2), P - 1 >> 2);  //I = sqrt(-1)
    70. 

  70.   Modulo25519 value = exponentiate(lhs, P + 3 >> 3);
    71. 

  71.   if(square(value) - lhs) value = value * I;
    72. 

  72.   if(value & 1) value = -value;
    73. 

  73.   return value;
    74. 

  74. }
    75. 

  75. 

  76. inline auto cmove(bool condition, Modulo25519& lhs, const Modulo25519& rhs) -> void {
    77. 

  77.   if(condition) lhs = rhs;
    78. 

  78. }
    79. 

  79. 

  80. inline auto cswap(bool condition, Modulo25519& lhs, Modulo25519& rhs) -> void {
    81. 

  81.   if(condition) swap(lhs, rhs);
    82. 

  82. }
    83. 

  83. 

  84. }
    85. 

  85.