82 lines
2.2 KiB
Go
82 lines
2.2 KiB
Go
package edwards25519
|
|
|
|
// UnsafeVarTimeScalarMult sets v = x * q, and returns v., and returns v. Execution time depends on the inputs.
|
|
// Deprecated: Unsafe for private operations
|
|
func (v *Point) UnsafeVarTimeScalarMult(x *Scalar, q *Point) *Point {
|
|
checkInitialized(q)
|
|
|
|
// Build lookup table for point q
|
|
var table nafLookupTable5
|
|
table.FromP3(q)
|
|
// Compute a NAF for scalar x
|
|
naf := x.nonAdjacentForm(5)
|
|
|
|
multiple := &projCached{}
|
|
tmp1 := &projP1xP1{}
|
|
tmp2 := &projP2{}
|
|
tmp2.Zero()
|
|
|
|
// Move from high to low bits, doubling the accumulator
|
|
// at each iteration and checking whether there is a nonzero
|
|
// coefficient to look up a multiple of.
|
|
//
|
|
// Skip trying to find the first nonzero coefficent, because
|
|
// searching might be more work than a few extra doublings.
|
|
for i := 255; i >= 0; i-- {
|
|
tmp1.Double(tmp2)
|
|
if naf[i] > 0 {
|
|
v.fromP1xP1(tmp1)
|
|
table.SelectInto(multiple, naf[i])
|
|
tmp1.Add(v, multiple)
|
|
} else if naf[i] < 0 {
|
|
v.fromP1xP1(tmp1)
|
|
table.SelectInto(multiple, -naf[i])
|
|
tmp1.Sub(v, multiple)
|
|
}
|
|
|
|
tmp2.FromP1xP1(tmp1)
|
|
}
|
|
|
|
v.fromP2(tmp2)
|
|
return v
|
|
}
|
|
|
|
// UnsafeVarTimeScalarBaseMult sets v = x * B, where B is the canonical generator, and returns v. Execution time depends on the inputs.
|
|
// Deprecated: Unsafe for private operations
|
|
// This is not faster than ScalarBaseMult
|
|
func (v *Point) UnsafeVarTimeScalarBaseMult(x *Scalar) *Point {
|
|
basepointNafTable := basepointNafTable()
|
|
// Because the basepoint is fixed, we can use a wider NAF
|
|
// corresponding to a bigger table.
|
|
naf := x.nonAdjacentForm(8)
|
|
|
|
multiple := &affineCached{}
|
|
tmp1 := &projP1xP1{}
|
|
tmp2 := &projP2{}
|
|
tmp2.Zero()
|
|
|
|
// Move from high to low bits, doubling the accumulator
|
|
// at each iteration and checking whether there is a nonzero
|
|
// coefficient to look up a multiple of.
|
|
//
|
|
// Skip trying to find the first nonzero coefficent, because
|
|
// searching might be more work than a few extra doublings.
|
|
for i := 255; i >= 0; i-- {
|
|
tmp1.Double(tmp2)
|
|
if naf[i] > 0 {
|
|
v.fromP1xP1(tmp1)
|
|
basepointNafTable.SelectInto(multiple, naf[i])
|
|
tmp1.AddAffine(v, multiple)
|
|
} else if naf[i] < 0 {
|
|
v.fromP1xP1(tmp1)
|
|
basepointNafTable.SelectInto(multiple, -naf[i])
|
|
tmp1.SubAffine(v, multiple)
|
|
}
|
|
|
|
tmp2.FromP1xP1(tmp1)
|
|
}
|
|
|
|
v.fromP2(tmp2)
|
|
return v
|
|
}
|