ec suite_b: De-duplicate to_mont.
This commit is contained in:
Brian Smith
parent
c89b5c6e28
commit
317a062bf4
@ -115,7 +115,7 @@ pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps {
|
||||
q_minus_n: Elem::from_hex("%(q_minus_n)x"),
|
||||
|
||||
// TODO: Use an optimized variable-time implementation.
|
||||
scalar_inv_to_mont_vartime: p%(bits)s_scalar_inv_to_mont,
|
||||
scalar_inv_to_mont_vartime: |s| PRIVATE_SCALAR_OPS.scalar_inv_to_mont(s),
|
||||
};
|
||||
|
||||
pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
|
||||
@ -125,7 +125,7 @@ pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
|
||||
scalar_inv_to_mont: p%(bits)s_scalar_inv_to_mont,
|
||||
};
|
||||
|
||||
fn p%(bits)s_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
fn p%(bits)s_scalar_inv_to_mont(a: Scalar<R>) -> Scalar<R> {
|
||||
// Calculate the modular inverse of scalar |a| using Fermat's Little
|
||||
// Theorem:
|
||||
//
|
||||
@ -166,22 +166,13 @@ fn p%(bits)s_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
binary_op_assign(p%(bits)d_scalar_mul_mont, acc, b)
|
||||
}
|
||||
|
||||
fn to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
static N_RR: Scalar<Unencoded> = Scalar {
|
||||
limbs: PRIVATE_SCALAR_OPS.oneRR_mod_n.limbs,
|
||||
m: PhantomData,
|
||||
encoding: PhantomData,
|
||||
};
|
||||
binary_op(p%(bits)s_scalar_mul_mont, a, &N_RR)
|
||||
}
|
||||
|
||||
// Indexes into `d`.
|
||||
const B_1: usize = 0;
|
||||
todo!();
|
||||
const DIGIT_COUNT: usize = todo!();
|
||||
|
||||
let mut d = [Scalar::zero(); DIGIT_COUNT];
|
||||
d[B_1] = to_mont(a);
|
||||
d[B_1] = a;
|
||||
let b_10 = sqr(&d[B_1]);
|
||||
for i in B_11..DIGIT_COUNT {
|
||||
d[i] = mul(&d[i - 1], &b_10);
|
||||
|
||||
@ -319,7 +319,7 @@ pub struct PrivateScalarOps {
|
||||
pub scalar_ops: &'static ScalarOps,
|
||||
|
||||
oneRR_mod_n: Scalar<RR>, // 1 * R**2 (mod n). TOOD: Use One<RR>.
|
||||
scalar_inv_to_mont: fn(a: &Scalar) -> Scalar<R>,
|
||||
scalar_inv_to_mont: fn(a: Scalar<R>) -> Scalar<R>,
|
||||
}
|
||||
|
||||
impl PrivateScalarOps {
|
||||
@ -330,6 +330,7 @@ impl PrivateScalarOps {
|
||||
/// Returns the modular inverse of `a` (mod `n`). Panics if `a` is zero.
|
||||
pub fn scalar_inv_to_mont(&self, a: &Scalar) -> Scalar<R> {
|
||||
assert!(!self.scalar_ops.common.is_zero(a));
|
||||
let a = self.to_mont(a);
|
||||
(self.scalar_inv_to_mont)(a)
|
||||
}
|
||||
}
|
||||
|
||||
@ -132,7 +132,7 @@ pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps {
|
||||
q_minus_n: Elem::from_hex("4319055358e8617b0c46353d039cdaae"),
|
||||
|
||||
// TODO: Use an optimized variable-time implementation.
|
||||
scalar_inv_to_mont_vartime: p256_scalar_inv_to_mont,
|
||||
scalar_inv_to_mont_vartime: |s| PRIVATE_SCALAR_OPS.scalar_inv_to_mont(s),
|
||||
};
|
||||
|
||||
#[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))]
|
||||
@ -165,7 +165,7 @@ pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
|
||||
scalar_inv_to_mont: p256_scalar_inv_to_mont,
|
||||
};
|
||||
|
||||
fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
fn p256_scalar_inv_to_mont(a: Scalar<R>) -> Scalar<R> {
|
||||
// Calculate the modular inverse of scalar |a| using Fermat's Little
|
||||
// Theorem:
|
||||
//
|
||||
@ -202,15 +202,6 @@ fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
binary_op_assign(p256_scalar_mul_mont, acc, b);
|
||||
}
|
||||
|
||||
fn to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
static N_RR: Scalar<Unencoded> = Scalar {
|
||||
limbs: PRIVATE_SCALAR_OPS.oneRR_mod_n.limbs,
|
||||
m: PhantomData,
|
||||
encoding: PhantomData,
|
||||
};
|
||||
binary_op(p256_scalar_mul_mont, a, &N_RR)
|
||||
}
|
||||
|
||||
// Indexes into `d`.
|
||||
const B_1: usize = 0;
|
||||
const B_10: usize = 1;
|
||||
@ -224,7 +215,7 @@ fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
|
||||
let mut d = [Scalar::zero(); DIGIT_COUNT];
|
||||
|
||||
d[B_1] = to_mont(a);
|
||||
d[B_1] = a;
|
||||
d[B_10] = sqr(&d[B_1]);
|
||||
d[B_11] = mul(&d[B_10], &d[B_1]);
|
||||
d[B_101] = mul(&d[B_10], &d[B_11]);
|
||||
|
||||
@ -127,7 +127,7 @@ pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps {
|
||||
q_minus_n: Elem::from_hex("389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68c"),
|
||||
|
||||
// TODO: Use an optimized variable-time implementation.
|
||||
scalar_inv_to_mont_vartime: p384_scalar_inv_to_mont,
|
||||
scalar_inv_to_mont_vartime: |s| PRIVATE_SCALAR_OPS.scalar_inv_to_mont(s),
|
||||
};
|
||||
|
||||
pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
|
||||
@ -137,7 +137,7 @@ pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
|
||||
scalar_inv_to_mont: p384_scalar_inv_to_mont,
|
||||
};
|
||||
|
||||
fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
fn p384_scalar_inv_to_mont(a: Scalar<R>) -> Scalar<R> {
|
||||
// Calculate the modular inverse of scalar |a| using Fermat's Little
|
||||
// Theorem:
|
||||
//
|
||||
@ -179,15 +179,6 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
binary_op_assign(p384_scalar_mul_mont, acc, b)
|
||||
}
|
||||
|
||||
fn to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
static N_RR: Scalar<Unencoded> = Scalar {
|
||||
limbs: PRIVATE_SCALAR_OPS.oneRR_mod_n.limbs,
|
||||
m: PhantomData,
|
||||
encoding: PhantomData,
|
||||
};
|
||||
binary_op(p384_scalar_mul_mont, a, &N_RR)
|
||||
}
|
||||
|
||||
// Indexes into `d`.
|
||||
const B_1: usize = 0;
|
||||
const B_11: usize = 1;
|
||||
@ -200,7 +191,7 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> {
|
||||
const DIGIT_COUNT: usize = 8;
|
||||
|
||||
let mut d = [Scalar::zero(); DIGIT_COUNT];
|
||||
d[B_1] = to_mont(a);
|
||||
d[B_1] = a;
|
||||
let b_10 = sqr(&d[B_1]);
|
||||
for i in B_11..DIGIT_COUNT {
|
||||
d[i] = mul(&d[i - 1], &b_10);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user