Elligator script: simplified Montgomery ladder

author Loup Vaillant <loup@loup-vaillant.fr>

Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)

committer Loup Vaillant <loup@loup-vaillant.fr>

Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)
author Loup Vaillant <loup@loup-vaillant.fr>
Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)
committer Loup Vaillant <loup@loup-vaillant.fr>
Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)
diff --git a/tests/gen/elligator_scalarmult.py b/tests/gen/elligator_scalarmult.py

index a2b865a35195de9ec503c1812d8d867f517ec325..24f45438eaa047941b7ea6c029b06b113a85baf5 100644 (file)
--- a/tests/gen/elligator_scalarmult.py
+++ b/tests/gen/elligator_scalarmult.py
@@ -54,6 +54,7 @@
  from elligator import fe
  from elligator import sqrt
  from elligator import sqrtm1
+from elligator import A
  
  #########################################
  # scalar multiplication (Edwards space) #
@@ -130,24 +131,10 @@ def mt_scalarmult(u, scalar):
          if b == 1:
              x2, x3 = x3, x2
              z2, z3 = z3, z2
-        t0 = x3 - z3
-        t1 = x2 - z2
-        x2 = x2 + z2
-        z2 = x3 + z3
-        z3 = t0 * x2
-        z2 = z2 * t1
-        t0 = t1**2
-        t1 = x2**2
-        x3 = z3 + z2
-        z2 = z3 - z2
-        x2 = t1 * t0
-        t1 = t1 - t0
-        z2 = z2**2
-        z3 = t1 * fe(121666)
-        x3 = x3**2
-        t0 = t0 + z3
-        z3 = x1 * z2
-        z2 = t1 * t0
+        x3, z3 = ((x2*x3 - z2*z3)**2,
+                  (x2*z3 - z2*x3)**2 * x1)
+        x2, z2 = ((x2**2 - z2**2)**2,
+                  fe(4)*x2*z2*(x2**2 + A*x2*z2 + z2**2))
          if b == 1:
              x2, x3 = x3, x2
              z2, z3 = z3, z2
author	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 22 Mar 2020 21:05:46 +0000 (22:05 +0100)