From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sun, 22 Mar 2020 21:05:46 +0000 (+0100)
Subject: Elligator script: simplified Montgomery ladder
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=97b66a6bc62d57b9cddf6edcc8c40c5990089f13;p=Monocypher.git

Elligator script: simplified Montgomery ladder
---

diff --git a/tests/gen/elligator_scalarmult.py b/tests/gen/elligator_scalarmult.py
index a2b865a..24f4543 100644
--- a/tests/gen/elligator_scalarmult.py
+++ b/tests/gen/elligator_scalarmult.py
@@ -54,6 +54,7 @@
 from elligator import fe
 from elligator import sqrt
 from elligator import sqrtm1
+from elligator import A
 
 #########################################
 # scalar multiplication (Edwards space) #
@@ -130,24 +131,10 @@ def mt_scalarmult(u, scalar):
         if b == 1:
             x2, x3 = x3, x2
             z2, z3 = z3, z2
-        t0 = x3 - z3
-        t1 = x2 - z2
-        x2 = x2 + z2
-        z2 = x3 + z3
-        z3 = t0 * x2
-        z2 = z2 * t1
-        t0 = t1**2
-        t1 = x2**2
-        x3 = z3 + z2
-        z2 = z3 - z2
-        x2 = t1 * t0
-        t1 = t1 - t0
-        z2 = z2**2
-        z3 = t1 * fe(121666)
-        x3 = x3**2
-        t0 = t0 + z3
-        z3 = x1 * z2
-        z2 = t1 * t0
+        x3, z3 = ((x2*x3 - z2*z3)**2,
+                  (x2*z3 - z2*x3)**2 * x1)
+        x2, z2 = ((x2**2 - z2**2)**2,
+                  fe(4)*x2*z2*(x2**2 + A*x2*z2 + z2**2))
         if b == 1:
             x2, x3 = x3, x2
             z2, z3 = z3, z2