From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sun, 27 Jun 2021 16:29:28 +0000 (+0200)
Subject: Factored out redundant squaring in Elligator
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=b01076453935c615731af5cb2ea08a4cec8eb1b9;p=Monocypher.git

Factored out redundant squaring in Elligator
---

diff --git a/src/monocypher.c b/src/monocypher.c
index 8aeed41..ccf496b 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -2719,7 +2719,8 @@ void crypto_hidden_to_curve(uint8_t curve[32], const uint8_t hidden[32])
 
     fe r, u, t1, t2, t3;
     fe_frombytes(r, clamped);
-    fe_sq2(t1, r);
+    fe_sq(r, r);
+    fe_add(t1, r, r);
     fe_add(u, t1, fe_one);
     fe_sq (t2, u);
     fe_mul(t3, A2, t1);
@@ -2728,8 +2729,7 @@ void crypto_hidden_to_curve(uint8_t curve[32], const uint8_t hidden[32])
     fe_mul(t1, t2, u);
     fe_mul(t1, t3, t1);
     int is_square = invsqrt(t1, t1);
-    fe_sq(u, r);
-    fe_mul(u, u, ufactor);
+    fe_mul(u, r, ufactor);
     fe_ccopy(u, fe_one, is_square);
     fe_sq (t1, t1);
     fe_mul(u, u, A);