From 3ca399eafe4d704b4d4d13a352806a302b8558b1 Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Fri, 10 Aug 2018 22:48:14 +0200
Subject: [PATCH] Referenced the signed comb for EdDSA

---
 src/monocypher.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/monocypher.c b/src/monocypher.c
index 5a78439..40a7954 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1742,13 +1742,15 @@ static const fe comb_T2[16] = {
 
 static void ge_scalarmult_base(ge *p, const u8 scalar[32])
 {
-    static const u8 half_mod_L[32] = {
+    // 5-bits signed comb, from Mike Hamburg's
+    // Fast and compact elliptic-curve cryptography (2012)
+    static const u8 half_mod_L[32] = { // 1 / 2 modulo L
         0xf7, 0xe9, 0x7a, 0x2e, 0x8d, 0x31, 0x09, 0x2c,
         0x6b, 0xce, 0x7b, 0x51, 0xef, 0x7c, 0x6f, 0x0a,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
     };
-    static const u8 half_ones[32] = {
+    static const u8 half_ones[32] = { // (2^255 - 1) / 2 modulo L
         0x42, 0x9a, 0xa3, 0xba, 0x23, 0xa5, 0xbf, 0xcb,
         0x11, 0x5b, 0x9d, 0xc5, 0x74, 0x95, 0xf3, 0xb6,
         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-- 
2.47.3