diff --git a/ecc/goldilocks/decaf.go b/ecc/goldilocks/decaf.go index 315280d1e..a77372800 100644 --- a/ecc/goldilocks/decaf.go +++ b/ecc/goldilocks/decaf.go @@ -1,8 +1,6 @@ package goldilocks import ( - "fmt" - fp "github.com/cloudflare/circl/math/fp448" ) @@ -23,7 +21,7 @@ func (d Decaf) Identity() *Elt { return &Elt{d.c.Identity()} } // Generator is func (d Decaf) Generator() *Elt { g := d.c.Generator() - g.Double() + // g.Double() return &Elt{g} } @@ -49,39 +47,28 @@ func (d Decaf) Marshal(a *Elt) []byte { x, y, ta, tb, z := a.p.x, a.p.y, a.p.ta, a.p.tb, a.p.z t0, t1 := z, y fp.SetOne(one) - fp.AddSub(&t0, &t1) // (t0,t1) = (z+y,z-y) - fp.Mul(&t0, &t0, &t1) // t0 = (z+y)*(z-y) - fp.Mul(&t0, &t0, &aMinusD) // t0 = (a-d)*(z+y)*(z-y) - fp.InvSqrt(r, one, &t0) // r = 1/sqrt( (a-d)*(z+y)*(z-y) ) - - fmt.Println("r0: ", r) - fp.Abs(r) // r = Takes the non-negative root. - fmt.Println("r0: ", r) - fp.Mul(u, r, &aMinusD) // u = (a-d)*r - fp.Mul(&t0, u, &z) // t0 = u*Z - fp.Add(&t0, &t0, &t0) // t0 = 2*u*Z - fp.Neg(&t0, &t0) // t0 = -2*u*Z - isNeg := fp.Parity(&t0) // isNeg = sgn(t0) - fp.Neg(&t1, r) // t1 = -r - fmt.Println("r1: ", r) + fp.AddSub(&t0, &t1) // (t0,t1) = (z+y,z-y) + fp.Mul(&t0, &t0, &t1) // t0 = (z+y)*(z-y) + fp.Mul(&t0, &t0, &aMinusD) // t0 = (a-d)*(z+y)*(z-y) + fp.InvSqrt(r, one, &t0) // r = 1/sqrt( (a-d)*(z+y)*(z-y) ) + fp.Mul(u, r, &aMinusD) // u = (a-d)*r + fp.Mul(&t0, u, &z) // t0 = u*Z + fp.Add(&t0, &t0, &t0) // t0 = 2*u*Z + fp.Neg(&t0, &t0) // t0 = -2*u*Z + isNeg := fp.Parity(&t0) // isNeg = sgn(t0) + fp.Neg(&t1, r) // t1 = -r fp.Cmov(r, &t1, uint(isNeg)) // if -2*u*Z is negative then r = -r - fmt.Println("r1: ", r) - fp.Mul(&t1, &ta, &tb) // t1 = Ta*Tb = T - fp.Mul(&t1, &t1, &y) // t1 = Y*T - fp.Mul(&t1, &t1, ¶mD) // t1 = d*Y*T - fmt.Println(">t1: ", t1) - fp.Mul(&t0, &z, &x) // t0 = a*Z*X - fp.Sub(&t0, &t0, &t1) // t0 = a*Z*X - d*Y*T - fmt.Println(">t0: ", t0) - fp.Mul(&t0, &t0, r) // t0 = r*(a*Z*X - d*Y*T) - fmt.Println(">t0: ", t0) - fp.Add(&t0, &t0, &y) // t0 = r*(a*Z*X - d*Y*T) + Y - fp.Mul(s, &t0, u) // s = (u/a)*(r*(a*Z*X - d*Y*T) + Y) - fmt.Println("s1: ", s) + fp.Mul(&t1, &ta, &tb) // t1 = Ta*Tb = T + fp.Mul(&t1, &t1, &y) // t1 = Y*T + fp.Mul(&t1, &t1, ¶mD) // t1 = d*Y*T + fp.Mul(&t0, &z, &x) // t0 = a*Z*X + fp.Sub(&t0, &t0, &t1) // t0 = a*Z*X - d*Y*T + fp.Mul(&t0, &t0, r) // t0 = r*(a*Z*X - d*Y*T) + fp.Add(&t0, &t0, &y) // t0 = r*(a*Z*X - d*Y*T) + Y + fp.Mul(s, &t0, u) // s = (u/a)*(r*(a*Z*X - d*Y*T) + Y) isNeg = fp.Parity(s) // isNeg = sgn(s) fp.Neg(&t1, s) // t1 = -s fp.Cmov(s, &t1, uint(isNeg)) // if s is negative then s = -s - fmt.Println("s1: ", s) var encS [fp.Size]byte _ = fp.ToBytes(encS[:], s) diff --git a/ecc/goldilocks/decaf_test.go b/ecc/goldilocks/decaf_test.go index 6f4f8be4a..104abe8d1 100644 --- a/ecc/goldilocks/decaf_test.go +++ b/ecc/goldilocks/decaf_test.go @@ -8,15 +8,24 @@ import ( func TestDecafDevel(t *testing.T) { - var c Curve - G := c.Generator() - // _2G := c.Double(G) - Q := c.push(G) - fmt.Printf("G: %v\n", Q) + // var c Curve var d Decaf + GE := d.Generator() + fmt.Printf("GE: %v\n%v\n\n", GE, hex.EncodeToString(d.Marshal(GE))) + + Q := d.Identity() + for i := 0; i < 100; i++ { + fmt.Printf("%v\n", hex.EncodeToString(d.Marshal(Q))) + Q = d.Add(Q, GE) + } + // fmt.Printf("2GE: %v\n%v\n\n", GE, enc(GE)) + + // GT := c.push(GE) + // GT.ToAffine() + // fmt.Printf("GT: %v\n%v\n", GT, enc(GT)) // fmt.Printf("0: %v\n", hex.EncodeToString(d.Marshal(d.Identity()))) - fmt.Printf("G: %v\n", hex.EncodeToString(d.Marshal(d.Generator()))) + // fmt.Printf("G: %v\n", hex.EncodeToString(d.Marshal(d.Generator()))) // P := d.Generator() // fmt.Printf("G:\n%v\n%v\n", P, hex.EncodeToString(d.Marshal(P))) // for i := 1; i < 2; i++ { @@ -25,3 +34,19 @@ func TestDecafDevel(t *testing.T) { // fmt.Printf("[2^%v]G: %v\n", i, hex.EncodeToString(d.Marshal(P))) // } } + +func BenchmarkDecaf(b *testing.B) { + var d Decaf + G := d.Generator() + enc := d.Marshal(G) + b.Run("Marshal", func(b *testing.B) { + for i := 0; i < b.N; i++ { + d.Marshal(G) + } + }) + b.Run("Unmarshal", func(b *testing.B) { + for i := 0; i < b.N; i++ { + d.Unmarshal(enc) + } + }) +}