ted448 point public fields.

armfazh · armfazh · commit 537c05347d20 · 2020-06-10T01:58:37.000-07:00
diff --git a/.etc/golangci.yml b/.etc/golangci.yml
@@ -18,8 +18,7 @@ linters-settings:
     statements: 80
   nestif:
     min-complexity: 6
-  dogsled:
-    max-blank-identifiers: 3
+
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0
diff --git a/ecc/decaf/decaf.go b/ecc/decaf/decaf.go
@@ -10,6 +10,8 @@
 package decaf
 
 import (
+	"unsafe"
+
 	"github.com/cloudflare/circl/internal/ted448"
 	fp "github.com/cloudflare/circl/math/fp448"
 )
@@ -55,19 +57,13 @@ func Mul(c *Elt, n *Scalar, a *Elt) { ted448.ScalarMult(&c.p, n, &a.p) }
 func MulGen(c *Elt, n *Scalar) { ted448.ScalarBaseMult(&c.p, n) }
 
 // IsIdentity returns True if e is the identity of the group.
-func (e *Elt) IsIdentity() bool {
-	x, y, _, _, z := e.p.Coordinates()
-	return fp.IsZero(&x) && !fp.IsZero(&y) && !fp.IsZero(&z)
-}
+func (e *Elt) IsIdentity() bool { return fp.IsZero(&e.p.X) && !fp.IsZero(&e.p.Y) && !fp.IsZero(&e.p.Z) }
 
 // IsEqual returns True if e=a, where = is an equivalence relation.
 func (e *Elt) IsEqual(a *Elt) bool {
-	x1, y1, _, _, _ := e.p.Coordinates()
-	x2, y2, _, _, _ := a.p.Coordinates()
-
 	l, r := &fp.Elt{}, &fp.Elt{}
-	fp.Mul(l, &x1, &y2)
-	fp.Mul(r, &x2, &y1)
+	fp.Mul(l, &e.p.X, &a.p.Y)
+	fp.Mul(r, &a.p.X, &e.p.Y)
 	fp.Sub(l, l, r)
 	return fp.IsZero(l)
 }
@@ -116,22 +112,27 @@ func (e *Elt) UnmarshalBinary(data []byte) error {
 	fp.Mul(y, y, t0)                    // y = (1 - a*s^2)*isr*den
 
 	isValid := isPositiveS && isLessThanP && isQR
-	P, err := ted448.NewPoint(x, y)
-	if !isValid || err != nil {
-		return ErrInvalidDecoding
+	b := uint(*((*byte)(unsafe.Pointer(&isValid))))
+	fp.Cmov(&e.p.X, x, b)
+	fp.Cmov(&e.p.Y, y, b)
+	fp.Cmov(&e.p.Ta, x, b)
+	fp.Cmov(&e.p.Tb, y, b)
+	fp.Cmov(&e.p.Z, &one, b)
+	var err error
+	if !isValid {
+		err = ErrInvalidDecoding
 	}
-	e.p = *P
-	return nil
+	return err
 }
 
 // MarshalBinary returns a unique encoding of the element e.
 func (e *Elt) MarshalBinary() ([]byte, error) {
-	x, _, ta, tb, z := e.p.Coordinates()
+	x, ta, tb, z := &e.p.X, &e.p.Ta, &e.p.Tb, &e.p.Z
 	one, t, t2, s := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
 	fp.SetOne(one)
-	fp.Mul(t, &ta, &tb)                // t = ta*tb
-	t0, t1 := x, *t                    // (t0,t1) = (x,t)
-	fp.Sqr(t2, &x)                     // t2 = x^2
+	fp.Mul(t, ta, tb)                  // t = ta*tb
+	t0, t1 := *x, *t                   // (t0,t1) = (x,t)
+	fp.Sqr(t2, x)                      // t2 = x^2
 	fp.AddSub(&t0, &t1)                // (t0,t1) = (x+t,x-t)
 	fp.Mul(&t1, &t0, &t1)              // t1 = (x+t)*(x-t)
 	fp.Mul(&t0, &t1, &aMinusDTwist)    // t0 = (a-d)*(x+t)*(x-t)
@@ -142,9 +143,9 @@ func (e *Elt) MarshalBinary() ([]byte, error) {
 	isNeg := fp.Parity(t2)             // isNeg = sgn(t2)
 	fp.Neg(t2, &t1)                    // t2 = -t1
 	fp.Cmov(&t1, t2, uint(isNeg))      // if t2 is negative then t1 = -t1
-	fp.Mul(s, &t1, &z)                 // s = t1*z
+	fp.Mul(s, &t1, z)                  // s = t1*z
 	fp.Sub(s, s, t)                    // s = t1*z - t
-	fp.Mul(s, s, &x)                   // s = x*(t1*z - t)
+	fp.Mul(s, s, x)                    // s = x*(t1*z - t)
 	fp.Mul(s, s, &t0)                  // s = isr*x*(t1*z - t)
 	fp.Mul(s, s, &aMinusDTwist)        // s = (a-d)*isr*x*(t1*z - t)
 	isNeg = fp.Parity(s)               // isNeg = sgn(s)
diff --git a/internal/ted448/curve.go b/internal/ted448/curve.go
@@ -10,10 +10,10 @@ import (
 )
 
 // Identity returns the identity point.
-func Identity() Point { return Point{y: fp.One(), z: fp.One()} }
+func Identity() Point { return Point{Y: fp.One(), Z: fp.One()} }
 
 // Generator returns the generator point.
-func Generator() Point { return Point{x: genX, y: genY, z: fp.One(), ta: genX, tb: genY} }
+func Generator() Point { return Point{X: genX, Y: genY, Z: fp.One(), Ta: genX, Tb: genY} }
 
 // Order returns the number of points in the prime subgroup.
 func Order() Scalar { return order }
@@ -23,18 +23,18 @@ func IsOnCurve(P *Point) bool {
 	eq0 := *P != Point{}
 	x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
 	rhs, lhs := &fp.Elt{}, &fp.Elt{}
-	fp.Mul(t, &P.ta, &P.tb)  // t = ta*tb
-	fp.Sqr(x2, &P.x)         // x^2
-	fp.Sqr(y2, &P.y)         // y^2
-	fp.Sqr(z2, &P.z)         // z^2
+	fp.Mul(t, &P.Ta, &P.Tb)  // t = ta*tb
+	fp.Sqr(x2, &P.X)         // x^2
+	fp.Sqr(y2, &P.Y)         // y^2
+	fp.Sqr(z2, &P.Z)         // z^2
 	fp.Sqr(t2, t)            // t^2
 	fp.Sub(lhs, y2, x2)      // -x^2 + y^2, since a=-1
 	fp.Mul(rhs, t2, &ParamD) // dt^2
 	fp.Add(rhs, rhs, z2)     // z^2 + dt^2
 	fp.Sub(lhs, lhs, rhs)    // ax^2 + y^2 - (z^2 + dt^2)
 	eq1 := fp.IsZero(lhs)
-	fp.Mul(lhs, &P.x, &P.y) // xy
-	fp.Mul(rhs, t, &P.z)    // tz
+	fp.Mul(lhs, &P.X, &P.Y) // xy
+	fp.Mul(rhs, t, &P.Z)    // tz
 	fp.Sub(lhs, lhs, rhs)   // xy - tz
 	eq2 := fp.IsZero(lhs)
 	return eq0 && eq1 && eq2
diff --git a/internal/ted448/point.go b/internal/ted448/point.go
@@ -1,14 +1,13 @@
 package ted448
 
 import (
-	"errors"
 	"fmt"
 
 	fp "github.com/cloudflare/circl/math/fp448"
 )
 
 // Point defines a point on the ted448 curve.
-type Point struct{ x, y, z, ta, tb fp.Elt }
+type Point struct{ X, Y, Z, Ta, Tb fp.Elt }
 
 type prePointAffine struct{ addYX, subYX, dt2 fp.Elt }
 
@@ -18,36 +17,24 @@ type prePointProy struct {
 }
 
 func (P Point) String() string {
-	return fmt.Sprintf("x: %v\ny: %v\nta: %v\ntb: %v\nz: %v", P.x, P.y, P.ta, P.tb, P.z)
+	return fmt.Sprintf("x: %v\ny: %v\nta: %v\ntb: %v\nz: %v", P.X, P.Y, P.Ta, P.Tb, P.Z)
 }
 
-// NewPoint creates a point from affine coordinates.
-func NewPoint(x, y *fp.Elt) (*Point, error) {
-	P := &Point{x: *x, y: *y, ta: *x, tb: *y, z: fp.One()}
-	if !IsOnCurve(P) {
-		return nil, errors.New("invalid point")
-	}
-	return P, nil
-}
-
-// Coordinates returns a copy of the coordinates.
-func (P *Point) Coordinates() (x, y, ta, tb, z fp.Elt) { return P.x, P.y, P.ta, P.tb, P.z }
-
 // cneg conditionally negates the point if b=1.
 func (P *Point) cneg(b uint) {
 	t := &fp.Elt{}
-	fp.Neg(t, &P.x)
-	fp.Cmov(&P.x, t, b)
-	fp.Neg(t, &P.ta)
-	fp.Cmov(&P.ta, t, b)
+	fp.Neg(t, &P.X)
+	fp.Cmov(&P.X, t, b)
+	fp.Neg(t, &P.Ta)
+	fp.Cmov(&P.Ta, t, b)
 }
 
 // Double updates P with 2P.
 func (P *Point) Double() {
 	// This is formula (7) from "ed448 Edwards Curves Revisited" by
 	// Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
 	// https://doi.org/10.1007/978-3-540-89255-7_20
-	Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+	Px, Py, Pz, Pta, Ptb := &P.X, &P.Y, &P.Z, &P.Ta, &P.Tb
 	a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb
 	fp.Add(e, Px, Py) // x+y
 	fp.Sqr(a, Px)     // A = x^2
@@ -66,7 +53,7 @@ func (P *Point) Double() {
 
 // mixAdd calulates P= P+Q, where Q is a precomputed448 point with Z_Q = 1.
 func (P *Point) mixAddZ1(Q *prePointAffine) {
-	fp.Add(&P.z, &P.z, &P.z) // D = 2*z1 (z2=1)
+	fp.Add(&P.Z, &P.Z, &P.Z) // D = 2*z1 (z2=1)
 	P.coreAddition(Q)
 }
 
@@ -75,7 +62,7 @@ func (P *Point) coreAddition(Q *prePointAffine) {
 	// This is the formula following (5) from "ed448 Edwards Curves Revisited" by
 	// Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
 	// https://doi.org/10.1007/978-3-540-89255-7_20
-	Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+	Px, Py, Pz, Pta, Ptb := &P.X, &P.Y, &P.Z, &P.Ta, &P.Tb
 	addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2
 	a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb
 	fp.Mul(c, Pta, Ptb)  // t1 = ta*tb
@@ -113,37 +100,37 @@ func (P *prePointAffine) cmov(Q *prePointAffine, b uint) {
 
 // mixAdd calculates P= P+Q, where Q is a precomputed448 point with Z_Q != 1.
 func (P *Point) mixAdd(Q *prePointProy) {
-	fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2
+	fp.Mul(&P.Z, &P.Z, &Q.z2) // D = 2*z1*z2
 	P.coreAddition(&Q.prePointAffine)
 }
 
 // IsIdentity returns True is P is the identity.
 func (P *Point) IsIdentity() bool {
-	return fp.IsZero(&P.x) && !fp.IsZero(&P.y) && !fp.IsZero(&P.z) && P.y == P.z
+	return fp.IsZero(&P.X) && !fp.IsZero(&P.Y) && !fp.IsZero(&P.Z) && P.Y == P.Z
 }
 
 // IsEqual returns True if P is equivalent to Q.
 func (P *Point) IsEqual(Q *Point) bool {
 	l, r := &fp.Elt{}, &fp.Elt{}
-	fp.Mul(l, &P.x, &Q.z)
-	fp.Mul(r, &Q.x, &P.z)
+	fp.Mul(l, &P.X, &Q.Z)
+	fp.Mul(r, &Q.X, &P.Z)
 	fp.Sub(l, l, r)
 	b := fp.IsZero(l)
-	fp.Mul(l, &P.y, &Q.z)
-	fp.Mul(r, &Q.y, &P.z)
+	fp.Mul(l, &P.Y, &Q.Z)
+	fp.Mul(r, &Q.Y, &P.Z)
 	fp.Sub(l, l, r)
 	b = b && fp.IsZero(l)
-	fp.Mul(l, &P.ta, &P.tb)
-	fp.Mul(l, l, &Q.z)
-	fp.Mul(r, &Q.ta, &Q.tb)
-	fp.Mul(r, r, &P.z)
+	fp.Mul(l, &P.Ta, &P.Tb)
+	fp.Mul(l, l, &Q.Z)
+	fp.Mul(r, &Q.Ta, &Q.Tb)
+	fp.Mul(r, r, &P.Z)
 	fp.Sub(l, l, r)
 	b = b && fp.IsZero(l)
 	return b
 }
 
 // Neg obtains the inverse of P.
-func (P *Point) Neg() { fp.Neg(&P.x, &P.x); fp.Neg(&P.ta, &P.ta) }
+func (P *Point) Neg() { fp.Neg(&P.X, &P.X); fp.Neg(&P.Ta, &P.Ta) }
 
 // Add calculates P = P+Q.
 func (P *Point) Add(Q *Point) {
@@ -176,10 +163,10 @@ func (P *prePointProy) cmov(Q *prePointProy, b uint) {
 
 // FromPoint precomputes some coordinates of Q for mised addition.
 func (P *prePointProy) FromPoint(Q *Point) {
-	fp.Add(&P.addYX, &Q.y, &Q.x)    // addYX = X + Y
-	fp.Sub(&P.subYX, &Q.y, &Q.x)    // subYX = Y - X
-	fp.Mul(&P.dt2, &Q.ta, &Q.tb)    // T = ta*tb
+	fp.Add(&P.addYX, &Q.Y, &Q.X)    // addYX = X + Y
+	fp.Sub(&P.subYX, &Q.Y, &Q.X)    // subYX = Y - X
+	fp.Mul(&P.dt2, &Q.Ta, &Q.Tb)    // T = ta*tb
 	fp.Mul(&P.dt2, &P.dt2, &ParamD) // D*T
 	fp.Add(&P.dt2, &P.dt2, &P.dt2)  // dt2 = 2*D*T
-	fp.Add(&P.z2, &Q.z, &Q.z)       // z2 = 2*Z
+	fp.Add(&P.z2, &Q.Z, &Q.Z)       // z2 = 2*Z
 }
