Mirrors/zig
1
0
Fork 0
mirror of https://codeberg.org/ziglang/zig.git synced 2026-04-27 19:09:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

crypto.edwards25519: optimize rejectLowOrder

Browse Source 
Reject low-order points by checking projective coordinates directly
instead of using affine coordinates.

Equivalent, but saves CPU cycles (~254 field multiplications total
before, 3 field multiplications after).
This commit is contained in:
Frank Denis
2026-01-01 23:48:26 +01:00
parent 2bd02883c7
commit 1baa127c65
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/std/crypto/25519/edwards25519.zig
+4 -6
View File
@@ -127,12 +127,10 @@ pub const Edwards25519 = struct {
/// Check that the point does not generate a low-order group.
/// Return a `WeakPublicKey` error if it does.
pub fn rejectLowOrder(p: Edwards25519) WeakPublicKeyError!void {
const zi = p.z.invert();
const x = p.x.mul(zi);
const y = p.y.mul(zi);
const x_neg = x.neg();
const iy = Fe.sqrtm1.mul(y);
if (x.isZero() or y.isZero() or iy.equivalent(x) or iy.equivalent(x_neg)) {
const y_sqrtm1 = Fe.sqrtm1.mul(p.y);
if (p.x.isZero() or p.y.isZero() or p.z.isZero() or
y_sqrtm1.sub(p.x).isZero() or y_sqrtm1.add(p.x).isZero())
{
return error.WeakPublicKey;
}
}