diff --git a/ed25519/ref10/ge.h b/ed25519/ref10/ge.h index aec36af..1f01f3d 100644 --- a/ed25519/ref10/ge.h +++ b/ed25519/ref10/ge.h @@ -55,7 +55,8 @@ typedef unsigned char bytes32[32]; #define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime #define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes #define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes -#define ge_p3_batchtobytes_destructive crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive +#define ge_p3_batchtobytes_destructive_1 crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_1 +#define ge_p3_batchtobytes_destructive_finish crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive_finish #define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0 #define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0 @@ -76,7 +77,8 @@ typedef unsigned char bytes32[32]; extern void ge_tobytes(unsigned char *,const ge_p2 *); extern void ge_p3_tobytes(unsigned char *,const ge_p3 *); -extern void ge_p3_batchtobytes_destructive(bytes32 out[],const ge_p3 in[],fe *inz[],fe tmp[],size_t num); +extern void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num); +extern void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf); extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *); extern void ge_p2_0(ge_p2 *); diff --git a/ed25519/ref10/ge_p3_batchtobytes.c b/ed25519/ref10/ge_p3_batchtobytes.c index 19633ef..6b886c8 100644 --- a/ed25519/ref10/ge_p3_batchtobytes.c +++ b/ed25519/ref10/ge_p3_batchtobytes.c @@ -1,17 +1,23 @@ #include "ge.h" // inz is ge_p3.Z pointer array. contents to .Zs will be overwritten -void ge_p3_batchtobytes_destructive(bytes32 out[],const ge_p3 in[],fe *inz[],fe tmp[],size_t num) +// NOTE: leaves in unfinished state +void ge_p3_batchtobytes_destructive_1(bytes32 out[],ge_p3 in[],fe *inz[],fe tmp[],size_t num) { - fe x; fe y; fe_batchinvert(inz,tmp,inz,num); for (size_t i = 0;i < num;++i) { - fe_mul(x,in[i].X,*inz[i]); - fe_mul(y,in[i].Y,*inz[i]); + fe_mul(y,in[i].Y,in[i].Z); fe_tobytes(out[i],y); - out[i][31] ^= fe_isnegative(x) << 7; } } + +void ge_p3_batchtobytes_destructive_finish(bytes32 out,ge_p3 *unf) +{ + fe x; + // z of unfinished is inverted + fe_mul(x,unf->X,unf->Z); + out[31] ^= fe_isnegative(x) << 7; +} diff --git a/main.c b/main.c index 945d1ff..472d6b4 100644 --- a/main.c +++ b/main.c @@ -581,7 +581,8 @@ initseed: ge_add(&sum,&ge_public,&ge_eightpoint); ge_p1p1_to_p3(&ge_public,&sum); } - ge_p3_batchtobytes_destructive(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); + // NOTE: leaves unfinished + ge_p3_batchtobytes_destructive_1(pk_batch,ge_batch,batchgez,tmp_batch,BATCHNUM); #ifdef STATISTICS st->numcalc.v += BATCHNUM; @@ -602,6 +603,8 @@ initseed: } } // found! + // finish it up + ge_p3_batchtobytes_destructive_finish(pk_batch[b],&ge_batch[b]); // copy public key memcpy(pk,pk_batch[b],PUBLIC_LEN); // update secret key with counter