Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-01-05 10:29:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use U448 for Ed448 instead of U512

Browse source
This commit is contained in:
Luke Parker 2023-05-09 04:12:13 -04:00
parent 219adc7657
commit 029b6c53a1
No known key found for this signature in database
5 changed files with 52 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crypto/ciphersuite/src/ed448.rs
View file

@ -92,9 +92,7 @@ fn test_ed448() {
.unwrap() .unwrap()
) )
.to_repr() .to_repr()
.iter() .to_vec(),
.cloned()
.collect::<Vec<_>>(),
hex::decode( hex::decode(
"\ "\
67a6f023e77361707c6e894c625e809e80f33fdb310810053ae29e28\ 67a6f023e77361707c6e894c625e809e80f33fdb310810053ae29e28\

36
crypto/ed448/src/backend.rs
View file

@ -94,8 +94,8 @@ macro_rules! field {
use $crate::backend::u8_from_bool; use $crate::backend::u8_from_bool;
fn reduce(x: U1024) -> U512 { fn reduce(x: U896) -> U448 {
U512::from_le_slice(&x.rem(&NonZero::new($WIDE_MODULUS).unwrap()).to_le_bytes()[.. 64]) U448::from_le_slice(&x.rem(&NonZero::new($WIDE_MODULUS).unwrap()).to_le_bytes()[.. 56])
} }
impl ConstantTimeEq for $FieldName { impl ConstantTimeEq for $FieldName {
@ -117,11 +117,11 @@ macro_rules! field {
math_op!($FieldName, $FieldName, Mul, mul, MulAssign, mul_assign, |x: $ResidueType, y| x math_op!($FieldName, $FieldName, Mul, mul, MulAssign, mul_assign, |x: $ResidueType, y| x
.mul(&y)); .mul(&y));
from_wrapper!($FieldName, U512, u8); from_wrapper!($FieldName, U448, u8);
from_wrapper!($FieldName, U512, u16); from_wrapper!($FieldName, U448, u16);
from_wrapper!($FieldName, U512, u32); from_wrapper!($FieldName, U448, u32);
from_wrapper!($FieldName, U512, u64); from_wrapper!($FieldName, U448, u64);
from_wrapper!($FieldName, U512, u128); from_wrapper!($FieldName, U448, u128);
impl Neg for $FieldName { impl Neg for $FieldName {
type Output = $FieldName; type Output = $FieldName;
@ -173,9 +173,9 @@ macro_rules! field {
const ONE: Self = Self(Residue::ONE); const ONE: Self = Self(Residue::ONE);
fn random(mut rng: impl RngCore) -> Self { fn random(mut rng: impl RngCore) -> Self {
let mut bytes = [0; 128]; let mut bytes = [0; 112];
rng.fill_bytes(&mut bytes); rng.fill_bytes(&mut bytes);
$FieldName(Residue::new(&reduce(U1024::from_le_slice(bytes.as_ref())))) $FieldName(Residue::new(&reduce(U896::from_le_slice(bytes.as_ref()))))
} }
fn square(&self) -> Self { fn square(&self) -> Self {
@ -187,13 +187,13 @@ macro_rules! field {
fn invert(&self) -> CtOption<Self> { fn invert(&self) -> CtOption<Self> {
const NEG_2: $FieldName = const NEG_2: $FieldName =
Self($ResidueType::sub(&$ResidueType::ZERO, &$ResidueType::new(&U512::from_u8(2)))); Self($ResidueType::sub(&$ResidueType::ZERO, &$ResidueType::new(&U448::from_u8(2))));
CtOption::new(self.pow(NEG_2), !self.is_zero()) CtOption::new(self.pow(NEG_2), !self.is_zero())
} }
fn sqrt(&self) -> CtOption<Self> { fn sqrt(&self) -> CtOption<Self> {
const MOD_1_4: $FieldName = Self($ResidueType::new( const MOD_1_4: $FieldName = Self($ResidueType::new(
&$MODULUS.saturating_add(&U512::ONE).wrapping_div(&U512::from_u8(4)), &$MODULUS.saturating_add(&U448::ONE).wrapping_div(&U448::from_u8(4)),
)); ));
let res = self.pow(MOD_1_4); let res = self.pow(MOD_1_4);
@ -213,27 +213,27 @@ macro_rules! field {
const NUM_BITS: u32 = $NUM_BITS; const NUM_BITS: u32 = $NUM_BITS;
const CAPACITY: u32 = $NUM_BITS - 1; const CAPACITY: u32 = $NUM_BITS - 1;
const TWO_INV: Self = $FieldName($ResidueType::new(&U512::from_u8(2)).invert().0); const TWO_INV: Self = $FieldName($ResidueType::new(&U448::from_u8(2)).invert().0);
const MULTIPLICATIVE_GENERATOR: Self = const MULTIPLICATIVE_GENERATOR: Self =
Self(Residue::new(&U512::from_u8($MULTIPLICATIVE_GENERATOR))); Self(Residue::new(&U448::from_u8($MULTIPLICATIVE_GENERATOR)));
// True for both the Ed448 Scalar field and FieldElement field // True for both the Ed448 Scalar field and FieldElement field
const S: u32 = 1; const S: u32 = 1;
// Both fields have their root of unity as -1 // Both fields have their root of unity as -1
const ROOT_OF_UNITY: Self = const ROOT_OF_UNITY: Self =
Self($ResidueType::sub(&$ResidueType::ZERO, &$ResidueType::new(&U512::ONE))); Self($ResidueType::sub(&$ResidueType::ZERO, &$ResidueType::new(&U448::ONE)));
const ROOT_OF_UNITY_INV: Self = Self(Self::ROOT_OF_UNITY.0.invert().0); const ROOT_OF_UNITY_INV: Self = Self(Self::ROOT_OF_UNITY.0.invert().0);
const DELTA: Self = $FieldName(Residue::new(&U512::from_le_hex($DELTA))); const DELTA: Self = $FieldName(Residue::new(&U448::from_le_hex($DELTA)));
fn from_repr(bytes: Self::Repr) -> CtOption<Self> { fn from_repr(bytes: Self::Repr) -> CtOption<Self> {
let res = U512::from_le_slice(&[bytes.as_ref(), [0; 7].as_ref()].concat()); let res = U448::from_le_slice(&bytes[.. 56]);
CtOption::new($FieldName(Residue::new(&res)), res.ct_lt(&$MODULUS)) CtOption::new($FieldName(Residue::new(&res)), res.ct_lt(&$MODULUS) & bytes[56].ct_eq(&0))
} }
fn to_repr(&self) -> Self::Repr { fn to_repr(&self) -> Self::Repr {
let mut repr = GenericArray::<u8, U57>::default(); let mut repr = GenericArray::<u8, U57>::default();
repr.copy_from_slice(&self.0.retrieve().to_le_bytes()[.. 57]); repr[.. 56].copy_from_slice(&self.0.retrieve().to_le_bytes());
repr repr
} }

34
crypto/ed448/src/field.rs
View file

@ -1,18 +1,16 @@
use zeroize::{DefaultIsZeroes, Zeroize}; use zeroize::{DefaultIsZeroes, Zeroize};
use crypto_bigint::{ use crypto_bigint::{
U512, U1024, U448, U896,
modular::constant_mod::{ResidueParams, Residue}, modular::constant_mod::{ResidueParams, Residue},
}; };
const MODULUS_PADDED_STR: &str = concat!( const MODULUS_STR: &str = concat!(
"00000000000000",
"00",
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffe", "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
); );
impl_modulus!(FieldModulus, U512, MODULUS_PADDED_STR); impl_modulus!(FieldModulus, U448, MODULUS_STR);
pub(crate) type ResidueType = Residue<FieldModulus, { FieldModulus::LIMBS }>; pub(crate) type ResidueType = Residue<FieldModulus, { FieldModulus::LIMBS }>;
/// Ed448 field element. /// Ed448 field element.
@ -21,30 +19,18 @@ pub struct FieldElement(pub(crate) ResidueType);
impl DefaultIsZeroes for FieldElement {} impl DefaultIsZeroes for FieldElement {}
const MODULUS_STR: &str = concat!(
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
);
// 2**448 - 2**224 - 1 // 2**448 - 2**224 - 1
pub(crate) const MODULUS: U512 = U512::from_be_hex(concat!( pub(crate) const MODULUS: U448 = U448::from_be_hex(MODULUS_STR);
"00000000000000",
"00",
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
));
const WIDE_MODULUS: U1024 = U1024::from_be_hex(concat!( const WIDE_MODULUS: U896 = U896::from_be_hex(concat!(
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
"00000000000000",
"00",
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffe", "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
)); ));
pub(crate) const Q_4: FieldElement = FieldElement(ResidueType::new( pub(crate) const Q_4: FieldElement = FieldElement(ResidueType::new(
&MODULUS.saturating_add(&U512::ONE).wrapping_div(&U512::from_u8(4)), &MODULUS.saturating_add(&U448::ONE).wrapping_div(&U448::from_u8(4)),
)); ));
field!( field!(
@ -56,8 +42,8 @@ field!(
448, 448,
7, 7,
concat!( concat!(
"3100000000000000000000000000000000000000000000000000000000000000", "31000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
), ),
); );

12
crypto/ed448/src/point.rs
View file

@ -8,7 +8,7 @@ use rand_core::RngCore;
use zeroize::Zeroize; use zeroize::Zeroize;
use subtle::{Choice, CtOption, ConstantTimeEq, ConditionallySelectable, ConditionallyNegatable}; use subtle::{Choice, CtOption, ConstantTimeEq, ConditionallySelectable, ConditionallyNegatable};
use crypto_bigint::{U512, modular::constant_mod::Residue}; use crypto_bigint::{U448, modular::constant_mod::Residue};
use group::{ use group::{
ff::{Field, PrimeField, PrimeFieldBits}, ff::{Field, PrimeField, PrimeFieldBits},
@ -23,18 +23,14 @@ use crate::{
}; };
const D: FieldElement = const D: FieldElement =
FieldElement(ResidueType::sub(&ResidueType::ZERO, &Residue::new(&U512::from_u16(39081)))); FieldElement(ResidueType::sub(&ResidueType::ZERO, &Residue::new(&U448::from_u16(39081))));
const G_Y: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!( const G_Y: FieldElement = FieldElement(Residue::new(&U448::from_be_hex(concat!(
"00000000000000",
"00",
"693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e", "693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e",
"05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14", "05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14",
)))); ))));
const G_X: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!( const G_X: FieldElement = FieldElement(Residue::new(&U448::from_be_hex(concat!(
"00000000000000",
"00",
"4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324", "4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324",
"a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e", "a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e",
)))); ))));

41
crypto/ed448/src/scalar.rs
View file

@ -1,18 +1,16 @@
use zeroize::{DefaultIsZeroes, Zeroize}; use zeroize::{DefaultIsZeroes, Zeroize};
use crypto_bigint::{ use crypto_bigint::{
U512, U1024, U448, U896, U1024,
modular::constant_mod::{ResidueParams, Residue}, modular::constant_mod::{ResidueParams, Residue},
}; };
const MODULUS_PADDED_STR: &str = concat!( const MODULUS_STR: &str = concat!(
"00000000000000",
"00",
"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff", "3fffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3", "7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3",
); );
impl_modulus!(ScalarModulus, U512, MODULUS_PADDED_STR); impl_modulus!(ScalarModulus, U448, MODULUS_STR);
type ResidueType = Residue<ScalarModulus, { ScalarModulus::LIMBS }>; type ResidueType = Residue<ScalarModulus, { ScalarModulus::LIMBS }>;
/// Ed448 Scalar field element. /// Ed448 Scalar field element.
@ -21,27 +19,23 @@ pub struct Scalar(pub(crate) ResidueType);
impl DefaultIsZeroes for Scalar {} impl DefaultIsZeroes for Scalar {}
const MODULUS_STR: &str = concat!(
"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3",
);
// 2**446 - 13818066809895115352007386748515426880336692474882178609894547503885 // 2**446 - 13818066809895115352007386748515426880336692474882178609894547503885
pub(crate) const MODULUS: U512 = U512::from_be_hex(concat!( pub(crate) const MODULUS: U448 = U448::from_be_hex(MODULUS_STR);
"00000000000000",
"00", const WIDE_MODULUS: U896 = U896::from_be_hex(concat!(
"00000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000000000000000000000000000",
"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff", "3fffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3", "7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3",
)); ));
const WIDE_MODULUS: U1024 = U1024::from_be_hex(concat!( const WIDE_REDUCTION_MODULUS: NonZero<U1024> = NonZero::from_uint(U1024::from_be_hex(concat!(
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
"00000000000000", "00000000000000000000000000000000000000000000000000000000",
"00",
"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff", "3fffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3", "7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3",
)); )));
field!( field!(
Scalar, Scalar,
@ -52,15 +46,18 @@ field!(
446, 446,
2, 2,
concat!( concat!(
"0400000000000000000000000000000000000000000000000000000000000000", "04000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000000000000000000000000000",
), ),
); );
impl Scalar { impl Scalar {
/// Perform a wide reduction to obtain a non-biased Scalar. /// Perform a wide reduction to obtain a non-biased Scalar.
pub fn wide_reduce(bytes: [u8; 114]) -> Scalar { pub fn wide_reduce(bytes: [u8; 114]) -> Scalar {
Scalar(Residue::new(&reduce(U1024::from_le_slice(&[bytes.as_ref(), &[0; 14]].concat())))) let wide = U1024::from_le_slice(&[bytes.as_ref(), &[0; 14]].concat());
Scalar(Residue::new(&U448::from_le_slice(
&wide.rem(&WIDE_REDUCTION_MODULUS).to_le_bytes()[.. 56],
)))
} }
} }