diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index 431a7410..93563c6d 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -155,12 +155,6 @@ impl Ed25519 { } } -impl Ed25519 { - fn endomorphism_base(&self) -> Self { - unimplemented!(); - } -} - impl Ed25519Affine { /// Constructs the neutral element `(0, 1)`. pub const fn identity() -> Self { @@ -351,8 +345,13 @@ impl CurveExt for Ed25519 { const CURVE_ID: &'static str = "ed25519"; + fn is_on_curve(&self) -> Choice { + let affine = Ed25519Affine::from(*self); + !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t) + } + fn endo(&self) -> Self { - self.endomorphism_base() + unimplemented!(); } fn jacobian_coordinates(&self) -> (Fq, Fq, Fq) { @@ -363,14 +362,6 @@ impl CurveExt for Ed25519 { unimplemented!(); } - fn is_on_curve(&self) -> Choice { - let affine = Ed25519Affine::from(*self); - - println!("affine: {:?}", affine); - - !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t) - } - fn a() -> Self::Base { unimplemented!() } diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index 644a92f2..46eb3098 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -45,8 +45,8 @@ const MODULUS_LIMBS_32: [u32; 8] = [ /// Constant representing the modulus as static str const MODULUS_STR: &str = "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"; -/// Obtained with: -/// `sage: GF(57896044618658097711785492504343953926634992332820282019728792003956564819949).primitive_element()` +/// Obtained with sage: +/// `GF(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fq = Fq::from_raw([0x02, 0x0, 0x0, 0x0]); /// INV = -(p^{-1} mod 2^64) mod 2^64 @@ -80,12 +80,26 @@ const SQRT_MINUS_ONE: Fq = Fq::from_raw([ 0x2b8324804fc1df0b, ]); -/// TODO -const ZETA: Fq = Fq::zero(); -/// TODO -const DELTA: Fq = Fq::zero(); -/// TODO -const ROOT_OF_UNITY_INV: Fq = Fq::zero(); +// Element in small order subgroup (3-order) +const ZETA: Fq = Fq::from_raw([ + 0xaa86d89d8618e538, + 0x1a1aada8413a4550, + 0xd9872fccc55bd529, + 0x381cba36aa6565b5, +]); +const ROOT_OF_UNITY: Fq = Fq::from_raw([ + 0xc4ee1b274a0ea0b0, + 0x2f431806ad2fe478, + 0x2b4d00993dfbd7a7, + 0x2b8324804fc1df0b, +]); +const ROOT_OF_UNITY_INV: Fq = Fq::from_raw([ + 0x3b11e4d8b5f15f3d, + 0xd0bce7f952d01b87, + 0xd4b2ff66c2042858, + 0x547cdb7fb03e20f4, +]); +const DELTA: Fq = Fq::from_raw([0x10, 0, 0, 0]); use crate::{ field_arithmetic, field_common, field_specific, impl_add_binop_specify_output, @@ -206,17 +220,15 @@ impl ff::Field for Fq { impl ff::PrimeField for Fq { type Repr = [u8; 32]; + const MODULUS: &'static str = MODULUS_STR; const NUM_BITS: u32 = 256; const CAPACITY: u32 = 255; - const MODULUS: &'static str = MODULUS_STR; - const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; - /// TODO - const ROOT_OF_UNITY: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY_INV: Self = Self::zero(); const TWO_INV: Self = TWO_INV; + const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + const S: u32 = 2; + const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; + const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const DELTA: Self = DELTA; - const S: u32 = 1; fn from_repr(repr: Self::Repr) -> CtOption { let mut tmp = Fq([0, 0, 0, 0]); @@ -281,7 +293,6 @@ impl FromUniformBytes<64> for Fq { } impl WithSmallOrderMulGroup<3> for Fq { - /// TODO const ZETA: Self = ZETA; } diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index 0aa22e95..d14d43a2 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -45,6 +45,10 @@ const MODULUS_LIMBS_32: [u32; 8] = [ ///Constant representing the modulus as static str const MODULUS_STR: &str = "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"; +/// Obtained with sage: +/// `GF(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed).primitive_element()` +const MULTIPLICATIVE_GENERATOR: Fr = Fr::from_raw([0x02, 0x0, 0x0, 0x0]); + /// INV = -(q^{-1} mod 2^64) mod 2^64 const INV: u64 = 0xd2b51da312547e1b; @@ -91,9 +95,26 @@ const SQRT_MINUS_ONE: Fr = Fr::from_raw([ 0x094a7310e07981e7, ]); -const ZETA: Fr = Fr::zero(); -const DELTA: Fr = Fr::zero(); -const ROOT_OF_UNITY_INV: Fr = Fr::zero(); +// Element in small order subgroup (3-order) +const ZETA: Fr = Fr::from_raw([ + 0x158687e51e07e223, + 0x471dd911c6cce91e, + 0xeb08f579fb8841ae, + 0x0378d9ddc674005f, +]); +const ROOT_OF_UNITY: Fr = Fr::from_raw([ + 0xbe8775dfebbe07d4, + 0x0ef0565342ce83fe, + 0x7d3d6d60abc1c27a, + 0x094a7310e07981e7, +]); +const ROOT_OF_UNITY_INV: Fr = Fr::from_raw([ + 0x998aed3a7137cc19, + 0x05eea38b602918d7, + 0x82c2929f543e3d86, + 0x06b58cef1f867e18, +]); +const DELTA: Fr = Fr::from_raw([0x10, 0, 0, 0]); use crate::{ field_arithmetic, field_common, field_specific, impl_add_binop_specify_output, @@ -213,18 +234,15 @@ impl ff::Field for Fr { impl ff::PrimeField for Fr { type Repr = [u8; 32]; + const MODULUS: &'static str = MODULUS_STR; const NUM_BITS: u32 = 256; const CAPACITY: u32 = 255; - const MODULUS: &'static str = MODULUS_STR; - /// TODO - const MULTIPLICATIVE_GENERATOR: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const TWO_INV: Self = TWO_INV; + const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + const S: u32 = 2; + const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; + const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const DELTA: Self = DELTA; - const S: u32 = 6; fn from_repr(repr: Self::Repr) -> CtOption { let mut tmp = Fr([0, 0, 0, 0]);