mirror of
https://github.com/codex-storage/constantine.git
synced 2025-01-16 05:55:25 +00:00
a2f46f77b7
* Implement a Sage codegenerator for frobenius constants * Sage codegen for pairings * Autogen of endomorphism acceleration constants * The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul * small fixes * sage code for square root bls12-377 is not old * readme updates * Provide test suggestions for derive_frobenius * indentation + add equation form to sage * Sage test vector generator * Use the json vectors - includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225 - converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785 * Delete old sage code * Install nim-serialization and nim-json-serialization in CI * CI nimble install force yes
53 lines
1.9 KiB
Nim
53 lines
1.9 KiB
Nim
# Constantine
|
|
# Copyright (c) 2018-2019 Status Research & Development GmbH
|
|
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
|
|
# Licensed and distributed under either of
|
|
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
|
|
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
|
|
# at your option. This file may not be copied, modified, or distributed except according to those terms.
|
|
|
|
import
|
|
# Internals
|
|
../../constantine/arithmetic,
|
|
../../constantine/io/io_bigints
|
|
|
|
# Support files for testing Elliptic Curve arithmetic
|
|
# ------------------------------------------------------------------------------
|
|
|
|
iterator unpack(scalarByte: byte): bool =
|
|
yield bool((scalarByte and 0b10000000) shr 7)
|
|
yield bool((scalarByte and 0b01000000) shr 6)
|
|
yield bool((scalarByte and 0b00100000) shr 5)
|
|
yield bool((scalarByte and 0b00010000) shr 4)
|
|
yield bool((scalarByte and 0b00001000) shr 3)
|
|
yield bool((scalarByte and 0b00000100) shr 2)
|
|
yield bool((scalarByte and 0b00000010) shr 1)
|
|
yield bool( scalarByte and 0b00000001)
|
|
|
|
func unsafe_ECmul_double_add*[EC](
|
|
P: var EC,
|
|
scalar: BigInt,
|
|
) =
|
|
## **Unsafe** Elliptic Curve Scalar Multiplication
|
|
##
|
|
## P <- [k] P
|
|
##
|
|
## This uses the double-and-add algorithm to verify the constant-time production implementation
|
|
## This is UNSAFE to use in production and only intended for testing purposes.
|
|
##
|
|
## This is highly VULNERABLE to timing attacks and power analysis attacks
|
|
var scalarCanonical: array[(scalar.bits+7) div 8, byte]
|
|
scalarCanonical.exportRawUint(scalar, bigEndian)
|
|
|
|
var t0{.noInit.}, t1{.noInit.}: typeof(P)
|
|
t0.setInf()
|
|
t1.setInf()
|
|
for scalarByte in scalarCanonical:
|
|
for bit in unpack(scalarByte):
|
|
t1.double(t0)
|
|
if bit:
|
|
t0.sum(t1, P)
|
|
else:
|
|
t0 = t1
|
|
P = t0
|