fixed

Author: deatil

elliptic/e521/e521.go renamed to elliptic/ed521/ed521.go

@@ -1,4 +1,4 @@
-package e521
+package ed521
 
 import (
     "sync"
@@ -10,13 +10,13 @@ import (
 // https://eprint.iacr.org/2013/647
 
 var (
-    // E-521 EdDSA curve oid
-    OIDE521 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44588, 2, 1}
+    // Ed-521 curve oid
+    OIDED521 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44588, 2, 1}
 )
 
 var once sync.Once
 
-func E521() *E521Curve {
+func ED521() *Ed521Curve {
     once.Do(initAll)
-    return e521
+    return ed521
 }

elliptic/e521/e521_curves.go renamed to elliptic/ed521/ed521_curves.go

@@ -1,18 +1,18 @@
-package e521
+package ed521
 
 import (
     "math/big"
 )
 
-var e521 *E521Curve
+var ed521 *Ed521Curve
 
 func initAll() {
     initE521()
 }
 
 func initE521() {
-    e521 = &E521Curve{
-        Name:    "E-521",
+    ed521 = &Ed521Curve{
+        Name:    "Ed521",
         P:       bigFromHex("1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
         N:       bigFromHex("7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd15b6c64746fc85f736b8af5e7ec53f04fbd8c4569a8f1f4540ea2435f5180d6b"),
         D:       bigFromHex("1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa4331"),

elliptic/e521/e521_test.go renamed to elliptic/ed521/ed521_test.go

@@ -1,4 +1,4 @@
-package e521
+package ed521
 
 import (
     "fmt"
@@ -16,7 +16,7 @@ func bigintFromHex(s string) *big.Int {
 }
 
 func Test_Interface(t *testing.T) {
-    var _ elliptic.Curve = (*E521Curve)(nil)
+    var _ elliptic.Curve = (*Ed521Curve)(nil)
 }
 
 func Test_Curve_Add(t *testing.T) {
@@ -26,7 +26,7 @@ func Test_Curve_Add(t *testing.T) {
         a2 := bigintFromHex("10ffba2f442444980490d51fb67b6b29f30a96e00aeebb058fb396f1d56862925f84a403612cf7a32586abe1e8085f44e28426a2f0684c9e7adbfaf99bd2788aad0")
         b2 := bigintFromHex("5d33e51bfe1cbb3c263ad569b213be723a45920ac38070147d8d85c1779b4fe4eaa0912a17765f2d87bb2ac27106fb8d019152c373e9ea060f591c1d85141cc830")
 
-        xx, yy := E521().Add(a1, b1, a2, b2)
+        xx, yy := ED521().Add(a1, b1, a2, b2)
 
         xx2 := fmt.Sprintf("%x", xx.Bytes())
         yy2 := fmt.Sprintf("%x", yy.Bytes())
@@ -46,7 +46,7 @@ func Test_Curve_Add(t *testing.T) {
         a1 := bigintFromHex("135e8ba63870ade80365ee6b6832d971a83c8519310bed795809637bd61e4d54676d0823d7a95d26291be2742994d833b16d306dcea0574b57924aac6b62552ef81")
         b1 := bigintFromHex("d6e622c17fb2723b47ef82f0a704694689c96c5cc12f24b42a735b89283c6bd47fe0596dff8841603414b8b3a5c681d72750e03a807f6668a008738876e2f1fcde")
 
-        xx, yy := E521().Add(a1, b1, a1, b1)
+        xx, yy := ED521().Add(a1, b1, a1, b1)
 
         xx2 := fmt.Sprintf("%x", xx.Bytes())
         yy2 := fmt.Sprintf("%x", yy.Bytes())
@@ -66,7 +66,7 @@ func Test_Curve_Add(t *testing.T) {
         a1 := bigintFromHex("135e8ba63870ade80365ee6b6832d971a83c8519310bed795809637bd61e4d54676d0823d7a95d26291be2742994d833b16d306dcea0574b57924aac6b62552ef81")
         b1 := bigintFromHex("d6e622c17fb2723b47ef82f0a704694689c96c5cc12f24b42a735b89283c6bd47fe0596dff8841603414b8b3a5c681d72750e03a807f6668a008738876e2f1fcde")
 
-        xx, yy := E521().Double(a1, b1)
+        xx, yy := ED521().Double(a1, b1)
 
         xx2 := fmt.Sprintf("%x", xx.Bytes())
         yy2 := fmt.Sprintf("%x", yy.Bytes())
@@ -90,7 +90,7 @@ func Test_Curve_ScalarMult(t *testing.T) {
         b1 := bigintFromHex("d6e622c17fb2723b47ef82f0a704694689c96c5cc12f24b42a735b89283c6bd47fe0596dff8841603414b8b3a5c681d72750e03a807f6668a008738876e2f1fcde")
         k := bigintFromHex("10ffba2f442444980490d51fb67b6b29f30a96e00aeebb058fb396f1d56862925f84a403612cf7a32586abe1e8085f44e28426a2f0684c9e7adbfaf99bd2788aad0")
 
-        xx, yy := E521().ScalarMult(a1, b1, k.Bytes())
+        xx, yy := ED521().ScalarMult(a1, b1, k.Bytes())
 
         xx2 := fmt.Sprintf("%x", xx.Bytes())
         yy2 := fmt.Sprintf("%x", yy.Bytes())
@@ -109,7 +109,7 @@ func Test_Curve_ScalarMult(t *testing.T) {
     {
         k := bigintFromHex("10ffba2f442444980490d51fb67b6b29f30a96e00aeebb058fb396f1d56862925f84a403612cf7a32586abe1e8085f44e28426a2f0684c9e7adbfaf99bd2788aad0")
 
-        xx, yy := E521().ScalarBaseMult(k.Bytes())
+        xx, yy := ED521().ScalarBaseMult(k.Bytes())
 
         xx2 := fmt.Sprintf("%x", xx.Bytes())
         yy2 := fmt.Sprintf("%x", yy.Bytes())
@@ -131,7 +131,7 @@ func Test_MarshalCompressed(t *testing.T) {
     a1 := bigintFromHex("135e8ba63870ade80365ee6b6832d971a83c8519310bed795809637bd61e4d54676d0823d7a95d26291be2742994d833b16d306dcea0574b57924aac6b62552ef81")
     b1 := bigintFromHex("d6e622c17fb2723b47ef82f0a704694689c96c5cc12f24b42a735b89283c6bd47fe0596dff8841603414b8b3a5c681d72750e03a807f6668a008738876e2f1fcde")
 
-    m := MarshalCompressed(E521(), a1, b1)
+    m := MarshalCompressed(ED521(), a1, b1)
 
     m2 := fmt.Sprintf("%x", m)
     mcheck := "0300d6e622c17fb2723b47ef82f0a704694689c96c5cc12f24b42a735b89283c6bd47fe0596dff8841603414b8b3a5c681d72750e03a807f6668a008738876e2f1fcde"
@@ -140,7 +140,7 @@ func Test_MarshalCompressed(t *testing.T) {
 
     mcheck2 := bigintFromHex(mcheck).Bytes()
 
-    x, y := UnmarshalCompressed(E521(), mcheck2)
+    x, y := UnmarshalCompressed(ED521(), mcheck2)
     cryptobin_test.Equal(t, a1, x)
     cryptobin_test.Equal(t, b1, y)
 }

elliptic/e521/params.go renamed to elliptic/ed521/params.go

@@ -1,11 +1,12 @@
-package e521
+package ed521
 
 import (
     "math/big"
     "crypto/elliptic"
 )
 
-type E521Curve struct {
+// E521
+type Ed521Curve struct {
     Name    string
     P       *big.Int
     N       *big.Int
@@ -14,7 +15,7 @@ type E521Curve struct {
     BitSize int
 }
 
-func (curve *E521Curve) Params() *elliptic.CurveParams {
+func (curve *Ed521Curve) Params() *elliptic.CurveParams {
     cp := new(elliptic.CurveParams)
     cp.Name = curve.Name
     cp.P = curve.P
@@ -26,7 +27,7 @@ func (curve *E521Curve) Params() *elliptic.CurveParams {
 }
 
 // polynomial returns (y² - 1) / (dy² - 1).
-func (curve *E521Curve) polynomial(y *big.Int) *big.Int {
+func (curve *Ed521Curve) polynomial(y *big.Int) *big.Int {
     // x² + y² = 1 + dx²y²
     // dx²y² - x² = x²(dy² - 1) = y² - 1
     // x² = (y² - 1) / (dy² - 1)
@@ -58,7 +59,7 @@ func (curve *E521Curve) polynomial(y *big.Int) *big.Int {
 // IsOnCurve reports whether the given (x,y) lies on the curve.
 // check equation: x² + y² ≡ 1 + d*x²*y² (mod p),
 // so we can check equation: x² = (1 - y²) / (1 - d*y²).
-func (curve *E521Curve) IsOnCurve(x, y *big.Int) bool {
+func (curve *Ed521Curve) IsOnCurve(x, y *big.Int) bool {
     if x.Sign() == 0 && y.Sign() == 0 {
         return true
     }
@@ -70,7 +71,7 @@ func (curve *E521Curve) IsOnCurve(x, y *big.Int) bool {
 }
 
 // Add returns the sum of (x1,y1) and (x2,y2)
-func (curve *E521Curve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
+func (curve *Ed521Curve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
     if x1.Sign() == 0 && y1.Sign() == 0 {
         return x2, y2
     }
@@ -81,52 +82,83 @@ func (curve *E521Curve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
     panicIfNotOnCurve(curve, x1, y1)
     panicIfNotOnCurve(curve, x2, y2)
 
-    x1y2 := new(big.Int).Mul(x1, y2)
-    x2y1 := new(big.Int).Mul(x2, y1)
-
-    y1y2 := new(big.Int).Mul(y1, y2)
-    x1x2 := new(big.Int).Mul(x1, x2)
-
-    // c = d*x1*x2*y1*y2
-    c := new(big.Int).Mul(x1x2, y1y2)
-    c.Mul(c, curve.D)
-    c.Mod(c, curve.P)
-
-    // x = (x1*y2 + x2*y1) / (d*x1*x2*y1*y2 + 1)
-    rx1 := new(big.Int).Add(x1y2, x2y1)
-    rx2 := new(big.Int).Add(c, big.NewInt(1))
-    invRx2 := new(big.Int).ModInverse(rx2, curve.P)
-    if invRx2 == nil {
-        return
-    }
-
-    x = new(big.Int).Mul(rx1, invRx2)
+    // C = X1*X2
+    c := new(big.Int).Mul(x1, x2)
+    // D = Y1*Y2
+    d := new(big.Int).Mul(y1, y2)
+
+    // E = d*C*D
+    e := new(big.Int).Mul(c, curve.D)
+    e.Mul(e, d)
+    e.Mod(e, curve.P)
+
+    // F = B-E
+    f := new(big.Int).Sub(big.NewInt(1), e)
+    // G = B+E
+    g := new(big.Int).Add(big.NewInt(1), e)
+
+    // H = (X1+Y1)*(X2+Y2)
+    tmp1 := new(big.Int).Add(x1, y1)
+    tmp2 := new(big.Int).Add(x2, y2)
+    h := new(big.Int).Mul(tmp1, tmp2)
+
+    // Z3 = F*G
+    z := new(big.Int).Mul(f, g)
+    zInv := new(big.Int).ModInverse(z, curve.P)
+
+    // X3 = (z^-1) * A*F*(H-C-D)
+    x = new(big.Int).Sub(h, c)
+    x.Sub(x, d)
+    x.Mul(x, f)
+    x.Mul(x, zInv)
     x.Mod(x, curve.P)
 
-    // y = (x1*x2 - y1*y2) / (d*x1*x2*y1*y2 - 1)
-    ry1 := new(big.Int).Sub(x1x2, y1y2)
-    ry2 := new(big.Int).Sub(c, big.NewInt(1))
-    invRy2 := new(big.Int).ModInverse(ry2, curve.P)
-    if invRx2 == nil {
-        return
-    }
-
-    y = new(big.Int).Mul(ry1, invRy2)
+    // Y3 = (z^-1) * A*G*(D-C)
+    y = new(big.Int).Sub(d, c)
+    y.Mul(y, g)
+    y.Mul(y, zInv)
     y.Mod(y, curve.P)
 
-    // return result (x, y)
     return
 }
 
 // Double returns 2*(x,y)
-func (curve *E521Curve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
-    x2 := new(big.Int).Set(x1)
-    y2 := new(big.Int).Set(y1)
+func (curve *Ed521Curve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
+    // B = (X1+Y1)^2
+    b := new(big.Int).Add(x1, y1)
+    b.Mul(b, b)
+
+    // C = X1^2
+    c := new(big.Int).Mul(x1, x1)
+    // D = Y1^2
+    d := new(big.Int).Mul(y1, y1)
+
+    // E = C+D
+    e := new(big.Int).Add(c, d)
+
+    // J = E-2*H
+    j := new(big.Int).Sub(e, big.NewInt(2))
+
+    // Z3 = E*J
+    z := new(big.Int).Mul(e, j)
+    zInv := new(big.Int).ModInverse(z, curve.P)
+
+    // X3 = (z^-1) * (B-E)*J
+    x := new(big.Int).Sub(b, e)
+    x.Mul(x, j)
+    x.Mul(x, zInv)
+    x.Mod(x, curve.P)
 
-    return curve.Add(x2, y2, x2, y2)
+    // Y3 = (z^-1) * E*(C-D)
+    y := new(big.Int).Sub(c, d)
+    y.Mul(y, e)
+    y.Mul(y, zInv)
+    y.Mod(y, curve.P)
+
+    return x, y
 }
 
-func (curve *E521Curve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
+func (curve *Ed521Curve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
     x, y := big.NewInt(0), big.NewInt(1)
 
     Bx2 := new(big.Int).Set(Bx)
@@ -147,20 +179,20 @@ func (curve *E521Curve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.In
     return x, y
 }
 
-func (curve *E521Curve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
+func (curve *Ed521Curve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
     return curve.ScalarMult(curve.Gx, curve.Gy, k)
 }
 
-func (curve *E521Curve) Marshal(x, y *big.Int) []byte {
+func (curve *Ed521Curve) Marshal(x, y *big.Int) []byte {
     return Marshal(curve, x, y)
 }
 
 // MarshalCompressed compresses Edwards point according to RFC 8032: store sign bit of x
-func (curve *E521Curve) MarshalCompressed(x, y *big.Int) []byte {
+func (curve *Ed521Curve) MarshalCompressed(x, y *big.Int) []byte {
     return MarshalCompressed(curve, x, y)
 }
 
-func (curve *E521Curve) Unmarshal(data []byte) (*big.Int, *big.Int) {
+func (curve *Ed521Curve) Unmarshal(data []byte) (*big.Int, *big.Int) {
     if len(data) == 0 {
         return nil, nil
     }
@@ -191,7 +223,7 @@ func (curve *E521Curve) Unmarshal(data []byte) (*big.Int, *big.Int) {
 }
 
 // UnmarshalCompressed decompresses a compressed point according to RFC 8032
-func (curve *E521Curve) UnmarshalCompressed(data []byte) (x, y *big.Int) {
+func (curve *Ed521Curve) UnmarshalCompressed(data []byte) (x, y *big.Int) {
     byteLen := (curve.BitSize + 7) / 8
     if len(data) != 1+byteLen {
         return
@@ -248,15 +280,15 @@ func MarshalCompressed(curve elliptic.Curve, x, y *big.Int) []byte {
 }
 
 func Unmarshal(curve elliptic.Curve, data []byte) (*big.Int, *big.Int) {
-    if c, ok := curve.(*E521Curve); ok {
+    if c, ok := curve.(*Ed521Curve); ok {
         return c.Unmarshal(data)
     }
 
     return nil, nil
 }
 
 func UnmarshalCompressed(curve elliptic.Curve, data []byte) (*big.Int, *big.Int) {
-    if c, ok := curve.(*E521Curve); ok {
+    if c, ok := curve.(*Ed521Curve); ok {
         return c.UnmarshalCompressed(data)
     }