Frank Denis
7f9a227abf
deinline edwards25519.{add,dbl}
2020-08-16 22:35:28 -07:00
Frank Denis
37ae246405
Inline Fe.{sub,mul,sq} for a performance boost in release-safe mode
2020-08-16 22:35:28 -07:00
Frank Denis
ab6ffa8a3c
Work around sqrtRatioM1() issue in release-safe mode
2020-08-16 22:35:28 -07:00
Frank Denis
5ab69633b7
Constify the ladder
2020-08-16 22:35:27 -07:00
Frank Denis
d86cde5752
Add comment, use @truncate
2020-08-16 22:35:27 -07:00
Frank Denis
bcef123d90
Address more review issues
2020-08-16 22:35:27 -07:00
Frank Denis
263c444738
Move loop decrements into continuations
...
Suggested by @daurnimator
2020-08-16 22:35:27 -07:00
Frank Denis
ed558bfbaa
Address @daurnimator feedback
2020-08-16 22:35:27 -07:00
Frank Denis
dd8f7b396c
Rename the field and scalar modules
...
Suggested by @kubkon
2020-08-16 22:35:27 -07:00
Frank Denis
c483bf4f97
Update lib/std/crypto/25519/ristretto255.zig
...
Co-authored-by: Jakub Konka <kubkon@jakubkonka.com>
2020-08-16 22:35:27 -07:00
Frank Denis
739b68938c
Update lib/std/crypto/25519/field25519.zig
...
Co-authored-by: Jakub Konka <kubkon@jakubkonka.com>
2020-08-16 22:35:27 -07:00
Frank Denis
6af9bc8c68
Initialize structures directly
...
Suggested by @kubkon, thanks!
2020-08-16 22:35:27 -07:00
Frank Denis
5f9953f41f
Remove mem.timingSafeEqual() for now
...
This requires assembly implementations, and is not needed for
signature verification.
Thanks @daurnimator
2020-08-16 22:35:27 -07:00
Frank Denis
3f0d80f25e
Improve curve25519-based crypto
...
This is a rewrite of the x25519 code, that generalizes support for
common primitives based on the same finite field.
- Low-level operations can now be performed over the curve25519 and
edwards25519 curves, as well as the ristretto255 group.
- Ed25519 signatures have been implemented.
- X25519 is now about twice as fast.
- mem.timingSafeEqual() has been added for constant-time comparison.
Domains have been clearly separated, making it easier to later add
platform-specific implementations.
2020-08-16 22:35:27 -07:00
