[Cryptech-Commits] [user/shatov/modexpng] 12/12: * More cleanup (got rid of .wide. and .narrow.)
git at cryptech.is
git at cryptech.is
Mon Aug 19 11:07:14 UTC 2019
This is an automated email from the git hooks/post-receive script.
meisterpaul1 at yandex.ru pushed a commit to branch master
in repository user/shatov/modexpng.
commit 0beee226e63b3a62ba32bc588e40eaeef01eac2b
Author: Pavel V. Shatov (Meister) <meisterpaul1 at yandex.ru>
AuthorDate: Mon Aug 19 14:04:27 2019 +0300
* More cleanup (got rid of .wide. and .narrow.)
* Working microcode for non-CRT exponentiation (i.e. when only d is known)
---
modexpng_fpga_model.py | 254 ++++++++++++++++++++++++++++++++-----------------
1 file changed, 169 insertions(+), 85 deletions(-)
diff --git a/modexpng_fpga_model.py b/modexpng_fpga_model.py
index 71a4b91..325f544 100644
--- a/modexpng_fpga_model.py
+++ b/modexpng_fpga_model.py
@@ -1085,7 +1085,7 @@ class ModExpNG_Core():
# copy from CRT_(X|Y).LADDER_X.NARROW to OUTPUT
#
def set_output_from_narrow(self, sel_output, bank_crt, sel_narrow):
- self.out._set_value(sel_output, bank_crt.ladder_x.narrow._get_value(sel_narrow))
+ self.out._set_value(sel_output, bank_crt.ladder_x._get_narrow(sel_narrow))
#
# copy from INPUT to CRT_(X|Y).LADDER_{X,Y}.NARROW
@@ -1102,7 +1102,7 @@ class ModExpNG_Core():
bank_crt.ladder_y._set_wide(sel_wide, self.inp._get_value(sel_input))
#
- # copy from CRT_Y.LADDER_{X,Y).{WIDE,NARROW} to CRT_X.LADDER_{X,Y}.{WIDE,NARROW}
+ # copy from CRT_Y.LADDER_{X,Y}.{WIDE,NARROW} to CRT_X.LADDER_{X,Y}.{WIDE,NARROW}
#
def copy_crt_y2x(self, sel_wide, sel_narrow):
@@ -1123,6 +1123,17 @@ class ModExpNG_Core():
self.bnk.crt_x.ladder_y._set_narrow(sel_narrow_out, self.bnk.crt_x.ladder_x._get_narrow(sel_narrow_in))
self.bnk.crt_y.ladder_y._set_narrow(sel_narrow_out, self.bnk.crt_y.ladder_x._get_narrow(sel_narrow_in))
+ #
+ # copy from CRT_{X,Y}.LADDER_Y.{WIDE,NARROW} to CRT_{X,Y}.LADDER_X.{WIDE,NARROW}
+ #
+ def copy_ladders_y2x(self, sel_wide_in, sel_narrow_in, sel_wide_out, sel_narrow_out):
+
+ self.bnk.crt_x.ladder_x._set_wide(sel_wide_out, self.bnk.crt_x.ladder_y._get_wide(sel_wide_in))
+ self.bnk.crt_y.ladder_x._set_wide(sel_wide_out, self.bnk.crt_y.ladder_y._get_wide(sel_wide_in))
+
+ self.bnk.crt_x.ladder_x._set_narrow(sel_narrow_out, self.bnk.crt_x.ladder_y._get_narrow(sel_narrow_in))
+ self.bnk.crt_y.ladder_x._set_narrow(sel_narrow_out, self.bnk.crt_y.ladder_y._get_narrow(sel_narrow_in))
+
#
# copy from CRT_{X,Y}.LADDER_X.{WIDE,NARROW} to CRT_{Y,X}.LADDER_Y.{WIDE,NARROW}
#
@@ -1143,23 +1154,23 @@ class ModExpNG_Core():
#
def modular_multiply(self, sel_wide_in, sel_narrow_in, sel_wide_out, sel_narrow_out, num_words, mode=(True, True), d=False):
- xn = self.bnk.crt_x.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
- yn = self.bnk.crt_y.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
+ xn = self.bnk.crt_x.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
+ yn = self.bnk.crt_y.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
- xn_coeff = self.bnk.crt_x.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
- yn_coeff = self.bnk.crt_y.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
+ xn_coeff = self.bnk.crt_x.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
+ yn_coeff = self.bnk.crt_y.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
- xxa = self.bnk.crt_x.ladder_x.wide._get_value(sel_wide_in)
- xya = self.bnk.crt_x.ladder_y.wide._get_value(sel_wide_in)
+ xxa = self.bnk.crt_x.ladder_x._get_wide(sel_wide_in)
+ xya = self.bnk.crt_x.ladder_y._get_wide(sel_wide_in)
- yxa = self.bnk.crt_y.ladder_x.wide._get_value(sel_wide_in)
- yya = self.bnk.crt_y.ladder_y.wide._get_value(sel_wide_in)
+ yxa = self.bnk.crt_y.ladder_x._get_wide(sel_wide_in)
+ yya = self.bnk.crt_y.ladder_y._get_wide(sel_wide_in)
- xxb = self.bnk.crt_x.ladder_x.narrow._get_value(sel_narrow_in)
- xyb = self.bnk.crt_x.ladder_y.narrow._get_value(sel_narrow_in)
+ xxb = self.bnk.crt_x.ladder_x._get_narrow(sel_narrow_in)
+ xyb = self.bnk.crt_x.ladder_y._get_narrow(sel_narrow_in)
- yxb = self.bnk.crt_y.ladder_x.narrow._get_value(sel_narrow_in)
- yyb = self.bnk.crt_y.ladder_y.narrow._get_value(sel_narrow_in)
+ yxb = self.bnk.crt_y.ladder_x._get_narrow(sel_narrow_in)
+ yyb = self.bnk.crt_y.ladder_y._get_narrow(sel_narrow_in)
if not mode[0]: xb = xxb
else: xb = xyb
@@ -1189,22 +1200,22 @@ class ModExpNG_Core():
#
def modular_subtract(self, sel_narrow_in, sel_narrow_out, sel_wide_out, num_words):
- xa = self.bnk.crt_x.ladder_x.narrow._get_value(sel_narrow_in)
- xb = self.bnk.crt_x.ladder_y.narrow._get_value(sel_narrow_in)
- xn = self.bnk.crt_x.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
+ xa = self.bnk.crt_x.ladder_x._get_narrow(sel_narrow_in)
+ xb = self.bnk.crt_x.ladder_y._get_narrow(sel_narrow_in)
+ xn = self.bnk.crt_x.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
- ya = self.bnk.crt_y.ladder_x.narrow._get_value(sel_narrow_in)
- yb = self.bnk.crt_y.ladder_y.narrow._get_value(sel_narrow_in)
- yn = self.bnk.crt_y.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
+ ya = self.bnk.crt_y.ladder_x._get_narrow(sel_narrow_in)
+ yb = self.bnk.crt_y.ladder_y._get_narrow(sel_narrow_in)
+ yn = self.bnk.crt_y.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
xd = self.wrk.serial_subtract_modular(xa, xb, xn, num_words)
yd = self.wrk.serial_subtract_modular(ya, yb, yn, num_words)
- self.bnk.crt_x.ladder_x.narrow._set_value(sel_narrow_out, xd)
- self.bnk.crt_y.ladder_x.narrow._set_value(sel_narrow_out, yd)
+ self.bnk.crt_x.ladder_x._set_narrow(sel_narrow_out, xd)
+ self.bnk.crt_y.ladder_x._set_narrow(sel_narrow_out, yd)
- self.bnk.crt_x.ladder_x.wide._set_value(sel_wide_out, xd)
- self.bnk.crt_y.ladder_x.wide._set_value(sel_wide_out, yd)
+ self.bnk.crt_x.ladder_x._set_wide(sel_wide_out, xd)
+ self.bnk.crt_y.ladder_x._set_wide(sel_wide_out, yd)
#
# modular reduce sel_narrow_in
@@ -1212,27 +1223,27 @@ class ModExpNG_Core():
#
def modular_reduce(self, sel_narrow_in, sel_wide_out, sel_narrow_out, num_words):
- xn = self.bnk.crt_x.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
- yn = self.bnk.crt_y.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
+ xn = self.bnk.crt_x.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
+ yn = self.bnk.crt_y.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
- xn_coeff = self.bnk.crt_x.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
- yn_coeff = self.bnk.crt_y.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
+ xn_coeff = self.bnk.crt_x.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
+ yn_coeff = self.bnk.crt_y.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
- xb = self.bnk.crt_x.ladder_x.narrow._get_value(sel_narrow_in)
- yb = self.bnk.crt_y.ladder_x.narrow._get_value(sel_narrow_in)
+ xb = self.bnk.crt_x.ladder_x._get_narrow(sel_narrow_in)
+ yb = self.bnk.crt_y.ladder_x._get_narrow(sel_narrow_in)
xp = self.wrk.multipurpose_multiply(None, xb, xn, xn_coeff, num_words, reduce_only=True)
yp = self.wrk.multipurpose_multiply(None, yb, yn, yn_coeff, num_words, reduce_only=True)
- self.bnk.crt_x.ladder_x.wide._set_value(sel_wide_out, xp)
- self.bnk.crt_x.ladder_y.wide._set_value(sel_wide_out, xp)
- self.bnk.crt_y.ladder_x.wide._set_value(sel_wide_out, yp)
- self.bnk.crt_y.ladder_y.wide._set_value(sel_wide_out, yp)
+ self.bnk.crt_x.ladder_x._set_wide(sel_wide_out, xp)
+ self.bnk.crt_x.ladder_y._set_wide(sel_wide_out, xp)
+ self.bnk.crt_y.ladder_x._set_wide(sel_wide_out, yp)
+ self.bnk.crt_y.ladder_y._set_wide(sel_wide_out, yp)
- self.bnk.crt_x.ladder_x.narrow._set_value(sel_narrow_out, xp)
- self.bnk.crt_x.ladder_y.narrow._set_value(sel_narrow_out, xp)
- self.bnk.crt_y.ladder_x.narrow._set_value(sel_narrow_out, yp)
- self.bnk.crt_y.ladder_y.narrow._set_value(sel_narrow_out, yp)
+ self.bnk.crt_x.ladder_x._set_narrow(sel_narrow_out, xp)
+ self.bnk.crt_x.ladder_y._set_narrow(sel_narrow_out, xp)
+ self.bnk.crt_y.ladder_x._set_narrow(sel_narrow_out, yp)
+ self.bnk.crt_y.ladder_y._set_narrow(sel_narrow_out, yp)
#
# propagate carries (convert to non-redundant representation) content in sel_narrow
@@ -1274,20 +1285,20 @@ class ModExpNG_Core():
#
def regular_multiply(self, sel_wide_in, sel_narrow_in, num_words):
- xn = self.bnk.crt_x.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
- yn = self.bnk.crt_y.ladder_x.wide._get_value(ModExpNG_WideBankEnum.N)
+ xn = self.bnk.crt_x.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
+ yn = self.bnk.crt_y.ladder_x._get_wide(ModExpNG_WideBankEnum.N)
- xn_coeff = self.bnk.crt_x.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
- yn_coeff = self.bnk.crt_y.ladder_x.narrow._get_value(ModExpNG_NarrowBankEnum.N_COEFF)
+ xn_coeff = self.bnk.crt_x.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
+ yn_coeff = self.bnk.crt_y.ladder_x._get_narrow(ModExpNG_NarrowBankEnum.N_COEFF)
- xxa = self.bnk.crt_x.ladder_x.wide._get_value(sel_wide_in)
- xya = self.bnk.crt_x.ladder_y.wide._get_value(sel_wide_in)
+ xxa = self.bnk.crt_x.ladder_x._get_wide(sel_wide_in)
+ xya = self.bnk.crt_x.ladder_y._get_wide(sel_wide_in)
- yxa = self.bnk.crt_y.ladder_x.wide._get_value(sel_wide_in)
- yya = self.bnk.crt_y.ladder_y.wide._get_value(sel_wide_in)
+ yxa = self.bnk.crt_y.ladder_x._get_wide(sel_wide_in)
+ yya = self.bnk.crt_y.ladder_y._get_wide(sel_wide_in)
- xb = self.bnk.crt_x.ladder_x.narrow._get_value(sel_narrow_in)
- yb = self.bnk.crt_y.ladder_x.narrow._get_value(sel_narrow_in)
+ xb = self.bnk.crt_x.ladder_x._get_narrow(sel_narrow_in)
+ yb = self.bnk.crt_y.ladder_x._get_narrow(sel_narrow_in)
xxp = self.wrk.multipurpose_multiply(xxa, xb, None, None, num_words, multiply_only=True)
xyp = self.wrk.multipurpose_multiply(xya, xb, None, None, num_words, multiply_only=True)
@@ -1307,15 +1318,15 @@ class ModExpNG_Core():
yyp_lsb = yyp.lower_half()
yyp_msb = yyp.upper_half()
- self.bnk.crt_x.ladder_x.wide._set_value(ModExpNG_WideBankEnum.L, xxp_lsb)
- self.bnk.crt_x.ladder_y.wide._set_value(ModExpNG_WideBankEnum.L, xyp_lsb)
- self.bnk.crt_y.ladder_x.wide._set_value(ModExpNG_WideBankEnum.L, yxp_lsb)
- self.bnk.crt_y.ladder_y.wide._set_value(ModExpNG_WideBankEnum.L, yyp_lsb)
+ self.bnk.crt_x.ladder_x._set_wide(ModExpNG_WideBankEnum.L, xxp_lsb)
+ self.bnk.crt_x.ladder_y._set_wide(ModExpNG_WideBankEnum.L, xyp_lsb)
+ self.bnk.crt_y.ladder_x._set_wide(ModExpNG_WideBankEnum.L, yxp_lsb)
+ self.bnk.crt_y.ladder_y._set_wide(ModExpNG_WideBankEnum.L, yyp_lsb)
- self.bnk.crt_x.ladder_x.wide._set_value(ModExpNG_WideBankEnum.H, xxp_msb)
- self.bnk.crt_x.ladder_y.wide._set_value(ModExpNG_WideBankEnum.H, xyp_msb)
- self.bnk.crt_y.ladder_x.wide._set_value(ModExpNG_WideBankEnum.H, yxp_msb)
- self.bnk.crt_y.ladder_y.wide._set_value(ModExpNG_WideBankEnum.H, yyp_msb)
+ self.bnk.crt_x.ladder_x._set_wide(ModExpNG_WideBankEnum.H, xxp_msb)
+ self.bnk.crt_x.ladder_y._set_wide(ModExpNG_WideBankEnum.H, xyp_msb)
+ self.bnk.crt_y.ladder_x._set_wide(ModExpNG_WideBankEnum.H, yxp_msb)
+ self.bnk.crt_y.ladder_y._set_wide(ModExpNG_WideBankEnum.H, yyp_msb)
#
# adds sel_narrow_a_in to sel_narrow_b_in
@@ -1345,7 +1356,7 @@ class ModExpNG_Core():
#
# dump working variables before ladder step
#
- def dump_before_step_crt(self, pq, m):
+ def dump_before_step_using_crt(self, pq, m):
print("num_words = %d" % pq)
print("\rladder_mode_x = %d" % m[0])
print("\rladder_mode_y = %d" % m[1])
@@ -1361,7 +1372,7 @@ class ModExpNG_Core():
#
# dump working variables after ladder step
#
- def dump_after_step_crt(self):
+ def dump_after_step_using_crt(self):
self.bnk.crt_x.ladder_x._get_narrow(N.C).format_verilog_concat("X_X")
self.bnk.crt_x.ladder_y._get_narrow(N.C).format_verilog_concat("X_Y")
self.bnk.crt_y.ladder_x._get_narrow(N.C).format_verilog_concat("Y_X")
@@ -1429,6 +1440,17 @@ def get_ladder_mode_using_crt(v, bit):
return (bit_value_p, bit_value_q)
+#
+# get current ladder mode based on private exponent's bit
+#
+def get_ladder_mode_without_crt(v, bit):
+
+ bit_value_d = (v.d.number() & (1 << bit)) >> bit
+
+ bit_value_d = bit_value_d > 0
+
+ return (not bit_value_d, bit_value_d)
+
#
# print current exponentiation progress
#
@@ -1487,7 +1509,7 @@ def sign_using_crt():
c.set_output_from_narrow(O.XM, c.bnk.crt_x, N.D) # | [XY] / N_FACTOR | [XY]F | [XY]YM | [XY]M | M |
c.set_output_from_narrow(O.YM, c.bnk.crt_y, N.D) # | [XY] / N_FACTOR | [XY]F | [XY]YM | [XY]M | M |
# +------------------------+-------+------------------+---------+-----------+
- c.modular_multiply(W.E, N.B, W.C, N.C, n) # | [XY] / N_FACTOR | [XY]F | [XY]MB | [XY]M | M | [XY]MB = M*[XY]F
+ c.modular_multiply(W.E, N.B, W.C, N.C, n) # | [XY] / N_FACTOR | [XY]F | [XY]MB | [XY]M | M | [XY]MB = M * [XY]F
# +------------------------+-------+------------------+---------+-----------+
c.propagate_carries(N.C, n_num_words) # | [XY] / N_FACTOR | [XY]F | [XY]MB | [XY]M | M |
# +------------------------+-------+------------------+---------+-----------+
@@ -1508,7 +1530,6 @@ def sign_using_crt():
c.set_narrow_from_input(c.bnk.crt_x, N.E, I.QINV) # | [PQ]_FACTOR | [XY]F | YMB | [XY]M | QINV |
# +------------------------+-------+------------------+---------+-----------+
c.modular_reduce(N.C, W.D, N.D, pq) # | [PQ]_FACTOR | [XY]F | YMB | [PQ]MBZ | QINV | [PQ]MBZ = YMB mod [PQ]
- # +------------------------+-------+------------------+---------+-----------+
c.modular_multiply(W.D, N.A, W.C, N.C, pq) # | [PQ]_FACTOR | [XY]F | [PQ]MB | [PQ]MBZ | QINV | [PQ]MB = [PQ]MBZ * [PQ]_FACTOR
c.modular_multiply(W.C, N.A, W.D, N.D, pq) # | [PQ]_FACTOR | [XY]F | [PQ]MB | [PQ]MBF | QINV | [PQ]MBF = [PQ]MB * [PQ]_FACTOR
c.modular_multiply(W.A, N.I, W.C, N.C, pq) # | [PQ]_FACTOR | [XY]F | [PQ]IF | [PQ]MBF | QINV | [PQ]IF = 1 * [PQ]_FACTOR
@@ -1526,11 +1547,11 @@ def sign_using_crt():
# | | | | | |
if dbg: # | | | | | |
if FORCE_OVERFLOW: c._force_overflow(c.bnk.crt_x, N.C) # | | | | | |
- if DUMP_VECTORS: c.dump_before_step_crt(pq, m) # | | | | | |
+ if DUMP_VECTORS: c.dump_before_step_using_crt(pq, m) # | | | | | |
# +------------------------+-------+------------------+---------+-----------+
c.modular_multiply(W.C, N.C, W.C, N.C, pq, mode=m, d=dbg) # | [PQ]_FACTOR | [XY]F | [PQ]SBF | [PQ]MBF | QINV | <LADDER>
# +------------------------+-------+------------------+---------+-----------+
- if dbg and DUMP_VECTORS: c.dump_after_step_crt() # | | | | | |
+ if dbg and DUMP_VECTORS: c.dump_after_step_using_crt() # | | | | | |
print_ladder_progress(bit, pq) # | | | | | |
# | | | | | |
######################### # | | | | | |
@@ -1576,6 +1597,87 @@ def sign_using_crt():
# +------------------------+-------+------------------+---------+-----------+
c.set_output_from_narrow(O.S, c.bnk.crt_x, N.A) # | S | | | | |
# +------------------------+-------+------------------+---------+-----------+
+
+#
+# try to exponentiate using only half of the quad-multiplier (one dual-ladder core)
+#
+def sign_without_crt():
+
+ c = core
+ v = vector
+ n = n_num_words
+
+ ff = (False, False)
+
+ c.set_wide_from_input (c.bnk.crt_x, W.N, I.N)
+ c.set_wide_from_input (c.bnk.crt_y, W.N, I.N)
+ c.set_wide_from_input (c.bnk.crt_x, W.A, I.X)
+ c.set_wide_from_input (c.bnk.crt_y, W.A, I.Y)
+ c.set_wide_from_input (c.bnk.crt_x, W.E, I.M)
+ c.set_wide_from_input (c.bnk.crt_y, W.E, I.M)
+
+ c.set_narrow_from_input (c.bnk.crt_x, N.N_COEFF, I.N_COEFF)
+ c.set_narrow_from_input (c.bnk.crt_y, N.N_COEFF, I.N_COEFF)
+ c.set_narrow_from_input (c.bnk.crt_x, N.A, I.N_FACTOR)
+ c.set_narrow_from_input (c.bnk.crt_y, N.A, I.N_FACTOR)
+ c.set_narrow_from_input (c.bnk.crt_x, N.E, I.M)
+ c.set_narrow_from_input (c.bnk.crt_y, N.E, I.M)
+
+ c.modular_multiply(W.A, N.A, W.B, N.B, n) # [XY]F = [XY] * N_FACTOR
+ c.modular_multiply(W.B, N.B, W.C, N.C, n, mode=ff) # [XY]MF = [XY]F * [XY]F
+ c.modular_multiply(W.C, N.I, W.D, N.D, n) # [XY]M = [XY]MF * 1
+
+ c.propagate_carries(N.D, n)
+
+ c.set_output_from_narrow(O.XM, c.bnk.crt_x, N.D)
+ c.set_output_from_narrow(O.YM, c.bnk.crt_y, N.D)
+
+ c.modular_multiply(W.E, N.B, W.C, N.C, n) # [XY]MB = M * [XY]F
+
+ XF = c.bnk.crt_x.ladder_x._get_narrow(N.B)
+
+ c.set_wide_from_input(c.bnk.crt_x, W.A, I.N_FACTOR)
+ c.set_wide_from_input(c.bnk.crt_y, W.A, I.N_FACTOR)
+
+ c.modular_multiply(W.C, N.A, W.D, N.D, n) # MBF = MB * N_FACTOR
+ c.modular_multiply(W.A, N.I, W.C, N.C, n) # IF = 1 * N_FACTOR
+
+ c.copy_ladders_x2y(W.D, N.D, W.C, N.C)
+
+ ###########################
+ # Begin Montgomery Ladder #
+ ###########################
+
+ for bit in range(_WORD_WIDTH * n - 1, -1, -1):
+
+ m = get_ladder_mode_without_crt(v, bit)
+ dbg = bit == DUMP_LADDER_INDEX
+
+ if dbg:
+ if FORCE_OVERFLOW: c._force_overflow(c.bnk.crt_x, N.C)
+ if DUMP_VECTORS: c.dump_before_step_without_crt(n, m)
+
+ c.modular_multiply(W.C, N.C, W.C, N.C, n, mode=m, d=dbg)
+
+ if dbg and DUMP_VECTORS: c.dump_after_step_without_crt()
+ print_ladder_progress(bit, n)
+
+ #########################
+ # End Montgomery Ladder #
+ #########################
+
+ c.cross_ladders_x2y(W.B, N.B, W.B, N.B)
+
+ c.modular_multiply(W.C, N.I, W.D, N.D, n) # SB = SBF * 1
+ c.modular_multiply(W.B, N.D, W.A, N.A, n, mode=ff) # S = XF * SB
+
+ c.copy_ladders_y2x(W.A, N.A, W.B, N.B)
+
+ c.propagate_carries(N.B, n)
+
+ c.set_output_from_narrow(O.S, c.bnk.crt_y, N.B)
+
+
#
# main()
#
@@ -1627,35 +1729,17 @@ if __name__ == "__main__":
xm_known = pow(vector.x.number(), 2, vector.n.number())
ym_known = pow(vector.y.number(), 2, vector.n.number())
- # sign using CRT
+ # sign using CRT and check
print("Signing using CRT...")
sign_using_crt()
compare_signature()
- # sign without CRT
- # ...
+ # sign without CRT and check
+ print("Signing without CRT...")
+ sign_without_crt()
+ compare_signature()
#
# End-of-File
#
-
-
-
- # bring one into Montgomery domain (glue 2**r to one)
- # bring blinding coefficients into Montgomery domain (glue 2**(2*r) to x and y)
- # blind message
- # convert message to non-redundant representation
- # first reduce message, this glues 2**-r to the message as a side effect
- # unglue 2**-r from message by gluing 2**r to it to compensate
- # bring message into Montgomery domain (glue 2**r to message)
- # do "easier" exponentiations
- # return "easier" parts from Montgomery domain (unglue 2**r from result)
- # do the "Garner's formula" part
- # r = sp - sq mod p
- # sr_qinv = sr * qinv mod p
- # q_sr_qinv = q * sr_qinv
- # s_crt = sq + q_sr_qinv
- # unblind s
- # mutate blinding factors
-
More information about the Commits
mailing list