2323 a , _ = fe ().SetBytes ([]byte {
2424 6 , 109 , 7 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
2525 })
26- one = fe ().One ()
27- zero = fe ().Zero ()
26+ minA = fe ().Negate (a )
27+ zero = fe ().Zero ()
28+ one = fe ().One ()
29+ minOne = fe ().Negate (one )
30+ two = fe ().Add (one , one )
2831 // one, _ = fe().SetBytes([]byte{
2932 // 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0})
3033 invsqrtD , _ = fe ().SetBytes ([]byte {
@@ -54,42 +57,37 @@ func MapToEdwards(e *field.Element) *edwards25519.Point {
5457
5558// Elligator2Montgomery implements the Elligator2 mapping to Curve25519.
5659func Elligator2Montgomery (e * field.Element ) (x , y * field.Element ) {
57- minA := new (field.Element ).Negate (a )
58- minOne := new (field.Element ).Negate (one )
60+ t1 := fe ().Square (e ) // u^2
61+ t1 .Multiply (t1 , two ) // t1 = 2u^2
62+ e1 := t1 .Equal (minOne ) //
63+ t1 .Swap (zero , e1 ) // if 2u^2 == -1, t1 = 0
5964
60- b := one // b = 1
61- z := new (field.Element ).Add (one , one ) // z = 2
65+ x1 := fe ().Add (t1 , one ) // t1 + 1
66+ x1 .Invert (x1 ) // 1 / (t1 + 1)
67+ x1 .Multiply (x1 , minA ) // x1 = -A / (t1 + 1)
6268
63- t1 := new (field. Element ). Square ( e )
64- t1 .Multiply (t1 , z )
65- e1 := t1 . Equal ( minOne )
66- t1 . Swap ( zero , e1 )
69+ gx1 := fe (). Add ( x1 , a ) // x1 + A
70+ gx1 .Multiply (gx1 , x1 ) // x1 * (x1 + A )
71+ gx1 . Add ( gx1 , one ) // x1 * (x1 + A) + 1
72+ gx1 . Multiply ( gx1 , x1 ) // x1 * (x1 * (x1 + A) + 1 )
6773
68- x1 := new (field.Element ).Add (t1 , one ) // u^2 + 1
69- x1 .Invert (x1 ) // 1 / (u^2 + 1)
70- x1 .Multiply (x1 , minA ) // -A / (u^2 + 1)
74+ x2 := fe ().Negate (x1 ) // -x1
75+ x2 .Subtract (x2 , a ) // -x2 - A
7176
72- gx1 := new (field.Element ).Add (x1 , a )
73- gx1 .Multiply (gx1 , x1 )
74- gx1 .Add (gx1 , b )
75- gx1 .Multiply (gx1 , x1 )
77+ gx2 := fe ().Multiply (t1 , gx1 ) // t1 * gx1
7678
77- x2 := new (field.Element ).Negate (x1 )
78- x2 .Subtract (x2 , a )
79-
80- gx2 := new (field.Element ).Multiply (t1 , gx1 )
81-
82- root1 , _isSquare := new (field.Element ).SqrtRatio (gx1 , one )
83- root2 , _ := new (field.Element ).SqrtRatio (gx2 , one )
79+ root1 , _isSquare := fe ().SqrtRatio (gx1 , one ) // root1 = (+) sqrt(gx1)
80+ negRoot1 := fe ().Negate (root1 ) // negRoot1 = (-) sqrt(gx1)
81+ root2 , _ := fe ().SqrtRatio (gx2 , one ) // root2 = (+) sqrt(gx2)
8482
83+ // if gx1 is square, set the point to (x1, -root1)
84+ // if not, set the point to (x2, +root2)
8585 if _isSquare == 1 {
8686 x = x1
87- y = root1
88- y .Negate (y .Absolute (y )) // set sgn0(y) == 1, i.e. negative
87+ y = negRoot1 // set sgn0(y) == 1, i.e. negative
8988 } else {
9089 x = x2
91- y = root2
92- y .Absolute (y ) // set sgn0(y) == 0, i.e. positive
90+ y = root2 // set sgn0(y) == 0, i.e. positive
9391 }
9492
9593 return x , y
@@ -100,7 +98,7 @@ func Elligator2Montgomery(e *field.Element) (x, y *field.Element) {
10098func AffineToEdwards (x , y * field.Element ) * edwards25519.Point {
10199 t := fe ().Multiply (x , y )
102100
103- p , err := new (edwards25519.Point ).SetExtendedCoordinates (x , y , new (field. Element ).One (), t )
101+ p , err := new (edwards25519.Point ).SetExtendedCoordinates (x , y , fe ( ).One (), t )
104102 if err != nil {
105103 panic (err )
106104 }
0 commit comments