...

Source file src/github.com/cloudflare/circl/dh/csidh/curve_test.go

Documentation: github.com/cloudflare/circl/dh/csidh 

     1  package csidh
     2  
     3  import (
     4  	"math/big"
     5  	"testing"
     6  )
     7  
     8  // Actual test implementation.
     9  func TestXAdd(t *testing.T) {
    10  	var P, Q, PdQ point
    11  	var PaQ point
    12  	var expPaQ big.Int
    13  
    14  	// points from a Elliptic Curve defined in sage as follows:
    15  	// A = 0x6055947AAFEBF773CE912680A6A32656073233D2FD6FDF4A143BE82D25B44ECC0431DE564C0F0D6591ACC62D6876E86F5D06B68C9EAF20D0DB0A6B99ED558512
    16  	// E = EllipticCurve(GF(p), [0, A, 0, 1, 0])
    17  	// where p is CSIDH's 511-bit prime
    18  
    19  	checkXAdd := func() {
    20  		xAdd(&PaQ, &P, &Q, &PdQ)
    21  		ret := toNormX(&PaQ)
    22  		if ret.Cmp(&expPaQ) != 0 {
    23  			t.Errorf("\nExp: %s\nGot: %s", expPaQ.Text(16), ret.Text(16))
    24  		}
    25  	}
    26  
    27  	expPaQ.SetString("0x41C98C5D7FF118B1A3987733581FD69C0CC27D7B63BCCA525106B9945869C6DAEDAA3D5D9D2679237EF0D013BE68EF12731DBFB26E12576BAD1E824C67ABD125", 0)
    28  	P.x = toFp("0x5840FD8E0165F7F474260F99337461AF195233F791FABE735EC2634B74A95559568B4CEB23959C8A01C5C57E215D22639868ED840D74FE2BAC04830CF75047AD")
    29  	P.z = toFp("1")
    30  	Q.x = toFp("0x3C1A003C71436698B4A181CEB12BA4B4D1FF7BB14AAAF6FBDA6957C4EBA20AD8E3893DF6F64E67E81163E024C19C7E975F3EC61862F75502C3ED802370E75A3F")
    31  	Q.z = toFp("1")
    32  	PdQ.x = toFp("0x519B1928F752B0B2143C1C23EB247B370DBB5B9C29B9A3A064D7FBC1B67FAC34B6D3DDA0F3CB87C387B425B36F31B93A8E73252BA701927B767A9DE89D5A92AE")
    33  	PdQ.z = toFp("1")
    34  	checkXAdd()
    35  
    36  	expPaQ.SetString("0x5840FD8E0165F7F474260F99337461AF195233F791FABE735EC2634B74A95559568B4CEB23959C8A01C5C57E215D22639868ED840D74FE2BAC04830CF75047AD", 0)
    37  	P.x = toFp("0x5840FD8E0165F7F474260F99337461AF195233F791FABE735EC2634B74A95559568B4CEB23959C8A01C5C57E215D22639868ED840D74FE2BAC04830CF75047AD")
    38  	P.z = toFp("1")
    39  	Q.x = toFp("1")
    40  	Q.z = toFp("0x0")
    41  	PdQ.x = toFp(expPaQ.Text(10))
    42  	PdQ.z = toFp("1")
    43  	checkXAdd()
    44  }
    45  
    46  func TestXDbl(t *testing.T) {
    47  	var P, A point
    48  	var PaP point
    49  	var expPaP big.Int
    50  
    51  	// points from a Elliptic Curve defined in sage as follows:
    52  	// A = 0x599841D7D1FCD92A85759B7A3D2D5E4C56EFB17F19F86EB70E121EA16305EDE45A55868BE069313F821F7D94069EC220A4AC3B85500376710538246E9B3BC138
    53  	// E = EllipticCurve(GF(p), [0, A, 0, 1, 0])
    54  	// where p is CSIDH's 511-bit prime
    55  
    56  	expPaP.SetString("0x6115B5D8BB613D11BDFEA70D436D87C1515553F6A15061727B4001E0AF745AAA9F39EB9464982829D931F77DAB9D71B24FF0D1D34C347F2A51FD45821F2EA06F", 0)
    57  	P.x = toFp("0x6C5B4D4AB0765AAB23C10F8455BE522D3A5363324D7AD641CC67C0A52FC1FFE9F3F8EDFE641478CA93D4D0016D83F21487FD4AF4E02F8A2C237CF27C5604BCC")
    58  	P.z = toFp("1")
    59  	A.x = toFp("0x599841D7D1FCD92A85759B7A3D2D5E4C56EFB17F19F86EB70E121EA16305EDE45A55868BE069313F821F7D94069EC220A4AC3B85500376710538246E9B3BC138")
    60  	A.z = toFp("1")
    61  
    62  	xDbl(&PaP, &P, &A)
    63  	ret := toNormX(&PaP)
    64  	if ret.Cmp(&expPaP) != 0 {
    65  		t.Errorf("\nExp: %s\nGot: %s", expPaP.Text(16), ret.Text(16))
    66  	}
    67  }
    68  
    69  func TestXDblAddNominal(t *testing.T) {
    70  	var P, Q, PdQ point
    71  	var PaP, PaQ point
    72  	var expPaP, expPaQ big.Int
    73  	var A coeff
    74  
    75  	checkXDblAdd := func() {
    76  		var A24 coeff
    77  
    78  		// A24.a = 2*A.z + A.a
    79  		addRdc(&A24.a, &A.c, &A.c)
    80  		addRdc(&A24.a, &A24.a, &A.a)
    81  		// A24.z = 4*A.z
    82  		mulRdc(&A24.c, &A.c, &four)
    83  
    84  		// Additionally will check if input can be same as output
    85  		PaP = P
    86  		PaQ = Q
    87  
    88  		xDblAdd(&PaP, &PaQ, &PaP, &PaQ, &PdQ, &A24)
    89  		retPaP := toNormX(&PaP)
    90  		retPaQ := toNormX(&PaQ)
    91  		if retPaP.Cmp(&expPaP) != 0 {
    92  			t.Errorf("\nExp: %s\nGot: %s", expPaP.Text(16), retPaP.Text(16))
    93  		}
    94  
    95  		if retPaQ.Cmp(&expPaQ) != 0 {
    96  			t.Errorf("\nExp: %s\nGot: %s", expPaQ.Text(16), retPaQ.Text(16))
    97  		}
    98  	}
    99  
   100  	// 2*P
   101  	expPaP.SetString("0x38F5B37271A3D8FA50107F88045D6F6B08355DD026C02E0306CE5875F47422736AD841B4122B2BD7DE6166BB6498F6A283378FF8250948E834F15CEA2D59A57B", 0)
   102  	// P+Q
   103  	expPaQ.SetString("0x53D9B44C5F61651612243CF7987F619FE6ACB5CF29538F96A63E7278E131F41A17D64388E31B028A5183EF9096AE82724BC34D8DDFD67AD68BD552A33C345B8C", 0)
   104  	P.x = toFp("0x4FE17B4CC66E85960F57033CD45996C99248DA09DF2E36F8840657B52F74ED8173E0D322FA57D7B4D0EE7F12967BBD59140B42F2626E29167D6419E851E5A4C9")
   105  	P.z = toFp("1")
   106  	Q.x = toFp("0x465047949CD6574FDBE00EA365CAF7A95DC9DEBE96A188823CA8C9DD9F527CF81290D49864F61DF0C08C1D6052139230735CA6CFDBDC1A8820610CCD71861176")
   107  	Q.z = toFp("1")
   108  	PdQ.x = toFp("0x49D3B999A0A020B34473568A8F75B5405F2D3BE5A006595015FC6DDC6BED8AB2A51A887B6DC62C64354466865FFD69E50AD37F6F4FBD74119EB65EBC9367B556")
   109  	PdQ.z = toFp("1")
   110  	A.a = toFp("0x118F955D498D902FD42E5B2926F297CC814CD7649EC5B070295622F97C4A0D9BD34058A7E0E00CB73ED32FCC237F9F6B7D2A15F5CC7C4EC61ECEF80ACBB0EFA4")
   111  	A.c = toFp("1")
   112  	checkXDblAdd()
   113  
   114  	// Case P=value, Q=(x=1, z=0). In this case PaQ==P; PaP=2*P
   115  	expPaP.SetString("0x38F5B37271A3D8FA50107F88045D6F6B08355DD026C02E0306CE5875F47422736AD841B4122B2BD7DE6166BB6498F6A283378FF8250948E834F15CEA2D59A57B", 0)
   116  	expPaQ.SetString("0x4FE17B4CC66E85960F57033CD45996C99248DA09DF2E36F8840657B52F74ED8173E0D322FA57D7B4D0EE7F12967BBD59140B42F2626E29167D6419E851E5A4C9", 0)
   117  	P.x = toFp("0x4FE17B4CC66E85960F57033CD45996C99248DA09DF2E36F8840657B52F74ED8173E0D322FA57D7B4D0EE7F12967BBD59140B42F2626E29167D6419E851E5A4C9")
   118  	P.z = toFp("1")
   119  	Q.x = toFp("1")
   120  	Q.z = toFp("0")
   121  	PdQ.x = toFp("0x4FE17B4CC66E85960F57033CD45996C99248DA09DF2E36F8840657B52F74ED8173E0D322FA57D7B4D0EE7F12967BBD59140B42F2626E29167D6419E851E5A4C9")
   122  	PdQ.z = toFp("1")
   123  	A.a = toFp("0x118F955D498D902FD42E5B2926F297CC814CD7649EC5B070295622F97C4A0D9BD34058A7E0E00CB73ED32FCC237F9F6B7D2A15F5CC7C4EC61ECEF80ACBB0EFA4")
   124  	A.c = toFp("1")
   125  	checkXDblAdd()
   126  }
   127  
   128  func TestXDblAddVSxDblxAdd(t *testing.T) {
   129  	var P, Q, PdQ point
   130  	var PaP1, PaQ1 point
   131  	var PaP2, PaQ2 point
   132  	var A point
   133  	var A24 coeff
   134  
   135  	P.x = toFp("0x4FE17B4CC66E85960F57033CD45996C99248DA09DF2E36F8840657B52F74ED8173E0D322FA57D7B4D0EE7F12967BBD59140B42F2626E29167D6419E851E5A4C9")
   136  	P.z = toFp("1")
   137  	Q.x = toFp("0x465047949CD6574FDBE00EA365CAF7A95DC9DEBE96A188823CA8C9DD9F527CF81290D49864F61DF0C08C1D6052139230735CA6CFDBDC1A8820610CCD71861176")
   138  	Q.z = toFp("1")
   139  	PdQ.x = toFp("0x49D3B999A0A020B34473568A8F75B5405F2D3BE5A006595015FC6DDC6BED8AB2A51A887B6DC62C64354466865FFD69E50AD37F6F4FBD74119EB65EBC9367B556")
   140  	PdQ.z = toFp("1")
   141  	A.x = toFp("0x118F955D498D902FD42E5B2926F297CC814CD7649EC5B070295622F97C4A0D9BD34058A7E0E00CB73ED32FCC237F9F6B7D2A15F5CC7C4EC61ECEF80ACBB0EFA4")
   142  	A.z = toFp("1")
   143  
   144  	// Precompute A24 for xDblAdd
   145  	// (A+2C:4C) => (A24.x = A.x+2A.z; A24.z = 4*A.z)
   146  	addRdc(&A24.a, &A.z, &A.z)
   147  	addRdc(&A24.a, &A24.a, &A.x)
   148  	mulRdc(&A24.c, &A.z, &four)
   149  
   150  	for i := 0; i < numIter; i++ {
   151  		xAdd(&PaQ2, &P, &Q, &PdQ)
   152  		xDbl(&PaP2, &P, &A)
   153  		xDblAdd(&PaP1, &PaQ1, &P, &Q, &PdQ, &A24)
   154  
   155  		if !ceqpoint(&PaQ1, &PaQ2) {
   156  			exp := toNormX(&PaQ1)
   157  			got := toNormX(&PaQ2)
   158  			t.Errorf("\nExp: \n\t%s\nGot from xAdd: \n\t%s", exp.Text(16), got.Text(16))
   159  		}
   160  
   161  		if !ceqpoint(&PaP1, &PaP2) {
   162  			exp := toNormX(&PaP1)
   163  			got := toNormX(&PaP2)
   164  			t.Errorf("\nExp: \n\t%s\nGot from xDbl: \n\t%s", exp.Text(16), got.Text(16))
   165  		}
   166  
   167  		// Swap values for next operation
   168  		PdQ = Q
   169  		Q = P
   170  		P = PaP1
   171  	}
   172  }
   173  
   174  func TestXMul(t *testing.T) {
   175  	var P point
   176  	var co coeff
   177  	var expKP big.Int
   178  	var k fp
   179  
   180  	checkXMul := func() {
   181  		var kP point
   182  
   183  		xMul(&kP, &P, &co, &k)
   184  		retKP := toNormX(&kP)
   185  		if expKP.Cmp(&retKP) != 0 {
   186  			t.Errorf("\nExp: %s\nGot: %s", expKP.Text(16), retKP.Text(16))
   187  		}
   188  
   189  		// Check if first and second argument can overlap
   190  		xMul(&P, &P, &co, &k)
   191  		retKP = toNormX(&P)
   192  		if expKP.Cmp(&retKP) != 0 {
   193  			t.Errorf("\nExp: %s\nGot: %s", expKP.Text(16), retKP.Text(16))
   194  		}
   195  	}
   196  
   197  	// Case C=1
   198  	expKP.SetString("0x582B866603E6FBEBD21FE660FB34EF9466FDEC55FFBCE1073134CC557071147821BBAD225E30F7B2B6790B00ED9C39A29AA043F58AF995E440AFB13DA8E6D788", 0)
   199  	P.x = toFp("0x1C5CA539C1D5B52DE4750C390C24C05251E8B1D33E48971FA86F5ADDED2D06C8CD31E94887541468BB2925EBD693C9DDFF5BD9508430F25FE28EE30C0760C0FE")
   200  	P.z = toFp("1")
   201  	co.a = toFp("0x538F785D52996919C8D5C73D842A0249669B5B6BB05338B74EAE8094AE5009A3BA2D73730F527D7403E8184D9B1FA11C0C4C40E7B328A84874A6DBCE99E1DF92")
   202  	co.c = toFp("1")
   203  	k = fp{0x7A36C930A83EFBD5, 0xD0E80041ED0DDF9F, 0x5AA17134F1B8F877, 0x975711EC94168E51, 0xB3CAD962BED4BAC5, 0x3026DFDD7E4F5687, 0xE67F91AB8EC9C3AF, 0x34671D3FD8C317E7}
   204  	checkXMul()
   205  
   206  	// Check if algorithms works correctly with k=1
   207  	expKP.SetString("0x1C5CA539C1D5B52DE4750C390C24C05251E8B1D33E48971FA86F5ADDED2D06C8CD31E94887541468BB2925EBD693C9DDFF5BD9508430F25FE28EE30C0760C0FE", 0)
   208  	P.x = toFp("0x1C5CA539C1D5B52DE4750C390C24C05251E8B1D33E48971FA86F5ADDED2D06C8CD31E94887541468BB2925EBD693C9DDFF5BD9508430F25FE28EE30C0760C0FE")
   209  	P.z = toFp("1")
   210  	co.a = toFp("0x538F785D52996919C8D5C73D842A0249669B5B6BB05338B74EAE8094AE5009A3BA2D73730F527D7403E8184D9B1FA11C0C4C40E7B328A84874A6DBCE99E1DF92")
   211  	co.c = toFp("1")
   212  	k = fp{1, 0, 0, 0, 0, 0, 0, 0}
   213  	checkXMul()
   214  
   215  	// Check if algorithms works correctly with value of k for which few small and high
   216  	// order bits are 0 (test for odd number of cswaps in xMul)
   217  	expKP.SetString("0x1925EDA0928C10F427B4E642E7E1481A670D1249956DED6A2292B9BAB841F6AA86A9F41459400845ED4A5E2531A14165F64FE4E43DBD85321B429C6DAE2E8987", 0)
   218  	P.x = toFp("0x4CE8603817B9BB06515E921AA201D26B31F3CE181D1E18CD5CD704708CCAD47546CEEAB42B98EE67925A5259E0684A0489F574A999DE127F708B849ACAA12A63")
   219  	P.z = toFp("1")
   220  	co.a = toFp("0x538F785D52996919C8D5C73D842A0249669B5B6BB05338B74EAE8094AE5009A3BA2D73730F527D7403E8184D9B1FA11C0C4C40E7B328A84874A6DBCE99E1DF92")
   221  	co.c = toFp("1")
   222  	k = fp{0, 7, 0, 0, 0, 0, 0, 0}
   223  	checkXMul()
   224  
   225  	// Check if algorithms works correctly with value of k for which few small and high
   226  	// order bits are 0 (test for even number of cswaps in xMul)
   227  	expKP.SetString("0x30C02915C5967C3B6EB2196A934ADF38A183E9C7E814B54121F93048A8FC12D5036992FABF8D807581017A4C1F93D07352413F38F6A902FC76A8894FE8D94805", 0)
   228  	P.x = toFp("0x2DDD15ED7C169BE6D9EC02CFE3DC507EC4A7A4D96DE3FAAB9BFCEA1B047807EA301E89830F2FDD0E7E642A85E7ACDE16BAD76DF140F719C4A7AB85153E7D69DC")
   229  	P.z = toFp("1")
   230  	co.a = toFp("0x538F785D52996919C8D5C73D842A0249669B5B6BB05338B74EAE8094AE5009A3BA2D73730F527D7403E8184D9B1FA11C0C4C40E7B328A84874A6DBCE99E1DF92")
   231  	co.c = toFp("1")
   232  	k = fp{0, 15, 0, 0, 0, 0, 0, 0}
   233  	checkXMul()
   234  
   235  	// xMul512 does NOT work correctly for k==0. In such case function will return 2*P. But
   236  	// thanks to that fact we don't need to handle k==0 case, we get some speedup.
   237  	expKP.SetString("0x6115B5D8BB613D11BDFEA70D436D87C1515553F6A15061727B4001E0AF745AAA9F39EB9464982829D931F77DAB9D71B24FF0D1D34C347F2A51FD45821F2EA06F", 0)
   238  	P.x = toFp("0x6C5B4D4AB0765AAB23C10F8455BE522D3A5363324D7AD641CC67C0A52FC1FFE9F3F8EDFE641478CA93D4D0016D83F21487FD4AF4E02F8A2C237CF27C5604BCC")
   239  	P.z = toFp("1")
   240  	co.a = toFp("0x599841D7D1FCD92A85759B7A3D2D5E4C56EFB17F19F86EB70E121EA16305EDE45A55868BE069313F821F7D94069EC220A4AC3B85500376710538246E9B3BC138")
   241  	co.c = toFp("1")
   242  	k = fp{0, 0, 0, 0, 0, 0, 0, 0}
   243  	checkXMul()
   244  }
   245  
   246  func TestMappointHardcoded3(t *testing.T) {
   247  	P := point{
   248  		x: fp{0xca1a2fdec38c669b, 0xf2fe3678ebeb978b, 0xfda3e9a6f0c719d, 0x6f7bffa41772570b, 0x3d90cdd6283dc150, 0x21b55b738eb1ded9, 0x209515d0a9f41dd6, 0x5275cf397d154a12},
   249  		z: fp{0x1fff8309761576e, 0xef239cbeda7c2ba1, 0x6136ae2d76e95873, 0x1f8f6ac909570cec, 0x780fdf0cc7d676d8, 0x548098fe92ed04e1, 0xb39da564701ef35d, 0x5fec19626df41306},
   250  	}
   251  	A := coeff{
   252  		a: fp{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   253  		c: fp{0xc8fc8df598726f0a, 0x7b1bc81750a6af95, 0x5d319e67c1e961b4, 0xb0aa7275301955f1, 0x4a080672d9ba6c64, 0x97a5ef8a246ee77b, 0x6ea9e5d4383676a, 0x3496e2e117e0ec80},
   254  	}
   255  	K := point{
   256  		x: fp{0x597616608e291c6f, 0xd14230b008736798, 0xa63099b1ace67e6e, 0xe37c13afd768bcfa, 0xc6ef718894f08135, 0x53a4fd09091f3522, 0xc9a1f9f670645fe1, 0x628c4a8efd83e5f0},
   257  		z: fp{0x8f18a654312ac1ad, 0xbc20a9b2472785c9, 0xdaf97c29bbf9e492, 0xf91a8c799e2f6119, 0xc8dc675cc8e528e6, 0x9a7b2c2f0df95171, 0x85629cd38cdd9fdb, 0x656d5253d3fd1a6e},
   258  	}
   259  	var k uint64 = 3
   260  
   261  	expA := coeff{
   262  		a: fp{0x6fa92a66e77cfc1, 0x9efbfb7118f1832c, 0x441894cc5d1d24ae, 0x5a2f0fafa26761de, 0x8095c36d3a20a78a, 0xb22be0023612a135, 0x5eb844d06ef0f430, 0x52e53309d1c90cf8},
   263  		c: fp{0x98173d5664a23e5c, 0xd8fe1c6306bbc11a, 0xa774fbc502648059, 0x766a0d839aa62c83, 0x4b074f9b93d1633d, 0xf306019dbf87f505, 0x77c720ca059234b0, 0x3d47ab65269c5908},
   264  	}
   265  	expP := point{
   266  		x: fp{0x91aba9b39f280495, 0xfbd8ea69d2990aeb, 0xb03e1b8ed7fe3dba, 0x3d30a41499f08998, 0xb15a42630de9c606, 0xa7dd487fef16f5c8, 0x8673948afed8e968, 0x57ecc8710004cd4d},
   267  		z: fp{0xce8819869a942526, 0xb98ca2ff79ef8969, 0xd49c9703743a1812, 0x21dbb090f9152e03, 0xbabdcac831b1adea, 0x8cee90762baa2ddd, 0xa0dd2ddcef809d96, 0x1de2a8887a32f19b},
   268  	}
   269  	xIso(&P, &A, &K, k)
   270  	if !eqFp(&P.x, &expP.x) || !eqFp(&P.z, &expP.z) {
   271  		normP := toNormX(&P)
   272  		normPExp := toNormX(&expP)
   273  		t.Errorf("P != expP [\n %s != %s\n]", normP.Text(16), normPExp.Text(16))
   274  	}
   275  	if !eqFp(&A.a, &expA.a) || !eqFp(&A.c, &expA.c) {
   276  		t.Errorf("A != expA %X %X", A.a[0], expA.a[0])
   277  	}
   278  }
   279  
   280  func TestMappointHardcoded5(t *testing.T) {
   281  	P := point{
   282  		x: fp{0xca1a2fdec38c669b, 0xf2fe3678ebeb978b, 0xfda3e9a6f0c719d, 0x6f7bffa41772570b, 0x3d90cdd6283dc150, 0x21b55b738eb1ded9, 0x209515d0a9f41dd6, 0x5275cf397d154a12},
   283  		z: fp{0x1fff8309761576e, 0xef239cbeda7c2ba1, 0x6136ae2d76e95873, 0x1f8f6ac909570cec, 0x780fdf0cc7d676d8, 0x548098fe92ed04e1, 0xb39da564701ef35d, 0x5fec19626df41306},
   284  	}
   285  	A := coeff{
   286  		a: fp{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
   287  		c: fp{0xc8fc8df598726f0a, 0x7b1bc81750a6af95, 0x5d319e67c1e961b4, 0xb0aa7275301955f1, 0x4a080672d9ba6c64, 0x97a5ef8a246ee77b, 0x6ea9e5d4383676a, 0x3496e2e117e0ec80},
   288  	}
   289  	K := point{
   290  		x: fp{0x597616608e291c6f, 0xd14230b008736798, 0xa63099b1ace67e6e, 0xe37c13afd768bcfa, 0xc6ef718894f08135, 0x53a4fd09091f3522, 0xc9a1f9f670645fe1, 0x628c4a8efd83e5f0},
   291  		z: fp{0x8f18a654312ac1ad, 0xbc20a9b2472785c9, 0xdaf97c29bbf9e492, 0xf91a8c799e2f6119, 0xc8dc675cc8e528e6, 0x9a7b2c2f0df95171, 0x85629cd38cdd9fdb, 0x656d5253d3fd1a6e},
   292  	}
   293  	var k uint64 = 5
   294  
   295  	expA := coeff{
   296  		a: fp{0x32076f58298ed474, 0x5094a1fc8696d307, 0x82e510594157944a, 0xb60ce760f88c83a9, 0xae8a28c325186983, 0xe31d2446a4ad2f18, 0xb266c612b5f141c1, 0x64283e618db5a705},
   297  		c: fp{0x4472b49b65272190, 0x2bd5919309778f56, 0x6132753691fe016c, 0x8f654849c09e6d34, 0xfa208dd9aea1ef12, 0xf7df0dd10071411a, 0x75afb7860500922c, 0x52fb7d34b129fb65},
   298  	}
   299  	expP := point{
   300  		x: fp{0x3b75fc94b2a6df2d, 0x96d53dc9b0e867a0, 0x22e87202421d274e, 0x30a361440697ee1a, 0x8b52ee078bdbddcd, 0x64425d500e6b934d, 0xf47d1f568f6df391, 0x5d9d3607431395ab},
   301  		z: fp{0x746e02dafa040976, 0xcd408f2cddbf3a8e, 0xf643354e0e13a93f, 0x7c39ed96ce9a5e29, 0xfcdf26f1a1a550ca, 0x2fc8aafc4ca0a559, 0x5d204a2b14cf19ba, 0xbd2c3406762f05d},
   302  	}
   303  
   304  	xIso(&P, &A, &K, k)
   305  	if !eqFp(&P.x, &expP.x) || !eqFp(&P.z, &expP.z) {
   306  		normP := toNormX(&P)
   307  		normPExp := toNormX(&expP)
   308  		t.Errorf("P != expP [\n %s != %s\n]", normP.Text(16), normPExp.Text(16))
   309  	}
   310  	if !eqFp(&A.a, &expA.a) || !eqFp(&A.c, &expA.c) {
   311  		t.Errorf("A != expA %X %X", A.a[0], expA.a[0])
   312  	}
   313  }
   314  
   315  func BenchmarkXMul(b *testing.B) {
   316  	var kP, P point
   317  	var co coeff
   318  	var expKP big.Int
   319  	var k fp
   320  
   321  	// Case C=1
   322  	expKP.SetString("0x582B866603E6FBEBD21FE660FB34EF9466FDEC55FFBCE1073134CC557071147821BBAD225E30F7B2B6790B00ED9C39A29AA043F58AF995E440AFB13DA8E6D788", 0)
   323  	P.x = toFp("0x1C5CA539C1D5B52DE4750C390C24C05251E8B1D33E48971FA86F5ADDED2D06C8CD31E94887541468BB2925EBD693C9DDFF5BD9508430F25FE28EE30C0760C0FE")
   324  	P.z = toFp("1")
   325  	co.a = toFp("0x538F785D52996919C8D5C73D842A0249669B5B6BB05338B74EAE8094AE5009A3BA2D73730F527D7403E8184D9B1FA11C0C4C40E7B328A84874A6DBCE99E1DF92")
   326  	co.c = toFp("1")
   327  	k = fp{0x7A36C930A83EFBD5, 0xD0E80041ED0DDF9F, 0x5AA17134F1B8F877, 0x975711EC94168E51, 0xB3CAD962BED4BAC5, 0x3026DFDD7E4F5687, 0xE67F91AB8EC9C3AF, 0x34671D3FD8C317E7}
   328  
   329  	for n := 0; n < b.N; n++ {
   330  		xMul(&kP, &P, &co, &k)
   331  	}
   332  }
   333  
   334  func BenchmarkXAdd(b *testing.B) {
   335  	var P, Q, PdQ point
   336  	var PaQ point
   337  
   338  	P.x = toFp("0x5840FD8E0165F7F474260F99337461AF195233F791FABE735EC2634B74A95559568B4CEB23959C8A01C5C57E215D22639868ED840D74FE2BAC04830CF75047AD")
   339  	P.z = toFp("1")
   340  	Q.x = toFp("0x3C1A003C71436698B4A181CEB12BA4B4D1FF7BB14AAAF6FBDA6957C4EBA20AD8E3893DF6F64E67E81163E024C19C7E975F3EC61862F75502C3ED802370E75A3F")
   341  	Q.z = toFp("1")
   342  	PdQ.x = toFp("0x519B1928F752B0B2143C1C23EB247B370DBB5B9C29B9A3A064D7FBC1B67FAC34B6D3DDA0F3CB87C387B425B36F31B93A8E73252BA701927B767A9DE89D5A92AE")
   343  	PdQ.z = toFp("1")
   344  
   345  	for n := 0; n < b.N; n++ {
   346  		xAdd(&PaQ, &P, &Q, &PdQ)
   347  	}
   348  }
   349  
   350  func BenchmarkXDbl(b *testing.B) {
   351  	var P, A point
   352  	var PaP point
   353  
   354  	P.x = toFp("0x6C5B4D4AB0765AAB23C10F8455BE522D3A5363324D7AD641CC67C0A52FC1FFE9F3F8EDFE641478CA93D4D0016D83F21487FD4AF4E02F8A2C237CF27C5604BCC")
   355  	P.z = toFp("1")
   356  	A.x = toFp("0x599841D7D1FCD92A85759B7A3D2D5E4C56EFB17F19F86EB70E121EA16305EDE45A55868BE069313F821F7D94069EC220A4AC3B85500376710538246E9B3BC138")
   357  	A.z = toFp("1")
   358  
   359  	for n := 0; n < b.N; n++ {
   360  		xDbl(&PaP, &P, &A)
   361  	}
   362  }
   363  
   364  func BenchmarkIsom(b *testing.B) {
   365  	var P, kern point
   366  	var expPhiP big.Int
   367  	var co coeff
   368  	k := uint64(2)
   369  
   370  	expPhiP.SetString("0x5FEBD68F795F9AEB732ECF0D1507904922F2B0736704E0751EF242B4E191E6F630D83778B5E5681161FD071CDEF7DF4C3A41D0ECEB30E90B119C5BF86C5AB51A", 0)
   371  	P.x = toFp("0x5FD8D226C228FD6AA3CCDCAB931C5D3AA000A46B47041F59D9724E517594F696D38F2CB45C987ACF68BB1057D8D518F926D8F55171F337D05354E0022BC66B23")
   372  	P.z = toFp("1")
   373  	co.a = toFp("0x9E8DBC4914E3C4F080592642DD0B08B9564AB3ADF75EE9B58A685443BA6E39A1ACD1201B7F034077AF344123880AF9D8C77575E6E782E00186881ECE8B87CA3")
   374  	co.c = toFp("1")
   375  	kern.x = toFp("0x594F77A49EABBF2A12025BC00E1DBC119CDA674B9FE8A00791724B42FEB7D225C4C9940B01B09B8F00B30B0E961212FB63E42614814E38EC9E5E5B0FEBF98C58")
   376  	kern.z = toFp("1")
   377  
   378  	for n := 0; n < b.N; n++ {
   379  		xIso(&P, &co, &kern, k)
   380  	}
   381  }
   382  

View as plain text