explain map tau_T

cloudflare · Jun 3, 2022 · 9ca8a3e · 9ca8a3e
1 parent 6d3b409
commit 9ca8a3e
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 28 deletions.
diff --git a/dh/sidh/internal/p434/curve_test.go b/dh/sidh/internal/p434/curve_test.go
diff --git a/dh/sidh/internal/p503/curve_test.go b/dh/sidh/internal/p503/curve_test.go
diff --git a/dh/sidh/internal/p751/curve_test.go b/dh/sidh/internal/p751/curve_test.go
diff --git a/dh/sidh/internal/templates/curve_test.gotemp b/dh/sidh/internal/templates/curve_test.gotemp
@@ -132,7 +132,7 @@ func xDbl(xP *ProjectivePoint, params *CurveCoefficientsEquiv) {
 // Output: x([scalar]P), z([scalar]P)
 func montgomeryLadder(cparams *ProjectiveCurveParameters, P *ProjectivePoint, scalar []uint8, random uint) ProjectivePoint {
 	var R0, R2, R1 ProjectivePoint
-    coefEq := CalcCurveParamsEquiv4(cparams) // for xDbl
+	coefEq := CalcCurveParamsEquiv4(cparams) // for xDbl
 	aPlus2Over4 := CalcAplus2Over4(cparams)	 // for xDblAdd
 	R0 = *P					 // RO <- P
 	R1 = *P; xDbl(&R1, &coefEq)		 // R1 <- [2]P
@@ -151,6 +151,8 @@ func montgomeryLadder(cparams *ProjectiveCurveParameters, P *ProjectivePoint, sc
 }
 
 // P = P + T
+// From paper https://eprint.iacr.org/2017/212.pdf
+// The map tau_T: P->P+T is (X : Z) -> (Z : X) on Montgomery curves
 func tauT(P *ProjectivePoint) {
 	P.X, P.Z = P.Z, P.X	// magic!
 }
@@ -172,10 +174,10 @@ func testInvalidPKNoneLinear(t *testing.T) {
 	var P, Q ProjectivePoint
 
 	rand.Seed(time.Now().UnixNano())
-    random_index := rand.Intn(int(params.B.SecretByteLen-1)*8)
+	random_index := rand.Intn(int(params.B.SecretByteLen-1)*8)
 
 	// Set P as a point of order 3^e3
-    P = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
+	P = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
 
 	// Set Q = [k]P, where k = secret[:random_index]
 	Q = montgomeryLadder(&params.InitCurve, &P, secret, uint(random_index))
@@ -240,10 +242,10 @@ func testInvalidPKT(t *testing.T) {
 	var P, Q ProjectivePoint
 
 	rand.Seed(time.Now().UnixNano())
-    random_index := rand.Intn(int(params.B.SecretByteLen-1)*8)
+	random_index := rand.Intn(int(params.B.SecretByteLen-1)*8)
 
 	// Set P as a point of order 3^e3
-    P = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
+	P = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
 
 	// Set Q = [k]P, where k = secret[:random_index] 
 	Q = montgomeryLadder(&params.InitCurve, &P, secret, uint(random_index))
@@ -290,7 +292,7 @@ func testInvalidPKOrder2(t *testing.T) {
 	Q = ProjectivePoint{X: params.A.AffineQ, Z: params.OneFp2}
 
 	rand.Seed(time.Now().UnixNano())
-    random_index_p := rand.Intn(int(params.A.SecretByteLen-1)*8)
+	random_index_p := rand.Intn(int(params.A.SecretByteLen-1)*8)
 	random_index_q := rand.Intn(int(params.A.SecretByteLen-1)*8)
 
 	P = montgomeryLadder(&params.InitCurve, &P, secret, uint(random_index_p))
@@ -335,7 +337,7 @@ func testInvalidPKFullOrder(t *testing.T) {
 	e3 = uint32(e3_float)
 
 	rand.Seed(time.Now().UnixNano())
-    random_index_p := rand.Intn(int(e3))
+	random_index_p := rand.Intn(int(e3))
 	random_index_q := rand.Intn(int(e3))
 
 	cparam_q := CalcCurveParamsEquiv3(&params.InitCurve)