Refactor API for RHS.

relic-toolkit · Mar 30, 2024 · 856a097 · 856a097
1 parent 59a448a
commit 856a097
Show file tree

Hide file tree

Showing 8 changed files with 45 additions and 60 deletions.
diff --git a/bench/bench_eb.c b/bench/bench_eb.c
@@ -116,7 +116,7 @@ static void util(void) {
 
 	BENCH_RUN("eb_rhs") {
 		eb_rand(p);
-		BENCH_ADD(eb_rhs(q->x, p));
+		BENCH_ADD(eb_rhs(q->x, p->x));
 	} BENCH_END;
 
 	BENCH_RUN("eb_tab (4)") {

diff --git a/bench/bench_ed.c b/bench/bench_ed.c
@@ -116,7 +116,7 @@ static void util(void) {
 
 	BENCH_RUN("ed_rhs") {
 		ed_rand(p);
-		BENCH_ADD(ed_rhs(q->x, p));
+		BENCH_ADD(ed_rhs(q->x, p->x));
 	} BENCH_END;
 
 	BENCH_RUN("ed_tab (4)") {

diff --git a/include/relic_eb.h b/include/relic_eb.h
@@ -511,13 +511,13 @@ void eb_rand(eb_t p);
 void eb_blind(eb_t r, const eb_t p);
 
 /**
- * Computes the right-hand side of the elliptic curve equation at a certain
- * elliptic curve point.
+ * Computes the right-hand side of the elliptic curve equation at the
+ * x-coordinate of a certain binary elliptic curve point.
  *
  * @param[out] rhs			- the result.
- * @param[in] p				- the point.
+ * @param[in] x				- the x-coordinate of the point.
  */
-void eb_rhs(fb_t rhs, const eb_t p);
+void eb_rhs(fb_t rhs, const fb_t p);
 
 /** Tests if a point is in the curve.
  *

diff --git a/include/relic_ed.h b/include/relic_ed.h
@@ -321,13 +321,13 @@ void ed_rand(ed_t p);
 void ed_blind(ed_t r, const ed_t p);
 
 /**
- * Computes the right-hand side of the elliptic curve equation at a certain
- * Edwards elliptic curve point.
+ * Computes the right-hand side of the elliptic curve equation at the
+ * x-coordinate of a certain Edwards elliptic curve point.
  *
  * @param[out] rhs			- the result.
- * @param[in] p				- the point.
+ * @param[in] x				- the x-coordinate of the point.
  */
-void ed_rhs(fp_t rhs, const ed_t p);
+void ed_rhs(fp_t rhs, const fp_t p);
 
 /**
  * Copies the second argument to the first argument.

diff --git a/src/eb/relic_eb_map.c b/src/eb/relic_eb_map.c
@@ -58,7 +58,7 @@ void eb_map(eb_t p, const uint8_t *msg, size_t len) {
 		while (1) {
 			dv_copy(p->x, k->dp, RLC_FB_DIGS);
 
-			eb_rhs(t1, p);
+			eb_rhs(t1, p->x);
 
 			/* t0 = 1/x1^2. */
 			fb_sqr(t0, p->x);

diff --git a/src/eb/relic_eb_pck.c b/src/eb/relic_eb_pck.c
@@ -63,7 +63,7 @@ int eb_upk(eb_t r, const eb_t p) {
 		fb_new(t0);
 		fb_new(t1);
 
-		eb_rhs(t1, p);
+		eb_rhs(t1, p->x);
 
 		fb_sqr(t0, p->x);
 		/* t0 = 1/x1^2. */

diff --git a/src/eb/relic_eb_util.c b/src/eb/relic_eb_util.c
@@ -78,7 +78,7 @@ void eb_rand(eb_t p) {
 	}
 }
 
-void eb_rhs(fb_t rhs, const eb_t p) {
+void eb_rhs(fb_t rhs, const fb_t x) {
 	fb_t t0, t1;
 
 	fb_null(t0);
@@ -89,9 +89,9 @@ void eb_rhs(fb_t rhs, const eb_t p) {
 		fb_new(t1);
 
 		/* t0 = x1^2. */
-		fb_sqr(t0, p->x);
+		fb_sqr(t0, x);
 		/* t1 = x1^3. */
-		fb_mul(t1, t0, p->x);
+		fb_mul(t1, t0, x);
 
 		/* t1 = x1^3 + a * x1^2 + b. */
 		switch (eb_curve_opt_a()) {
@@ -171,7 +171,7 @@ int eb_on_curve(const eb_t p) {
 		eb_norm(t, p);
 
 		fb_mul(lhs, t->x, t->y);
-		eb_rhs(t->x, t);
+		eb_rhs(t->x, t->x);
 		fb_sqr(t->y, t->y);
 		fb_add(lhs, lhs, t->y);
 		r = (fb_cmp(lhs, t->x) == RLC_EQ) || eb_is_infty(p);

diff --git a/src/ed/relic_ed_util.c b/src/ed/relic_ed_util.c
@@ -128,61 +128,46 @@ void ed_blind(ed_t r, const ed_t p) {
 	}
 }
 
-void ed_rhs(fp_t rhs, const ed_t p) {
-	fp_t t0, t1;
-
-	fp_null(t0);
-	fp_null(t1);
-
-	RLC_TRY {
-		fp_new(t0);
-		fp_new(t1);
-
-		// 1 = a * X^2 + Y^2 - d * X^2 * Y^2
-		fp_sqr(t0, p->x);
-		fp_mul(t0, t0, core_get()->ed_a);
-		fp_sqr(t1, p->y);
-		fp_add(t1, t1, t0);
-		fp_mul(t0, p->x, p->y);
-		fp_sqr(t0, t0);
-		fp_mul(t0, t0, core_get()->ed_d);
-		fp_sub(rhs, t1, t0);
-	} RLC_CATCH_ANY {
-		RLC_THROW(ERR_CAUGHT);
-	} RLC_FINALLY {
-		fp_free(t0);
-		fp_free(t1);
-	}
+void ed_rhs(fp_t rhs, const fp_t x) {
+	/* y^2 * (d * x^2 - 1) = 1a * x^2 - 1. */
+	fp_sqr(rhs, x);
+	fp_mul(rhs, rhs, core_get()->ed_a);
+	fp_sub_dig(rhs, rhs, 1);
 }
 
 int ed_on_curve(const ed_t p) {
 	ed_t t;
-	int r = 0;
+	int r = 1;
 
 	ed_null(t);
 
 	if (fp_is_zero(p->z)) {
-		r = 0;
-	} else {
-		RLC_TRY {
-			ed_new(t);
-			ed_norm(t, p);
+		return 0;
+	}
+
+	RLC_TRY {
+		ed_new(t);
+		ed_norm(t, p);
 
-			ed_rhs(t->z, t);
+		/* Compute y^2 * (d * x^2 - 1) */
 #if ED_ADD == EXTND
-			fp_mul(t->y, t->x, t->y);
-			r = ((fp_cmp_dig(t->z, 1) == RLC_EQ) &&
-					(fp_cmp(t->y, t->t) == RLC_EQ)) || ed_is_infty(p);
-#else
-			r = (fp_cmp_dig(t->z, 1) == RLC_EQ) || ed_is_infty(p);
+		fp_mul(t->z, t->x, t->y);
+		r &= (fp_cmp(t->z, t->t) == RLC_EQ);
 #endif
-		}
-		RLC_CATCH_ANY {
-			RLC_THROW(ERR_CAUGHT);
-		}
-		RLC_FINALLY {
-			ed_free(t);
-		}
+		fp_sqr(t->z, t->y);
+		fp_sqr(t->t, t->x);
+		fp_mul(t->t, t->t, core_get()->ed_d);
+		fp_sub_dig(t->t, t->t, 1);
+		fp_mul(t->t, t->t, t->z);
+		ed_rhs(t->z, t->x);
+		r &= (fp_cmp(t->t, t->z) == RLC_EQ);
+		r |= ed_is_infty(p);
+	}
+	RLC_CATCH_ANY {
+		RLC_THROW(ERR_CAUGHT);
+	}
+	RLC_FINALLY {
+		ed_free(t);
 	}
 	return r;
 }