.

2024-02-01 17:26:46 +02:00 · 2024-02-01 17:26:46 +02:00 · 70b037bf1c
commit 70b037bf1c
parent 4d76ef7d43
4 changed files with 1614 additions and 49 deletions
--- a/ed25519.l
+++ b/ed25519.l
@ -20,13 +20,25 @@
               (link (swap 'E (/ E 2)))
               (gt0 E) ) ) ) ) )
 (de expmod (B E M)
   (println 'B B 'E E 'M M)
   (let R 1
      (for I (steps E)
         (and
            (setq R (modulo (* R R) M))
            (bit? 1 I)
            (setq R (modulo (* R B) M)) ) )
      (println 'R R)
      R ) )
 (de expmod- (B E M)
   (if (=0 E)
      1
      (let R
         (%
            (** (expmod- B (/ E 2) M) 2)
            M )
         (when (bit? 1 E)
            (setq R (% (* R B) M)) )
         R ) ) )
 (de inv (X)
   (expmod X (- *Q 2) *Q) )
 (de xrecover (Y)
@ -41,7 +53,6 @@
         (n0 (% X 2))
         (setq X (- *Q X)) )
      X ) )
 (setq *S (0 -1 -2 -3 -4 -5 -6 -7 .))
 (setq *B 256)
 (setq *Q `(- (** 2 255) 19))
@ -53,7 +64,6 @@
   (cons
      (% (xrecover *By) *Q)
      (% *By *Q) ) )
 (de edwards (P Q)
   (let
      (X1 (car P)
@ -71,17 +81,22 @@
               (+ (* Y1 Y2) (* X1 X2))
               (inv (- 1 (* *D X1 X2 Y1 Y2))) )
            *Q ) ) ) )
-(de scalarmult (P E)
+(de scalarmult-OLD (P E)
   (println 'sc 'P P 'E E)
   (let Q (cons 0 1)
      (for I (steps E)
         (and
            (setq Q (edwards Q Q))
            (bit? 1 I)
            (setq Q (edwards Q P)) ) )
      # (wait 1000)
      (println 'Q Q)
      Q ) )
 (de scalarmult (P E)
   (if (=0 E)
      (cons 0 1)
      (let Q (scalarmult P (/ E 2))
         (setq Q (edwards Q Q))
         (when (bit? 1 E)
            (setq Q (edwards Q P)) )
         Q ) ) )
 (de isoncurve (P)
   (let
      (X (car P)
@ -95,7 +110,6 @@
               1
               (* *D XX YY) )
            *Q ) ) ) )
 (de bits (Y B)
   (make
      (for (I 0 (> B I) (inc I))
@ -181,9 +195,25 @@
               M ) ) )
      (= (scalarmult *Bxy S) (edwards R (scalarmult A H))) ) )
-(println
+#{
-   (edwards (0 . 1) (1234567890 . 0)) )
+   OLD
-(msg 'ok)
+   (need 32 0)
   (59 106 39 188 206 182 164 45 98 163 168 208 42 111 13 115 101 50 21 119 29 226 67 166 58 192 72 161 139 89 218 41)
 }#
 #{
   (publickey (157 97 177 157 239 253 90 96 186 132 74 244 146 236 44 196 68 73 197 105 123 50 105 25 112 59 172 3 28 174 127 96)
   OLD
   (215 90 152 1 130 177 10 183 213 75 254 211 201 100 7 58 14 225 114 243 218 166 35 37 175 2 26 104 247 7 81 26)
   NEW
   (215 90 152 1 130 177 10 183 213 75 254 211 201 100 7 58 14 225 114 243 218 166 35 37 175 2 26 104 247 7 81 154)
 }#
 (println (publickey (157 97 177 157 239 253 90 96 186 132 74 244 146 236 44 196 68 73 197 105 123 50 105 25 112 59 172 3 28 174 127 96)))
 (bye)
--- a/expmod.l
+++ b/expmod.l
@ -13,6 +13,45 @@ M 57896044618658097711785492504343953926634992332820282019728792003956564819949
 R 37095705934669439343138083508754565189542113879843219016388785533085940283556
 }#
 (de modulo (X Y)
   (% (+ Y (% X Y)) Y) )
 (de expmod (B E M)
   (if (=0 E)
      1
      (let R
         (%
            (** (expmod B (/ E 2) M) 2)
            M )
         (when (bit? 1 E)
            (setq R (% (* R B) M)) )
         R ) ) )
 (de inv (X)
   (expmod X (- *Q 2) *Q) )
 (de xrecover (Y)
   (let
      (YY (* Y Y)
         XX (* (dec YY) (inv (inc (* *D YY))))
         X (expmod XX (/ (+ *Q 3) 8) *Q) )
      (and
         (n0 (% (- (* X X) XX) *Q))
         (setq X (% (* *I X) *Q)) )
      (and
         (n0 (% X 2))
         (setq X (- *Q X)) )
      X ) )
 (setq *S (0 -1 -2 -3 -4 -5 -6 -7 .))
 (setq *B 256)
 (setq *Q `(- (** 2 255) 19))
 (setq *L `(+ (** 2 252) 27742317777372353535851937790883648493))
 (setq *D `(* -121665 (inv 121666)))
 (setq *I `(expmod 2 (/ (dec *Q) 4) *Q))
 (setq *By `(* 4 (inv 5)))
 (setq *Bxy
   (cons
      (% (xrecover *By) *Q)
      (% *By *Q) ) )
 (de steps (E)
   (flip
      (make
@ -28,34 +67,6 @@ R 37095705934669439343138083508754565189542113879843219016388785533085940283556
            (bit? 1 I)
            (setq R (modulo (* R B) M)) ) )
      R ) )
 (de expmod-NEW (B E M)
   (if (=0 E)
      1
      (let R
         (%
            (** (expmod-NEW B (/ E 2) M) 2)
            M )
         (when (bit? 1 E)
            (setq R (% (* R B) M)) )
         R ) ) )
 (println 'expmod-NEW)
 (bench
   (do 100
      (test
         37095705934669439343138083508754565189542113879843219016388785533085940283556
         (expmod-NEW
            121666
            57896044618658097711785492504343953926634992332820282019728792003956564819947
            57896044618658097711785492504343953926634992332820282019728792003956564819949 ) ) ) )
 (println 'expmod-OLD)
 (bench
   (do 100
      (test
         37095705934669439343138083508754565189542113879843219016388785533085940283556
         (expmod-NEW
            121666
            57896044618658097711785492504343953926634992332820282019728792003956564819947
            57896044618658097711785492504343953926634992332820282019728792003956564819949 ) ) ) )
--- a/findme.dat
+++ b/findme.dat
--- a/scalarmult.l
+++ b/scalarmult.l
@ -58,12 +58,12 @@ Q (38815646466658113194383306759739515082307681141926459231621296960732224964046
         (%
            (*
               (+ (* X1 Y2) (* X2 Y1))
-               (inv (inc (* X1 X2 Y1 Y2))) )
+               (inv (inc (* *D X1 X2 Y1 Y2))) )
            *Q )
         (%
            (*
               (+ (* Y1 Y2) (* X1 X2))
-               (inv (- 1 (* X1 X2 Y1 Y2))) )
+               (inv (- 1 (* *D X1 X2 Y1 Y2))) )
            *Q ) ) ) )
 #{
   def scalarmult(P,e):
@ -81,20 +81,54 @@ Q (38815646466658113194383306759739515082307681141926459231621296960732224964046
         (when (bit? 1 E)
            (setq Q (edwards Q P)) )
         Q ) ) )
-
+(de edwards-OLD (P Q)
-# (test
+   (let
-   # 25284030307275072399323765781911808870808430628110464498231579031341677944106
+      (X1 (car P)
-   # (inv 123456) )
+         Y1 (cdr P)
-(println
+         X2 (car Q)
         Y2 (cdr Q) )
      (cons
         (%
            (*
               (+ (* X1 Y2) (* X2 Y1))
               (inv (inc (* *D X1 X2 Y1 Y2))) )
            *Q )
         (%
            (*
               (+ (* Y1 Y2) (* X1 X2))
               (inv (- 1 (* *D X1 X2 Y1 Y2))) )
            *Q ) ) ) )
 (de steps (E)
   (flip
      (make
         (while
            (and
               (link (swap 'E (/ E 2)))
               (gt0 E) ) ) ) ) )
 (de scalarmult-OLD (P E)
   (let Q (cons 0 1)
      (for I (steps E)
         (and
            (setq Q (edwards-OLD Q Q))
            (bit? 1 I)
            (setq Q (edwards-OLD Q P)) ) )
      Q ) )
 (test
   25284030307275072399323765781911808870808430628110464498231579031341677944106
   (inv 123456) )
 (test
   (edwards-OLD (cons 0 1) (cons 0 1))
   (edwards (cons 0 1) (cons 0 1)) )
 # (trace 'scalarmult)
-(println
+(test
   (scalarmult-OLD
      (cons 15112221349535400772501151409588531511454012693041857206046113283949847762202 46316835694926478169428394003475163141307993866256225615783033603165251855960)
      36144925721603087658594284515452164870581325872720374094707712194495455132720 )
   (scalarmult
-      (15112221349535400772501151409588531511454012693041857206046113283949847762202 . 46316835694926478169428394003475163141307993866256225615783033603165251855960)
+      (cons 15112221349535400772501151409588531511454012693041857206046113283949847762202 46316835694926478169428394003475163141307993866256225615783033603165251855960)
      36144925721603087658594284515452164870581325872720374094707712194495455132720 ) )
 (msg 'ok)
 (bye)