public static void ge_p3_to_cached(ge_cached r,ge_p3 p) { fe_add.fe_add(r.YplusX,p.Y,p.X); fe_sub.fe_sub(r.YminusX,p.Y,p.X); fe_copy.fe_copy(r.Z,p.Z); fe_mul.fe_mul(r.T2d,p.T,d2); }
fe_1.fe_1(h.Z); fe_sq.fe_sq(u,h.Y); fe_mul.fe_mul(v,u,d); fe_mul.fe_mul(v3,v3,v); /* v3 = v^3 */ fe_sq.fe_sq(h.X,v3); fe_mul.fe_mul(h.X,h.X,v); fe_mul.fe_mul(h.X,h.X,u); /* x = uv^7 */ fe_mul.fe_mul(h.X,h.X,v3); fe_mul.fe_mul(h.X,h.X,u); /* x = uv^3(uv^7)^((q-5)/8) */ fe_mul.fe_mul(vxx,vxx,v); fe_mul.fe_mul(h.X,h.X,sqrtm1); fe_mul.fe_mul(h.T,h.X,h.Y); return 0;
fe_1.fe_1(h.Z); fe_sq.fe_sq(u,h.Y); fe_mul.fe_mul(v,u,d); fe_mul.fe_mul(v3,v3,v); /* v3 = v^3 */ fe_sq.fe_sq(h.X,v3); fe_mul.fe_mul(h.X,h.X,v); fe_mul.fe_mul(h.X,h.X,u); /* x = uv^7 */ fe_mul.fe_mul(h.X,h.X,v3); fe_mul.fe_mul(h.X,h.X,u); /* x = uv^3(uv^7)^((q-5)/8) */ fe_mul.fe_mul(vxx,vxx,v); fe_mul.fe_mul(h.X,h.X,sqrtm1); fe_mul.fe_mul(h.T,h.X,h.Y); return 0;
fe_add.fe_add(mont_x_plus_one, mont_x, one); fe_invert.fe_invert(inv_mont_x_plus_one, mont_x_plus_one); fe_mul.fe_mul(ed_y, mont_x_minus_one, inv_mont_x_plus_one); fe_tobytes.fe_tobytes(ed_pubkey, ed_y);
public static void curve25519_keygen(byte[] curve25519_pubkey_out, byte[] curve25519_privkey_in) { ge_p3 ed = new ge_p3(); /* Ed25519 pubkey point */ int[] ed_y_plus_one = new int[10]; int[] one_minus_ed_y = new int[10]; int[] inv_one_minus_ed_y = new int[10]; int[] mont_x = new int[10]; /* Perform a fixed-base multiplication of the Edwards base point, (which is efficient due to precalculated tables), then convert to the Curve25519 montgomery-format public key. In particular, convert Curve25519's "montgomery" x-coordinate into an Ed25519 "edwards" y-coordinate: mont_x = (ed_y + 1) / (1 - ed_y) with projective coordinates: mont_x = (ed_y + ed_z) / (ed_z - ed_y) NOTE: ed_y=1 is converted to mont_x=0 since fe_invert is mod-exp */ ge_scalarmult_base.ge_scalarmult_base(ed, curve25519_privkey_in); fe_add.fe_add(ed_y_plus_one, ed.Y, ed.Z); fe_sub.fe_sub(one_minus_ed_y, ed.Z, ed.Y); fe_invert.fe_invert(inv_one_minus_ed_y, one_minus_ed_y); fe_mul.fe_mul(mont_x, ed_y_plus_one, inv_one_minus_ed_y); fe_tobytes.fe_tobytes(curve25519_pubkey_out, mont_x); }