Loading...
Searching...
No Matches
ed25519-donna-batchverify.h File Reference
Go to the source code of this file.
Classes | |
| struct | batch_heap_t |
Macros | |
| #define | max_batch_size 64 |
| #define | heap_batch_size ((max_batch_size * 2) + 1) |
Typedefs | |
| typedef size_t | heap_index_t |
| typedef struct batch_heap_t | batch_heap |
Functions | |
| int ED25519_FN | ed25519_sign_open_batch (const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid) |
Variables | |
| unsigned char | batch_point_buffer [3][32] |
Macro Definition Documentation
◆ heap_batch_size
| #define heap_batch_size ((max_batch_size * 2) + 1) |
Definition at line 6 of file ed25519-donna-batchverify.h.
◆ max_batch_size
| #define max_batch_size 64 |
Definition at line 5 of file ed25519-donna-batchverify.h.
Typedef Documentation
◆ batch_heap
| typedef struct batch_heap_t batch_heap |
◆ heap_index_t
| typedef size_t heap_index_t |
Definition at line 11 of file ed25519-donna-batchverify.h.
Function Documentation
◆ ed25519_sign_open_batch()
| int ED25519_FN ed25519_sign_open_batch | ( | const unsigned char ** | m, |
| size_t * | mlen, | ||
| const unsigned char ** | pk, | ||
| const unsigned char ** | RS, | ||
| size_t | num, | ||
| int * | valid ) |
Definition at line 205 of file ed25519-donna-batchverify.h.
205 {
208 bignum256modm *r_scalars;
209 size_t i, batchsize;
210 unsigned char hram[64];
211 int ret = 0;
212
213 for (i = 0; i < num; i++)
214 valid[i] = 1;
215
216 while (num > 3) {
218
219 /* generate r (scalars[batchsize+1]..scalars[2*batchsize] */
220 ED25519_FN(ed25519_randombytes_unsafe) (batch.r, batchsize * 16);
221 r_scalars = &batch.scalars[batchsize + 1];
222 for (i = 0; i < batchsize; i++)
223 expand256_modm(r_scalars[i], batch.r[i], 16);
224
225 /* compute scalars[0] = ((r1s1 + r2s2 + ...)) */
226 for (i = 0; i < batchsize; i++) {
227 expand256_modm(batch.scalars[i], RS[i] + 32, 32);
228 mul256_modm(batch.scalars[i], batch.scalars[i], r_scalars[i]);
229 }
230 for (i = 1; i < batchsize; i++)
231 add256_modm(batch.scalars[0], batch.scalars[0], batch.scalars[i]);
232
233 /* compute scalars[1]..scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
234 for (i = 0; i < batchsize; i++) {
235 ed25519_hram(hram, RS[i], pk[i], m[i], mlen[i]);
236 expand256_modm(batch.scalars[i+1], hram, 64);
237 mul256_modm(batch.scalars[i+1], batch.scalars[i+1], r_scalars[i]);
238 }
239
240 /* compute points */
241 batch.points[0] = ge25519_basepoint;
242 for (i = 0; i < batchsize; i++)
243 if (!ge25519_unpack_negative_vartime(&batch.points[i+1], pk[i]))
244 goto fallback;
245 for (i = 0; i < batchsize; i++)
246 if (!ge25519_unpack_negative_vartime(&batch.points[batchsize+i+1], RS[i]))
247 goto fallback;
248
249 ge25519_multi_scalarmult_vartime(&p, &batch, (batchsize * 2) + 1);
250 if (!ge25519_is_neutral_vartime(&p)) {
251 ret |= 2;
252
253 fallback:
254 for (i = 0; i < batchsize; i++) {
255 valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
256 ret |= (valid[i] ^ 1);
257 }
258 }
259
260 m += batchsize;
261 mlen += batchsize;
262 pk += batchsize;
263 RS += batchsize;
264 num -= batchsize;
265 valid += batchsize;
266 }
267
268 for (i = 0; i < num; i++) {
269 valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
270 ret |= (valid[i] ^ 1);
271 }
272
273 return ret;
274}
struct batch_heap_t batch_heap
struct ge25519_t ge25519
void ED25519_FN ed25519_randombytes_unsafe(void *p, size_t len)
Definition ed25519-randombytes.h:86
int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS)
for(i=1;i< 1;++i) fe_sq(t0
Here is the call graph for this function:
Here is the caller graph for this function:
Variable Documentation
◆ batch_point_buffer
| unsigned char batch_point_buffer[3][32] |
Definition at line 191 of file ed25519-donna-batchverify.h.
