search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
estimate calc utility (WIP)
[mkp224o.git] / ed25519 / amd64-64-24k / batch.c
blob955392eaceebfc0ebe5c6b12fc6360c9da0e0e4a
1 #include "crypto_sign.h"
2
3 #include "crypto_verify_32.h"
4 #include "crypto_hash_sha512.h"
5 #include "randombytes.h"
6
7 #include "ge25519.h"
8 #include "hram.h"
9
10 #define MAXBATCH 64
11
12 int crypto_sign_open_batch(
13 unsigned char* const m[],unsigned long long mlen[],
14 unsigned char* const sm[],const unsigned long long smlen[],
15 unsigned char* const pk[],
16 unsigned long long num
17 )
18 {
19 int ret = 0;
20 unsigned long long i, j;
21 shortsc25519 r[MAXBATCH];
22 sc25519 scalars[2*MAXBATCH+1];
23 ge25519 points[2*MAXBATCH+1];
24 unsigned char hram[crypto_hash_sha512_BYTES];
25 unsigned long long batchsize;
26
27 for (i = 0;i < num;++i) mlen[i] = -1;
28
29 while (num >= 3) {
30 batchsize = num;
31 if (batchsize > MAXBATCH) batchsize = MAXBATCH;
32
33 for (i = 0;i < batchsize;++i)
34 if (smlen[i] < 64) goto fallback;
35
36 randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
37
38 /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
39 for(i=0;i<batchsize;i++)
40 {
41 sc25519_from32bytes(&scalars[i], sm[i]+32);
42 sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
43 }
44 for(i=1;i<batchsize;i++)
45 sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
46
47 /* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
48 for(i=0;i<batchsize;i++)
49 {
50 get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
51 sc25519_from64bytes(&scalars[i+1],hram);
52 sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
53 }
54 /* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
55 for(i=0;i<batchsize;i++)
56 sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
57
58 /* Computing points */
59 points[0] = ge25519_base;
60
61 for(i=0;i<batchsize;i++)
62 if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
63 for(i=0;i<batchsize;i++)
64 if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
65
66 ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
67
68 if (ge25519_isneutral_vartime(points)) {
69 for(i=0;i<batchsize;i++)
70 {
71 for(j=0;j<smlen[i]-64;j++)
72 m[i][j] = sm[i][j + 64];
73 mlen[i] = smlen[i]-64;
74 }
75 } else {
76 fallback:
77
78 for (i = 0;i < batchsize;++i)
79 ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
80 }
81
82 m += batchsize;
83 mlen += batchsize;
84 sm += batchsize;
85 smlen += batchsize;
86 pk += batchsize;
87 num -= batchsize;
88 }
89
90 for (i = 0;i < num;++i)
91 ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
92
93 return ret;
94 }
vanity address generator for tor onion v3 (ed25519) hidden services