Skip to main content

ed448_goldilocks/curve/
twedwards.rs

1/// This module will contain the EC arithmetic for the Twisted Edwards form of Goldilocks.
2/// with the following affine equation : -x^2 + y^2 = 1 - 39082x^2y^2
3/// This curve will be used as a backend for the Goldilocks and Decaf through the use of isogenies.
4/// It will not be exposed in the public API.
5pub(crate) mod affine;
6pub(crate) mod extended;
7pub(crate) mod extensible;
8pub(crate) mod projective;
9
10use crate::field::FieldElement;
11
12pub(crate) struct IsogenyMap {
13    pub(crate) X: FieldElement,
14    pub(crate) Y: FieldElement,
15    pub(crate) Z: FieldElement,
16    pub(crate) T: FieldElement,
17}
18
19pub(crate) struct IsogenyMapResult {
20    pub(crate) X: FieldElement,
21    pub(crate) Y: FieldElement,
22    pub(crate) Z: FieldElement,
23    pub(crate) T1: FieldElement,
24    pub(crate) T2: FieldElement,
25}
26
27impl IsogenyMap {
28    // (1.) https://eprint.iacr.org/2014/027.pdf
29    pub(crate) fn map(&self, scale: impl FnOnce(FieldElement) -> FieldElement) -> IsogenyMapResult {
30        // x = 2xy / (y^2 - a*x^2)
31        // y = (y^2 + a*x^2) / (2 - y^2 - a*x^2)
32
33        // Derive algorithm for projective form:
34
35        // x = X / Z
36        // y = Y / Z
37        // xy = T / Z
38        // x^2 = X^2 / Z^2
39        // y^2 = y^2 / Z^2
40
41        // x = 2xy / (y^2 - a*x^2)
42        // x = (2T/Z) / (Y^2/Z^2 + a*X^2/Z^2)
43        // x = 2TZ / (Y^2 - a*X^2)
44
45        // y = (y^2 + a*x^2) / (2 - y^2 - a*x^2)
46        // y = (Y^2/Z^2 + a*X^2/Z^2) / (2 - Y^2/Z^2 - a*X^2/Z^2)
47        // y = (Y^2 + a*X^2) / (2*Z^2 - Y^2 - a*X^2)
48
49        let xx = self.X.square();
50        let yy = self.Y.square();
51        let axx = scale(xx);
52        let yy_plus_axx = yy + axx;
53
54        // Compute x
55        let x_numerator = (self.T * self.Z).double();
56        let x_denom = yy - axx;
57
58        // Compute y
59        let y_numerator = yy_plus_axx;
60        let y_denom = self.Z.square().double() - yy_plus_axx;
61
62        let X = x_numerator * y_denom;
63        let Y = y_numerator * x_denom;
64        let Z = x_denom * y_denom;
65        let T1 = x_numerator;
66        let T2 = y_numerator;
67
68        IsogenyMapResult { X, Y, Z, T1, T2 }
69    }
70}