1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# Future imports for Python 2.7, mandatory in 3.0
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
b = 256
q = 2**255 - 19
l = 2**252 + 27742317777372353535851937790883648493
def expmod(b,e,m):
if e == 0: return 1
t = expmod(b,e/2,m)**2 % m
if e & 1: t = (t*b) % m
return t
def inv(x):
return expmod(x,q-2,q)
d = -121665 * inv(121666)
I = expmod(2,(q-1)/4,q)
def xrecover(y):
xx = (y*y-1) * inv(d*y*y+1)
x = expmod(xx,(q+3)/8,q)
if (x*x - xx) % q != 0: x = (x*I) % q
if x % 2 != 0: x = q-x
return x
By = 4 * inv(5)
Bx = xrecover(By)
B = [Bx % q,By % q]
def edwards(P,Q):
x1 = P[0]
y1 = P[1]
x2 = Q[0]
y2 = Q[1]
x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
return [x3 % q,y3 % q]
def radix255(x):
x = x % q
if x + x > q: x -= q
x = [x,0,0,0,0,0,0,0,0,0]
bits = [26,25,26,25,26,25,26,25,26,25]
for i in range(9):
carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
x[i] -= carry * 2**bits[i]
x[i + 1] += carry
result = ""
for i in range(9):
result = result+str(x[i])+","
result = result+str(x[9])
return result
Bi = B
for i in range(32):
print("{")
Bij = Bi
for j in range(8):
print(" {")
print(" {",radix255(Bij[1]+Bij[0]),"},")
print(" {",radix255(Bij[1]-Bij[0]),"},")
print(" {",radix255(2*d*Bij[0]*Bij[1]),"},")
Bij = edwards(Bij,Bi)
print(" },")
print("},")
for k in range(8):
Bi = edwards(Bi,Bi)
|
