Merge pull request #267 from ConsenSys/perf/tEd-add

addition on twisted Edwards
Consensys · Feb 18, 2022 · 7149365 · 7149365
2 parents 7d6dc05 + 1dc1d3c
commit 7149365
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 36 deletions.
diff --git a/std/algebra/twistededwards/bandersnatch/point.go b/std/algebra/twistededwards/bandersnatch/point.go
@@ -57,24 +57,30 @@ func (p *Point) MustBeOnCurve(api frontend.API, curve EdCurve) {
 // p1, p2, c are respectively: the point to add, a known base point, and the parameters of the twisted edwards curve
 func (p *Point) Add(api frontend.API, p1, p2 *Point, curve EdCurve) *Point {
 
-	// https://eprint.iacr.org/2008/013.pdf
-
-	n11 := api.Mul(p1.X, p2.Y)
-	n12 := api.Mul(p1.Y, p2.X)
-	n1 := api.Add(n11, n12)
-
-	n21 := api.Mul(p1.Y, p2.Y)
-	n22 := api.Mul(p1.X, p2.X)
-	an22 := api.Mul(n22, &curve.A)
-	n2 := api.Sub(n21, an22)
-
-	d11 := api.Mul(curve.D, n11, n12)
-	d1 := api.Add(1, d11)
-
-	d2 := api.Sub(1, d11)
-
-	p.X = api.DivUnchecked(n1, d1)
-	p.Y = api.DivUnchecked(n2, d2)
+	// u = (x1 + y1) * (x2 + y2)
+	u1 := api.Mul(p1.X, &curve.A)
+	u1 = api.Sub(p1.Y, u1)
+	u2 := api.Add(p2.X, p2.Y)
+	u := api.Mul(u1, u2)
+
+	// v0 = x1 * y2
+	v0 := api.Mul(p2.Y, p1.X)
+
+	// v1 = x2 * y1
+	v1 := api.Mul(p2.X, p1.Y)
+
+	// v2 = d * v0 * v1
+	v2 := api.Mul(&curve.D, v0, v1)
+
+	// x = (v0 + v1) / (1 + v2)
+	p.X = api.Add(v0, v1)
+	p.X = api.DivUnchecked(p.X, api.Add(1, v2))
+
+	// y = (u + a * v0 - v1) / (1 - v2)
+	p.Y = api.Mul(&curve.A, v0)
+	p.Y = api.Sub(p.Y, v1)
+	p.Y = api.Add(p.Y, u)
+	p.Y = api.DivUnchecked(p.Y, api.Sub(1, v2))
 
 	return p
 }

diff --git a/std/algebra/twistededwards/point.go b/std/algebra/twistededwards/point.go
@@ -57,24 +57,30 @@ func (p *Point) MustBeOnCurve(api frontend.API, curve EdCurve) {
 // p1, p2, c are respectively: the point to add, a known base point, and the parameters of the twisted edwards curve
 func (p *Point) Add(api frontend.API, p1, p2 *Point, curve EdCurve) *Point {
 
-	// https://eprint.iacr.org/2008/013.pdf
-
-	n11 := api.Mul(p1.X, p2.Y)
-	n12 := api.Mul(p1.Y, p2.X)
-	n1 := api.Add(n11, n12)
-
-	n21 := api.Mul(p1.Y, p2.Y)
-	n22 := api.Mul(p1.X, p2.X)
-	an22 := api.Mul(n22, &curve.A)
-	n2 := api.Sub(n21, an22)
-
-	d11 := api.Mul(curve.D, n11, n12)
-	d1 := api.Add(1, d11)
-
-	d2 := api.Sub(1, d11)
-
-	p.X = api.DivUnchecked(n1, d1)
-	p.Y = api.DivUnchecked(n2, d2)
+	// u = (x1 + y1) * (x2 + y2)
+	u1 := api.Mul(p1.X, &curve.A)
+	u1 = api.Sub(p1.Y, u1)
+	u2 := api.Add(p2.X, p2.Y)
+	u := api.Mul(u1, u2)
+
+	// v0 = x1 * y2
+	v0 := api.Mul(p2.Y, p1.X)
+
+	// v1 = x2 * y1
+	v1 := api.Mul(p2.X, p1.Y)
+
+	// v2 = d * v0 * v1
+	v2 := api.Mul(&curve.D, v0, v1)
+
+	// x = (v0 + v1) / (1 + v2)
+	p.X = api.Add(v0, v1)
+	p.X = api.DivUnchecked(p.X, api.Add(1, v2))
+
+	// y = (u + a * v0 - v1) / (1 - v2)
+	p.Y = api.Mul(&curve.A, v0)
+	p.Y = api.Sub(p.Y, v1)
+	p.Y = api.Add(p.Y, u)
+	p.Y = api.DivUnchecked(p.Y, api.Sub(1, v2))
 
 	return p
 }