Add a dedicated crate for testing ff/group implementors

Provides extensive testing for dalek-ff-group and ed448. Also includes a fix for an observed bug in ed448.
2025-12-08 12:19:24 +00:00 · 2022-12-24 15:09:09 -05:00
parent 6e518f5c22
commit 445bb3786e
18 changed files with 701 additions and 336 deletions
--- a/crypto/ed448/src/backend.rs
+++ b/crypto/ed448/src/backend.rs
@@ -38,7 +38,7 @@ macro_rules! field {
    impl Neg for $FieldName {
      type Output = $FieldName;
      fn neg(self) -> $FieldName {
-        $MODULUS - self
+        Self(self.0.neg_mod(&$MODULUS.0))
      }
    }

@@ -104,29 +104,10 @@ macro_rules! field {
      }

      fn sqrt(&self) -> CtOption<Self> {
-        unimplemented!()
-      }
-
-      fn is_zero(&self) -> Choice {
-        self.0.ct_eq(&U512::ZERO)
-      }
-      fn cube(&self) -> Self {
-        self.square() * self
-      }
-      fn pow_vartime<S: AsRef<[u64]>>(&self, exp: S) -> Self {
-        let mut sum = Self::one();
-        let mut accum = *self;
-        for (_, num) in exp.as_ref().iter().enumerate() {
-          let mut num = *num;
-          for _ in 0 .. 64 {
-            if (num & 1) == 1 {
-              sum *= accum;
-            }
-            num >>= 1;
-            accum *= accum;
-          }
-        }
-        sum
+        const MOD_1_4: $FieldName =
+          Self($MODULUS.0.saturating_add(&U512::from_u8(1)).wrapping_div(&U512::from_u8(4)));
+        let res = self.pow(MOD_1_4);
+        CtOption::new(res, res.square().ct_eq(self))
      }
    }