Type Function elligator2 [src]

Elligator2 map - Returns Montgomery affine coordinates

Prototype

pub fn elligator2(r: Fe) struct { x: Fe, y: Fe, not_square: bool }

Parameters

r: Fe

Source

  pub fn elligator2(r: Fe) struct { x: Fe, y: Fe, not_square: bool } {
    const rr2 = r.sq2().add(Fe.one).invert();
    var x = rr2.mul32(Fe.edwards25519a_32).neg(); // x=x1
    var x2 = x.sq();
    const x3 = x2.mul(x);
    x2 = x2.mul32(Fe.edwards25519a_32); // x2 = A*x1^2
    const gx1 = x3.add(x).add(x2); // gx1 = x1^3 + A*x1^2 + x1
    const not_square = !gx1.isSquare();

    // gx1 not a square => x = -x1-A
    x.cMov(x.neg(), @intFromBool(not_square));
    x2 = Fe.zero;
    x2.cMov(Fe.edwards25519a, @intFromBool(not_square));
    x = x.sub(x2);

    // We have y = sqrt(gx1) or sqrt(gx2) with gx2 = gx1*(A+x1)/(-x1)
    // but it is about as fast to just recompute y from the curve equation.
    const y = xmontToYmont(x) catch unreachable;
    return .{ .x = x, .y = y, .not_square = not_square };
}  