Function rejectUnexpectedSubgroup [src]
Reject a point if it is not in the prime order subgroup generated by the standard base point.
If the point is not in the main subgroup:
WeakPublicKeyError is returned if the point belongs to a low-order subgroup.
UnexpectedSubgroupError is returned otherwise.
Prototype
pub fn rejectUnexpectedSubgroup(p: Edwards25519) (WeakPublicKeyError || UnexpectedSubgroupError)!void Parameters
p: Edwards25519 Source
pub fn rejectUnexpectedSubgroup(p: Edwards25519) (WeakPublicKeyError || UnexpectedSubgroupError)!void {
try p.rejectLowOrder();
// Multiply p by the order of subgroup - This is a prime order group, so the result should be the neutral element.
const _10 = p.dbl();
const _11 = p.add(_10);
const _100 = p.add(_11);
const _110 = _10.add(_100);
const _1000 = _10.add(_110);
const _1011 = _11.add(_1000);
const _10000 = _1000.dbl();
const _100000 = _10000.dbl();
const _100110 = _110.add(_100000);
const _1000000 = _100000.dbl();
const _1010000 = _10000.add(_1000000);
const _1010011 = _11.add(_1010000);
const _1100011 = _10000.add(_1010011);
const _1100111 = _100.add(_1100011);
const _1101011 = _100.add(_1100111);
const _10010011 = _1000000.add(_1010011);
const _10010111 = _100.add(_10010011);
const _10111101 = _100110.add(_10010111);
const _11010011 = _1000000.add(_10010011);
const _11100111 = _1010000.add(_10010111);
const _11101101 = _110.add(_11100111);
const _11110101 = _1000.add(_11101101);
const q = ((_11110101.add(((((_1101011.add(((((_10.add(((_1011.add(_11110101)).shift(126)
.add(_1010011)).shift(9).add(_11110101))).shift(7).add(_1100111)).shift(9).add(_11110101).shift(11)
.add(_10111101)).shift(8).add(_11100111)).shift(9))).shift(6).add(_1011)).shift(14).add(_10010011).shift(10)
.add(_1100011)).shift(9).add(_10010111)).shift(10))).shift(8).add(_11010011)).shift(8).add(_11101101);
q.rejectIdentity() catch return;
return error.UnexpectedSubgroup;
}