diff --git a/ed25519.dll b/ed25519_32.dll similarity index 87% rename from ed25519.dll rename to ed25519_32.dll index 33f9938..d5077a1 100644 Binary files a/ed25519.dll and b/ed25519_32.dll differ diff --git a/ed25519_64.dll b/ed25519_64.dll new file mode 100644 index 0000000..78c8199 Binary files /dev/null and b/ed25519_64.dll differ diff --git a/src/add_scalar.c b/src/add_scalar.c index 91b64d3..d728995 100644 --- a/src/add_scalar.c +++ b/src/add_scalar.c @@ -10,7 +10,7 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c unsigned char n[32]; ge_p3 nB; ge_p1p1 A_p1p1; - ge_p2 A; + ge_p3 A; ge_p3 public_key_unpacked; ge_cached T; @@ -27,21 +27,30 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c sc_muladd(private_key, SC_1, n, private_key); } + /* public key: A = nB + T */ if (public_key) { - /* unpack public key into T */ - ge_frombytes_negate_vartime(&public_key_unpacked, public_key); - fe_neg(public_key_unpacked.X, public_key_unpacked.X); // undo negate - fe_neg(public_key_unpacked.T, public_key_unpacked.T); // undo negate - ge_p3_to_cached(&T, &public_key_unpacked); + /* if we know the private key we don't need a point addition, which is faster */ + /* using a "timing attack" you could find out wether or not we know the private + key, but this information seems rather useless - if this is important pass + public_key and private_key seperately in 2 function calls */ + if (private_key) { + ge_scalarmult_base(&A, private_key); + } else { + /* unpack public key into T */ + ge_frombytes_negate_vartime(&public_key_unpacked, public_key); + fe_neg(public_key_unpacked.X, public_key_unpacked.X); // undo negate + fe_neg(public_key_unpacked.T, public_key_unpacked.T); // undo negate + ge_p3_to_cached(&T, &public_key_unpacked); - /* calculate n*B */ - ge_scalarmult_base(&nB, n); + /* calculate n*B */ + ge_scalarmult_base(&nB, n); - /* A = n*B + T */ - ge_add(&A_p1p1, &nB, &T); - ge_p1p1_to_p2(&A, &A_p1p1); - - /* pack public key */ - ge_tobytes(public_key, &A); + /* A = n*B + T */ + ge_add(&A_p1p1, &nB, &T); + ge_p1p1_to_p3(&A, &A_p1p1); + } + + /* pack public key */ + ge_p3_tobytes(public_key, &A); } } diff --git a/test.c b/test.c index 264832f..b317438 100644 --- a/test.c +++ b/test.c @@ -80,15 +80,24 @@ int main(int argc, char *argv[]) { } /* test performance */ + printf("testing seed generation performance: "); + start = clock(); + for (i = 0; i < 10000; ++i) { + ed25519_create_seed(seed); + } + end = clock(); + + printf("%fus per seed\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); + + printf("testing key generation performance: "); start = clock(); for (i = 0; i < 10000; ++i) { - ed25519_create_seed(seed); ed25519_create_keypair(public_key, private_key, seed); } end = clock(); - printf("%fus per seed and keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); + printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing sign performance: "); start = clock(); @@ -109,7 +118,7 @@ int main(int argc, char *argv[]) { printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); - printf("testing scalar addition performance: "); + printf("testing keypair scalar addition performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_add_scalar(public_key, private_key, scalar); @@ -118,6 +127,15 @@ int main(int argc, char *argv[]) { printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); + printf("testing public key scalar addition performance: "); + start = clock(); + for (i = 0; i < 10000; ++i) { + ed25519_add_scalar(public_key, NULL, scalar); + } + end = clock(); + + printf("%fus per key\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); + printf("testing key exchange performance: "); start = clock(); for (i = 0; i < 10000; ++i) {