Closed paulmillr closed 3 years ago
https://eprint.iacr.org/2019/814.pdf
The code is slower than this.multiplyUnsafe(CURVE.hEff).isZero(). Need to understand why the "optimization" does not optimize. I mean, hEff aka 0xd201000000010001n has low hamming weight et al; need to understand deeply why the opt is possible.
this.multiplyUnsafe(CURVE.hEff).isZero()
0xd201000000010001n
// σ(P) private sigma(): PointG1 { const BETA = 0x1a0111ea397fe699ec02408663d4de85aa0d857d89759ad4897d29650fb85f9b409427eb4f49fffd8bfd00000000aaacn; const [x, y] = this.toAffine(); return new PointG1(x.multiply(BETA), y); } private isTorsionFree(): boolean { // (x²−1)/3 const c1 = 76329603384216526021617858986798044501n; const P = this; let sP = P.sigma(); let Q = sP.double(); sP = sP.sigma(); Q = Q.subtract(P).subtract(sP).multiplyUnsafe(c1).subtract(sP); return Q.isZero(); }
https://eprint.iacr.org/2019/814.pdf
The code is slower than
this.multiplyUnsafe(CURVE.hEff).isZero(). Need to understand why the "optimization" does not optimize. I mean, hEff aka0xd201000000010001nhas low hamming weight et al; need to understand deeply why the opt is possible.