### In ProofStep1, put the k loop inside the i loop instead of the other way around

`This way, we don't recompute the same p_i polynomial for each value of k`
Ian Goldberg 2 years ago
parent
commit
f120354379
1 changed files with 40 additions and 42 deletions
1. 40 42
gk15.go

#### + 40 - 42 gk15.go View File

 ``@@ -125,51 +125,52 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S`` `` k++`` `` mask *= 2`` `` }`` ``-`` ``- k = 0`` ``- for ; k < n ; {`` ``+ for k = 0 ; k < n ; k++ {`` `` pub.cd[k] = group.Point().Mul(priv.rho[k], params.B)`` ``- for i := uint32(0); i < two_n; i++ {`` ``- // Compute the coefficients of p_i`` ``- p_i := make([]kyber.Scalar, n+1)`` ``- p_i[0] = group.Scalar().One()`` ``- for t := uint32(1); t <= n; t++ {`` ``- p_i[t] = group.Scalar().Zero()`` ``- }`` ``+ }`` `` `` ``- j = 1`` ``- // jmask = 2^(j-1)`` ``- jmask := uint32(1)`` ``- for ; j <= n ; {`` ``- if (i & jmask) != 0 {`` ``- if (ell & jmask) != 0 {`` ``- // Multiply p_i by x + a[j]`` ``- polymul_xplus(group, p_i, priv.a[j])`` ``- } else {`` ``- // Multiply p_i by a[j]`` ``- polymul(group, p_i, priv.a[j])`` ``- }`` ``+ for i := uint32(0); i < two_n; i++ {`` ``+ // Compute the coefficients of p_i`` ``+ p_i := make([]kyber.Scalar, n+1)`` ``+ p_i[0] = group.Scalar().One()`` ``+ for t := uint32(1); t <= n; t++ {`` ``+ p_i[t] = group.Scalar().Zero()`` ``+ }`` ``+`` ``+ j = 1`` ``+ // jmask = 2^(j-1)`` ``+ jmask := uint32(1)`` ``+ for ; j <= n ; {`` ``+ if (i & jmask) != 0 {`` ``+ if (ell & jmask) != 0 {`` ``+ // Multiply p_i by x + a[j]`` ``+ polymul_xplus(group, p_i, priv.a[j])`` `` } else {`` ``- negaj := group.Scalar().Neg(priv.a[j])`` ``- if (ell & jmask) != 0 {`` ``- // Multiply p_i by -a[j]`` ``- polymul(group, p_i, negaj)`` ``- } else {`` ``- // Multiply p_i by x - a[j]`` ``- polymul_xplus(group, p_i, negaj)`` ``- }`` ``+ // Multiply p_i by a[j]`` ``+ polymul(group, p_i, priv.a[j])`` ``+ }`` ``+ } else {`` ``+ negaj := group.Scalar().Neg(priv.a[j])`` ``+ if (ell & jmask) != 0 {`` ``+ // Multiply p_i by -a[j]`` ``+ polymul(group, p_i, negaj)`` ``+ } else {`` ``+ // Multiply p_i by x - a[j]`` ``+ polymul_xplus(group, p_i, negaj)`` `` }`` ``-`` ``- j++`` ``- jmask *= 2`` `` }`` `` `` ``- if i == ell && !p_i[n].Equal(group.Scalar().One()) {`` ``- panic("Leading coeff should be 1 but was not")`` ``- }`` ``- if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {`` ``- panic("Leading coeff should be 0 but was not")`` ``- }`` ``+ j++`` ``+ jmask *= 2`` ``+ }`` ``+`` ``+ if i == ell && !p_i[n].Equal(group.Scalar().One()) {`` ``+ panic("Leading coeff should be 1 but was not")`` ``+ }`` ``+ if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {`` ``+ panic("Leading coeff should be 0 but was not")`` ``+ }`` ``+ for k = 0 ; k < n ; k++ {`` `` if i < N {`` `` pub.cd[k] = group.Point().Add(pub.cd[k],`` `` group.Point().Mul(p_i[k], c[i]))`` ``@@ -178,9 +179,6 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S`` `` group.Point().Mul(p_i[k], params.Y))`` `` }`` `` }`` ``-`` ``- k++`` ``- mask *= 2`` `` }`` `` `` `` return pub, priv``