Browse Source

In ProofStep1, put the k loop inside the i loop instead of the other way around

This way, we don't recompute the same p_i polynomial for each value of k
Ian Goldberg 3 years ago
parent
commit
f120354379
1 changed files with 40 additions and 42 deletions
  1. 40 42
      gk15.go

+ 40 - 42
gk15.go

@@ -125,51 +125,52 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 		k++
 		mask *= 2
 	}
-
-	k = 0
-	for ; k < n ; {
+	for k = 0 ; k < n ; k++ {
 		pub.cd[k] = group.Point().Mul(priv.rho[k], params.B)
-		for i := uint32(0); i < two_n; i++ {
-			// Compute the coefficients of p_i
-			p_i := make([]kyber.Scalar, n+1)
-			p_i[0] = group.Scalar().One()
-			for t := uint32(1); t <= n; t++ {
-				p_i[t] = group.Scalar().Zero()
-			}
+	}
 
-			j = 1
-			// jmask = 2^(j-1)
-			jmask := uint32(1)
-			for ; j <= n ; {
-				if (i & jmask) != 0 {
-					if (ell & jmask) != 0 {
-						// Multiply p_i by x + a[j]
-						polymul_xplus(group, p_i, priv.a[j])
-					} else {
-						// Multiply p_i by a[j]
-						polymul(group, p_i, priv.a[j])
-					}
+	for i := uint32(0); i < two_n; i++ {
+		// Compute the coefficients of p_i
+		p_i := make([]kyber.Scalar, n+1)
+		p_i[0] = group.Scalar().One()
+		for t := uint32(1); t <= n; t++ {
+			p_i[t] = group.Scalar().Zero()
+		}
+
+		j = 1
+		// jmask = 2^(j-1)
+		jmask := uint32(1)
+		for ; j <= n ; {
+			if (i & jmask) != 0 {
+				if (ell & jmask) != 0 {
+					// Multiply p_i by x + a[j]
+					polymul_xplus(group, p_i, priv.a[j])
 				} else {
-					negaj := group.Scalar().Neg(priv.a[j])
-					if (ell & jmask) != 0 {
-						// Multiply p_i by -a[j]
-						polymul(group, p_i, negaj)
-					} else {
-						// Multiply p_i by x - a[j]
-						polymul_xplus(group, p_i, negaj)
-					}
+					// Multiply p_i by a[j]
+					polymul(group, p_i, priv.a[j])
+				}
+			} else {
+				negaj := group.Scalar().Neg(priv.a[j])
+				if (ell & jmask) != 0 {
+					// Multiply p_i by -a[j]
+					polymul(group, p_i, negaj)
+				} else {
+					// Multiply p_i by x - a[j]
+					polymul_xplus(group, p_i, negaj)
 				}
-
-				j++
-				jmask *= 2
 			}
 
-			if i == ell && !p_i[n].Equal(group.Scalar().One()) {
-				panic("Leading coeff should be 1 but was not")
-			}
-			if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {
-				panic("Leading coeff should be 0 but was not")
-			}
+			j++
+			jmask *= 2
+		}
+
+		if i == ell && !p_i[n].Equal(group.Scalar().One()) {
+			panic("Leading coeff should be 1 but was not")
+		}
+		if i != ell && !p_i[n].Equal(group.Scalar().Zero()) {
+			panic("Leading coeff should be 0 but was not")
+		}
+		for k = 0 ; k < n ; k++ {
 			if i < N {
 				pub.cd[k] = group.Point().Add(pub.cd[k],
 						group.Point().Mul(p_i[k], c[i]))
@@ -178,9 +179,6 @@ func ProofStep1(params GroupParams, c []kyber.Point, ell uint32, privkey kyber.S
 						group.Point().Mul(p_i[k], params.Y))
 			}
 		}
-
-		k++
-		mask *= 2
 	}
 
 	return pub, priv