Check the equality of EdwardsPoints in the projective coordinates t…

…o avoid expensive compressions.
dalek-cryptography · Jan 24, 2019 · f8b64d0 · f8b64d0
1 parent 8e50625
commit f8b64d0
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/edwards.rs b/src/edwards.rs
@@ -388,9 +388,14 @@ impl ConditionallySelectable for EdwardsPoint {
 
 impl ConstantTimeEq for EdwardsPoint {
     fn ct_eq(&self, other: &EdwardsPoint) -> Choice {
-        self.compress()
-            .as_bytes()
-            .ct_eq(other.compress().as_bytes())
+        // We would like to check that the point (X/Z, Y/Z) is equal to
+        // the point (X'/Z', Y'/Z') without converting into affine
+        // coordinates (x, y) and (x', y'), which requires two inversions.
+        // We have that X = xZ and X' = x'Z'. Thus, x = x' is equivalent to
+        // (xZ)Z' = (x'Z')Z, and similarly for the y-coordinate.
+
+        (&self.X * &other.Z).ct_eq(&(&other.X * &self.Z))
+            & (&self.Y * &other.Z).ct_eq(&(&other.Y * &self.Z))
     }
 }