commit 1bf29757d963b301c1fcfccb9b39b277381de115 (tree) parent 4cee1f7b9a6df9c890268eddc526e66dfa16f0ad Author: jedisct1 <jedisct1@noreply.codeberg.org> Date: Fri, 2 Jan 2026 23:37:12 +0100 Merge pull request 'crypto.edwards25519: optimize rejectLowOrder' (#30650) from jedisct1/zig:ed25519rej into master Reviewed-on: https://codeberg.org/ziglang/zig/pulls/30650 Diffstat:
| M | lib/std/crypto/25519/edwards25519.zig | | | 10 | ++++------ |
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/lib/std/crypto/25519/edwards25519.zig b/lib/std/crypto/25519/edwards25519.zig @@ -127,12 +127,10 @@ pub const Edwards25519 = struct { /// Check that the point does not generate a low-order group. /// Return a `WeakPublicKey` error if it does. pub fn rejectLowOrder(p: Edwards25519) WeakPublicKeyError!void { - const zi = p.z.invert(); - const x = p.x.mul(zi); - const y = p.y.mul(zi); - const x_neg = x.neg(); - const iy = Fe.sqrtm1.mul(y); - if (x.isZero() or y.isZero() or iy.equivalent(x) or iy.equivalent(x_neg)) { + const y_sqrtm1 = Fe.sqrtm1.mul(p.y); + if (p.x.isZero() or p.y.isZero() or p.z.isZero() or + y_sqrtm1.sub(p.x).isZero() or y_sqrtm1.add(p.x).isZero()) + { return error.WeakPublicKey; } }