withoutboats · August 9, 2019 12:07
diff --git a/scalar-conv.rs b/scalar-conv.rs
 /*

 Psuedocode from signal:

 calculate_key_pair(k):
    E = kB
    A.y = E.y
    A.s = 0
    if E.s == 1:
        a = -k (mod q)
    else:
        a = k (mod q)
    return A, a

 */

 // My attempt to reproduce.
 //
 // Tests consistently pass when the sign bit does not need to be changed
 // and consistently fail when it does, so I assume I have somehow
 // badly misunderstood how to translate this code.

 fn calculate_key_pair(k: Scalar) -> (CompressedEdwardsY, Scalar) {
    let E = (&k * &EDWARDS_BASEPOINT_TABLE).compress();
    let mut A = E;
    A.0[31] &= 0x7f;

    let a = if E.0[31] & 0x80 == 0 {
        -k
    } else {
         k
    };
    
    (A, a)
 }
	/*

	Psuedocode from signal:

	calculate_key_pair(k):
	E = kB
	A.y = E.y
	A.s = 0
	if E.s == 1:
	a = -k (mod q)
	else:
	a = k (mod q)
	return A, a

	*/

	// My attempt to reproduce.
	//
	// Tests consistently pass when the sign bit does not need to be changed
	// and consistently fail when it does, so I assume I have somehow
	// badly misunderstood how to translate this code.

	fn calculate_key_pair(k: Scalar) -> (CompressedEdwardsY, Scalar) {
	let E = (&k * &EDWARDS_BASEPOINT_TABLE).compress();
	let mut A = E;
	A.0[31] &= 0x7f;

	let a = if E.0[31] & 0x80 == 0 {
	-k
	} else {
	k
	};

	(A, a)
	}