ref10: p3_batchtobytes

ed25519/ref10/fe.h

@@ -53,7 +53,7 @@ extern void fe_sq(fe,const fe);
 extern void fe_sq2(fe,const fe);
 extern void fe_mul121666(fe,const fe);
 extern void fe_invert(fe,const fe);
-extern void fe_batchinvert(fe *out[],fe tmp[],const fe *in[], size_t num);
+extern void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num);
 extern void fe_pow22523(fe,const fe);
 
 #endif

ed25519/ref10/fe_batchinvert.c

@@ -2,7 +2,7 @@
 
 // tmp MUST != out
 // in MAY == out
-void fe_batchinvert(fe *out[],fe tmp[],const fe *in[], size_t num)
+void fe_batchinvert(fe *out[],fe tmp[],fe * const in[], size_t num)
 {
   fe acc;
   fe tmpacc;

ed25519/ref10/ge.h

@@ -55,6 +55,7 @@ typedef unsigned char bytes32[32];
 #define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime
 #define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes
 #define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes
+#define ge_p3_batchtobytes_destructive crypto_sign_ed25519_ref10_ge_p3_batchtobytes_destructive
 
 #define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0
 #define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0
@@ -75,6 +76,7 @@ typedef unsigned char bytes32[32];
 
 extern void ge_tobytes(unsigned char *,const ge_p2 *);
 extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+extern void ge_p3_batchtobytes_destructive(bytes32 out[],const ge_p3 in[],fe *inz[],fe tmp[],size_t num);
 extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
 
 extern void ge_p2_0(ge_p2 *);

ed25519/ref10/ge_p3_batchtobytes.c

@@ -0,0 +1,17 @@
+#include "ge.h"
+
+// inz is ge_p3.Z pointer array. contents to .Zs will be overwritten
+void ge_p3_batchtobytes_destructive(bytes32 out[],const ge_p3 in[],fe *inz[],fe tmp[],size_t num)
+{
+  fe x;
+  fe y;
+
+  fe_batchinvert(inz,tmp,inz,num);
+
+  for (size_t i = 0;i < num;++i) {
+    fe_mul(x,in[i].X,*inz[i]);
+    fe_mul(y,in[i].Y,*inz[i]);
+    fe_tobytes(out[i],y);
+    out[i][31] ^= fe_isnegative(x) << 7;
+  }
+}