ziglang/zig
ziglang/zig
242
5.5k
Fork 699
Code Issues 590 Pull requests 255 Activity Actions 68

crypto.edwards25519: optimize rejectLowOrder #30650

Merged
jedisct1 merged 1 commit from jedisct1/zig:ed25519rej into master 2026-01-02 23:37:14 +01:00
Conversation 2 Commits 1 Files changed 1 +4 -6
jedisct1 commented 2026-01-02 00:05:19 +01:00
Member
Copy link

Reject low-order points by checking projective coordinates directly instead of using affine coordinates.

Equivalent, but saves CPU cycles (~254 field multiplications total before, 3 field multiplications after).

Reject low-order points by checking projective coordinates directly instead of using affine coordinates. Equivalent, but saves CPU cycles (~254 field multiplications total before, 3 field multiplications after).
crypto.edwards25519: optimize rejectLowOrder
All checks were successful
ci / riscv64-linux-debug (pull_request) Has been skipped
Details
ci / riscv64-linux-release (pull_request) Has been skipped
Details
ci / x86_64-freebsd-release (pull_request) Successful in 46m58s
Details
ci / x86_64-windows-release (pull_request) Successful in 47m57s
Details
ci / x86_64-windows-debug (pull_request) Successful in 49m23s
Details
ci / x86_64-freebsd-debug (pull_request) Successful in 55m54s
Details
ci / aarch64-macos-release (pull_request) Successful in 1h6m6s
Details
ci / x86_64-linux-debug (pull_request) Successful in 1h12m35s
Details
ci / aarch64-linux-release (pull_request) Successful in 1h31m26s
Details
ci / x86_64-linux-debug-llvm (pull_request) Successful in 1h40m3s
Details
ci / aarch64-macos-debug (pull_request) Successful in 1h58m15s
Details
ci / aarch64-linux-debug (pull_request) Successful in 2h26m40s
Details
ci / s390x-linux-release (pull_request) Successful in 1h56m28s
Details
ci / s390x-linux-debug (pull_request) Successful in 2h40m2s
Details
ci / x86_64-linux-release (pull_request) Successful in 2h46m19s
Details
ci / loongarch64-linux-release (pull_request) Successful in 2h16m7s
Details
ci / loongarch64-linux-debug (pull_request) Successful in 3h28m56s
Details
1baa127c65 
Reject low-order points by checking projective coordinates directly
instead of using affine coordinates.

Equivalent, but saves CPU cycles (~254 field multiplications total
before, 3 field multiplications after).
sinon commented 2026-01-02 00:16:39 +01:00
Contributor
Copy link

Another thing I suggest, that I'm not sure the stdlib needs but still, is an API for rejecting low-order (order <= 8) points from a known affine point. Very useful for rejecting low-order points (like A,R in EdDSA verify) when it was just decoded from the wire, so you know it's affine. It's only 4 comparisons: example impl.

Another thing I suggest, that I'm not sure the stdlib needs but still, is an API for rejecting low-order (order <= 8) points from a known affine point. Very useful for rejecting low-order points (like A,R in EdDSA verify) when it was just decoded from the wire, so you know it's affine. It's only 4 comparisons: [example impl](https://github.com/Syndica/sig/blob/a1f9f3223c3e192d1c431eccd3fbfb507c7abe1d/src/crypto/ed25519/lib.zig#L156).
jedisct1 commented 2026-01-02 23:37:05 +01:00
Author
Member
Copy link

@sinon why not, that can be useful!

@sinon why not, that can be useful!
jedisct1 merged commit 1bf29757d9 into master 2026-01-02 23:37:14 +01:00
jedisct1 deleted branch ed25519rej 2026-01-02 23:37:16 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
abi/f32

   
abi/ilp32

   
abi/sf

   
accepted
This proposal is planned.

  
arch/21k

   
arch/6502

   
arch/aarch64

   
arch/alpha

   
arch/amdgcn

   
arch/arc

   
arch/arc32

   
arch/arc64

   
arch/arm

   
arch/avr

   
arch/bfin

   
arch/bpf

   
arch/colossus

   
arch/cris

   
arch/csky

   
arch/dlx

   
arch/epiphany

   
arch/fr30

   
arch/frv

   
arch/hexagon

   
arch/hppa

   
arch/hppa64

   
arch/ia64

   
arch/kalimba

   
arch/kvx

   
arch/lanai

   
arch/lm32

   
arch/loongarch32

   
arch/loongarch64

   
arch/m32r

   
arch/m68k

   
arch/m88k

   
arch/mcore

   
arch/microblaze

   
arch/mips

   
arch/mips64

   
arch/mmix

   
arch/moxie

   
arch/mrisc32

   
arch/msp430

   
arch/nds32

   
arch/ns32k

   
arch/nvptx

   
arch/or1k

   
arch/powerpc

   
arch/powerpc64

   
arch/propeller

   
arch/riscv32

   
arch/riscv64

   
arch/rl78

   
arch/rx

   
arch/s390x

   
arch/sh

   
arch/sparc

   
arch/sparc64

   
arch/spirv

   
arch/spu

   
arch/tricore

   
arch/v850

   
arch/vax

   
arch/vc4

   
arch/ve

   
arch/wasm

   
arch/x86

   
arch/x86_64

   
arch/xcore

   
arch/xtensa

   
autodoc
The web application for interactive documentation and generation of its assets.

  
backend/c
The C backend outputs C source code.

  
backend/llvm
The LLVM backend outputs an LLVM bitcode module.

  
backend/self-hosted
The self-hosted backends produce machine code directly.

  
binutils
Zig's included binary utilities: zig ar, zig dlltool, zig lib, zig ranlib, zig objcopy, and zig rc.

  
breaking
Implementing this issue could cause existing code to no longer compile or have different behavior.

  
build system
The Zig build system - zig build, std.Build, the build runner, and package management.

  
debug info
An issue related to debug information (e.g. DWARF) produced by the Zig compiler.

  
docs
An issue with documentation, e.g. the language reference or standard library doc comments.

  
error message
This issue points out an error message that is unhelpful and should be improved.

  
frontend
Tokenization, parsing, AstGen, ZonGen, Sema, Legalize, and Liveness.

  
fuzzing
An issue related to Zig's integrated fuzz testing.

  
incremental
Reuse of internal compiler state for faster compilation.

  
lib/c
This issue relates to Zig's libc implementation and/or vendored libcs.

  
lib/compiler-rt
This issue relates to Zig's compiler-rt library.

  
lib/cxx
This issue relates to Zig's vendored libc++ and/or libc++abi.

  
lib/std
This issue relates to Zig's standard library.

  
lib/tsan
This issue relates to Zig's vendored libtsan.

  
lib/ubsan-rt
This issue relates to Zig's ubsan-rt library.

  
lib/unwind
This issue relates to Zig's vendored libunwind.

  
linking
Zig's integrated object file and incremental linker.

  
miscompilation
The compiler reports success but produces semantically incorrect code.

  
os/android

   
os/contiki

   
os/dragonfly

   
os/driverkit

   
os/emscripten

   
os/freebsd

   
os/fuchsia

   
os/haiku

   
os/hermit

   
os/hurd

   
os/illumos

   
os/ios

   
os/linux

   
os/maccatalyst

   
os/macos

   
os/managarm

   
os/netbsd

   
os/ohos

   
os/openbsd

   
os/plan9

   
os/redox

   
os/rtems

   
os/serenity

   
os/tvos

   
os/uefi

   
os/visionos

   
os/wasi

   
os/watchos

   
os/windows

   
proposal
This issue suggests language modifications. If it also has the "accepted" label then it is planned.

  
release notes
This issue or pull request should be mentioned in the release notes.

  
testing
This issue is related to testing the compiler, standard library, or other parts of Zig.

  
zig cc
Zig as a drop-in C-family compiler.

  
zig fmt
The Zig source code formatter.

  
zig reduce
The Zig source code reduction tool.

  
bounty
https://ziglang.org/news/announcing-donor-bounties

  
bug
Observed behavior contradicts documented or intended behavior.

  
contributor-friendly
This issue is limited in scope and/or knowledge of project internals.

  
downstream
An issue with a third-party project that uses this project.

  
enhancement
Solving this issue will likely involve adding new logic or components to the codebase.

  
infra
An issue related to project infrastructure, e.g. continuous integration.

  
optimization
A task to improve performance and/or resource usage.

  
question
No questions on the issue tracker; use a community space instead.

  
regression
Something that used to work in a previous version stopped working

  
upstream
An issue with a third-party project that this project uses.

No labels
abi/f32
abi/ilp32
abi/sf
accepted
arch/21k
arch/6502
arch/aarch64
arch/alpha
arch/amdgcn
arch/arc
arch/arc32
arch/arc64
arch/arm
arch/avr
arch/bfin
arch/bpf
arch/colossus
arch/cris
arch/csky
arch/dlx
arch/epiphany
arch/fr30
arch/frv
arch/hexagon
arch/hppa
arch/hppa64
arch/ia64
arch/kalimba
arch/kvx
arch/lanai
arch/lm32
arch/loongarch32
arch/loongarch64
arch/m32r
arch/m68k
arch/m88k
arch/mcore
arch/microblaze
arch/mips
arch/mips64
arch/mmix
arch/moxie
arch/mrisc32
arch/msp430
arch/nds32
arch/ns32k
arch/nvptx
arch/or1k
arch/powerpc
arch/powerpc64
arch/propeller
arch/riscv32
arch/riscv64
arch/rl78
arch/rx
arch/s390x
arch/sh
arch/sparc
arch/sparc64
arch/spirv
arch/spu
arch/tricore
arch/v850
arch/vax
arch/vc4
arch/ve
arch/wasm
arch/x86
arch/x86_64
arch/xcore
arch/xtensa
autodoc
backend/c
backend/llvm
backend/self-hosted
binutils
breaking
build system
debug info
docs
error message
frontend
fuzzing
incremental
lib/c
lib/compiler-rt
lib/cxx
lib/std
lib/tsan
lib/ubsan-rt
lib/unwind
linking
miscompilation
os/android
os/contiki
os/dragonfly
os/driverkit
os/emscripten
os/freebsd
os/fuchsia
os/haiku
os/hermit
os/hurd
os/illumos
os/ios
os/linux
os/maccatalyst
os/macos
os/managarm
os/netbsd
os/ohos
os/openbsd
os/plan9
os/redox
os/rtems
os/serenity
os/tvos
os/uefi
os/visionos
os/wasi
os/watchos
os/windows
proposal
release notes
testing
zig cc
zig fmt
zig reduce
bounty
bug
contributor-friendly
downstream
enhancement
infra
optimization
question
regression
upstream
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ziglang/zig!30650
No description provided.