Skip to content

Add Scalar::halve() #804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

Add Scalar::halve() #804

merged 1 commit into from
Aug 14, 2025

Conversation

daxpedda
Copy link
Contributor

This adds a new method Scalar::halve() which halves the given Scalar.

This can facilitate batch encoding the result of scalar-point multiplications by halving the Scalar and then using RistrettoPoint::double_and_compress_batch(). I've added a test for this.

@tarcieri
Copy link
Contributor

It seems like you could implement a much more efficient divide-by-two operation using a right shift over the limbs of the unsaturated 52-bit representation used by Scalar

@daxpedda
Copy link
Contributor Author

daxpedda commented Aug 13, 2025
edited
Loading

I originally did exactly that, but that doesn't have the same output and doesn't seem to work; the test will fail.
Not sure exactly why, IANAC.

@tarcieri
Copy link
Contributor

@daxpedda I think it might need the same trick that the div_by_2 implementation in crypto-bigint uses, where it conditionally adds the modulus if odd

@tarcieri
Copy link
Contributor

#805 should be close, I think

@daxpedda daxpedda changed the base branch from main to scalar-div-by-2 August 14, 2025 09:28
@daxpedda
Copy link
Contributor Author

daxpedda commented Aug 14, 2025
edited
Loading

I see! Seems to work great!
I've boiled down the PR to just adding the relevant test test and targeting your scalar-div-by-2 branch.

tarcieri
tarcieri reviewed Aug 14, 2025
View reviewed changes
curve25519-dalek/src/ristretto.rs
@@ -1867,6 +1867,35 @@ mod test {
}
}

#[test]
#[cfg(all(feature = "alloc", feature = "rand_core", feature = "group"))]
fn multiply_double_and_compress_1024_random_points() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should really get proptest set up, this is fine for now though.

cc @rozbb

@tarcieri tarcieri merged commit 25b424a into dalek-cryptography:scalar-div-by-2 Aug 14, 2025
23 checks passed
@tarcieri tarcieri mentioned this pull request Aug 14, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri tarcieri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daxpedda @tarcieri