Use Decaf448 specific addition algorithm

Author: daxpedda

ed448-goldilocks/src/curve/twedwards/extended.rs

@@ -80,11 +80,11 @@ impl ExtendedPoint {
     /// Returns an extensible point
     /// (3.1) https://iacr.org/archive/asiacrypt2008/53500329/53500329.pdf
     pub fn add_extended(&self, other: &ExtendedPoint) -> ExtensiblePoint {
-        let A = self.X * other.X;
-        let B = self.Y * other.Y;
-        let C = self.T * other.T * FieldElement::TWISTED_D;
-        let D = self.Z * other.Z;
-        let E = (self.X + self.Y) * (other.X + other.Y) - A - B;
+        let A = (self.Y - self.X) * (other.Y - other.X);
+        let B = (self.Y + self.X) * (other.Y + other.X);
+        let C = FieldElement::TWO_TIMES_TWISTED_D * self.T * other.T;
+        let D = (self.Z * other.Z).double();
+        let E = B - A;
         let F = D - C;
         let G = D + C;
         let H = B + A;
@@ -97,27 +97,6 @@ impl ExtendedPoint {
         }
     }
 
-    /// Subtracts an extensible point from an extended point
-    /// Returns an extensible point
-    /// This is a direct modification of the addition formula to the negation of `other`
-    pub fn sub_extended(&self, other: &ExtendedPoint) -> ExtensiblePoint {
-        let A = self.X * other.X;
-        let B = self.Y * other.Y;
-        let C = self.T * other.T * FieldElement::TWISTED_D;
-        let D = self.Z * other.Z;
-        let E = (self.X + self.Y) * (other.Y - other.X) + A - B;
-        let F = D + C;
-        let G = D - C;
-        let H = B - A;
-        ExtensiblePoint {
-            X: E * F,
-            Y: G * H,
-            T1: E,
-            T2: H,
-            Z: F * G,
-        }
-    }
-
     /// Adds an extensible point to an AffineNiels point
     /// Returns an Extensible point
     pub fn add_affine_niels(&self, other: AffineNielsPoint) -> ExtensiblePoint {
@@ -297,19 +276,6 @@ mod tests {
         assert!(c == c_1);
     }
 
-    #[test]
-    fn test_point_sub() {
-        let a = TWISTED_EDWARDS_BASE_POINT;
-        let b = a.to_extensible().double().to_extended();
-
-        // A - B = C
-        let c_1 = a.sub_extended(&b).to_extended();
-
-        // -B + A = C
-        let c_2 = b.negate().add_extended(&a).to_extended();
-        assert!(c_1 == c_2);
-    }
-
     #[test]
     fn test_negate() {
         let a = TWISTED_EDWARDS_BASE_POINT;

ed448-goldilocks/src/decaf/ops.rs

@@ -101,7 +101,7 @@ impl Sub<&DecafPoint> for &DecafPoint {
     type Output = DecafPoint;
 
     fn sub(self, other: &DecafPoint) -> DecafPoint {
-        DecafPoint(self.0.sub_extended(&other.0).to_extended())
+        DecafPoint(self.0.add_extended(&other.0.negate()).to_extended())
     }
 }
 

ed448-goldilocks/src/decaf/points.rs

@@ -320,7 +320,7 @@ impl DecafPoint {
 
     /// Subtract two points
     pub fn sub(&self, other: &DecafPoint) -> DecafPoint {
-        DecafPoint(self.0.sub_extended(&other.0).to_extended())
+        DecafPoint(self.0.add_extended(&other.0.negate()).to_extended())
     }
 
     /// Compress this point