fix(vartime_double_base): remove usage of alloc (#9)

* fix: remove usage of alloc * chore: suggestions from review Co-authored-by: N <[email protected]> --------- Co-authored-by: N <[email protected]>
sp1-patches · Nov 26, 2024 · a9d4628 · a9d4628
1 parent dbdd0ff
commit a9d4628
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 12 deletions.
diff --git a/curve25519-dalek/src/backend/serial/scalar_mul/variable_base.rs b/curve25519-dalek/src/backend/serial/scalar_mul/variable_base.rs
@@ -5,8 +5,6 @@ use crate::edwards::EdwardsPoint;
 use crate::scalar::Scalar;
 use crate::traits::Identity;
 use crate::window::LookupTable;
-use alloc::vec::Vec;
-use crate::constants::ED25519_BASEPOINT_POINT;
 
 #[cfg(not(all(target_os = "zkvm", target_vendor = "succinct")))]
 /// Perform constant-time, variable-base scalar multiplication.

diff --git a/curve25519-dalek/src/backend/serial/scalar_mul/vartime_double_base.rs b/curve25519-dalek/src/backend/serial/scalar_mul/vartime_double_base.rs
@@ -18,9 +18,11 @@ use crate::edwards::EdwardsPoint;
 use crate::scalar::Scalar;
 use crate::traits::Identity;
 use crate::window::NafLookupTable5;
-use alloc::vec::Vec;
+
+#[cfg(not(feature = "precomputed-tables"))]
 use crate::constants::ED25519_BASEPOINT_POINT;
 
+
 #[cfg(not(all(target_os = "zkvm", target_vendor = "succinct")))]
 /// Compute \\(aA + bB\\) in variable time, where \\(B\\) is the Ed25519 basepoint.
 pub fn mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint {
@@ -84,15 +86,15 @@ use sp1_lib::{ed25519::Ed25519AffinePoint, utils::AffinePoint};
 pub fn mul(a: &Scalar, A: &EdwardsPoint, b: &Scalar) -> EdwardsPoint {
     let A: Ed25519AffinePoint = (*A).into();
 
-    let a_bits = a.bits_le().collect::<Vec<bool>>();
-    let b_bits = b.bits_le().collect::<Vec<bool>>();
+    let a_bits = a.bits_le_array();
+    let b_bits = b.bits_le_array();
 
     // Note: The base point is the identity point.
     let res = AffinePoint::multi_scalar_multiplication(
         &a_bits,
         A,
         &b_bits,
-        ED25519_BASEPOINT_POINT.into(),
+        crate::constants::ED25519_BASEPOINT_POINT.into(),
     )
     .unwrap();
     res.into()

diff --git a/curve25519-dalek/src/scalar.rs b/curve25519-dalek/src/scalar.rs
@@ -836,14 +836,23 @@ impl Scalar {
         ret
     }
 
+    fn get_bit_le(&self, i: usize) -> bool {
+        ((self.bytes[i >> 3] >> (i & 7)) & 1u8) == 1
+    }
+
     /// Get the bits of the scalar, in little-endian order
     pub(crate) fn bits_le(&self) -> impl DoubleEndedIterator<Item = bool> + '_ {
-        (0..256).map(|i| {
-            // As i runs from 0..256, the bottom 3 bits index the bit, while the upper bits index
-            // the byte. Since self.bytes is little-endian at the byte level, this iterator is
-            // little-endian on the bit level
-            ((self.bytes[i >> 3] >> (i & 7)) & 1u8) == 1
-        })
+        (0..256).map(move |i| self.get_bit_le(i))
+    }
+
+    /// Get the bits of the scalar, in little-endian order, as an array
+    #[cfg(all(target_os = "zkvm", target_vendor = "succinct"))]
+    pub(crate) fn bits_le_array(&self) -> [bool; 256] {
+        let mut bits = [false; 256];
+        for i in 0..256 {
+            bits[i] = self.get_bit_le(i);
+        }
+        bits
     }
 
     /// Compute a width-\\(w\\) "Non-Adjacent Form" of this scalar.