mapToPoint static method
Maps a BigInt 'r0' to an Edwards curve point (EDPoint).
Implementation
static EDPoint mapToPoint(BigInt r0) {
final sqrtM1 = BigInt.parse(
'19681161376707505956807079304988542015446066515923890162744021073123829784752',
);
/// The square of -1 in the Ristretto255 curve field.
final minusOneSq = BigInt.parse(
'40440834346308536858101042469323190826248399146238708352240133220865137265952',
);
/// The value 1 - d^2 in the Ristretto255 curve field.
final oneMinusDSq = BigInt.parse(
'1159843021668779879193775521855586647937357759715417654439879720876111806838',
);
/// The value (a*d) - 1 in the Ristretto255 curve field.
final sqrtAdMinusOne = BigInt.parse(
'25063068953384623474111414158702152701244531502492656460079210482610430750235',
);
final curveD = Curves.generatorED25519.curve.d;
final primeP = Curves.curveEd25519.p;
final rSquared = positiveMod(sqrtM1 * r0 * r0, primeP);
final numeratorS = positiveMod(
(rSquared + BigInt.one) * oneMinusDSq,
primeP,
);
var c = BigInt.from(-1);
final D = positiveMod(
(c - curveD * rSquared) * positiveMod(rSquared + curveD, primeP),
primeP,
);
final uvRatio = sqrtUV(numeratorS, D);
final useSecondRoot = uvRatio.$1;
BigInt sValue = uvRatio.$2;
BigInt sComputed = positiveMod(sValue * r0, primeP);
if (!isOdd(sComputed, primeP)) {
sComputed = positiveMod(-sComputed, primeP);
}
if (!useSecondRoot) {
sValue = sComputed;
}
if (!useSecondRoot) {
c = rSquared;
}
final ntValue = positiveMod(
c * (rSquared - BigInt.one) * minusOneSq - D,
primeP,
);
final sSquared = sValue * sValue;
final w0 = positiveMod((sValue + sValue) * D, primeP);
final w1 = positiveMod(ntValue * sqrtAdMinusOne, primeP);
final w2 = positiveMod(BigInt.one - sSquared, primeP);
final w3 = positiveMod(BigInt.one + sSquared, primeP);
return EDPoint(
curve: Curves.curveEd25519,
x: positiveMod(w0 * w3, primeP),
y: positiveMod(w2 * w1, primeP),
z: positiveMod(w1 * w3, primeP),
t: positiveMod(w0 * w2, primeP),
);
}