in src/hidden_dlog.c [34:98]
void HDLOG_commit(csprng *RNG, MODULUS_priv *m, BIG_1024_58 *ord, BIG_1024_58 *B0, HDLOG_iter_values R, HDLOG_iter_values RHO)
{
int i;
BIG_1024_58 fm1[HFLEN_2048];
BIG_1024_58 rhoq[HFLEN_2048];
BIG_1024_58 ND[HFLEN_2048];
BIG_1024_58 ws[HFLEN_2048];
BIG_1024_58 *WS[] = {ws};
BIG_1024_58 T_mem[C_SIZE][HFLEN_2048];
BIG_1024_58 *T[C_SIZE] = {0};
for (i = 0; i < C_SIZE; i++)
{
T[i] = T_mem[i];
}
// Generate random values for commitments
if (RNG != NULL)
{
for (i = 0; i < HDLOG_PROOF_ITERS; i++)
{
FF_2048_randomnum(R[i], ord, RNG, FFLEN_2048);
}
}
// Compute exponents B0^R mod P for later use in CRT
FF_2048_copy(fm1, m->p, HFLEN_2048);
FF_2048_dec(fm1, 1, HFLEN_2048);
FF_2048_dmod(ws, B0, m->p, HFLEN_2048);
FF_2048_invmod2m(ND, m->p, HFLEN_2048);
FF_2048_2w_precompute(WS, T, 1, C_WINDOW, m->p, ND, HFLEN_2048);
for (i = 0; i < HDLOG_PROOF_ITERS; i++)
{
FF_2048_dmod(ws, R[i], fm1, HFLEN_2048);
FF_2048_ct_2w_pow(RHO[i], T, WS, 1, C_WINDOW, m->p, ND, HFLEN_2048, HFLEN_2048);
}
// Compute exponents B0^R mod Q and recombine using CRT
FF_2048_dmod(ws, B0, m->q, HFLEN_2048);
FF_2048_invmod2m(ND, m->q, HFLEN_2048);
FF_2048_2w_precompute(WS, T, 1, C_WINDOW, m->q, ND, HFLEN_2048);
FF_2048_copy(fm1, m->q, HFLEN_2048);
FF_2048_dec(fm1, 1, HFLEN_2048);
for (i = 0; i < HDLOG_PROOF_ITERS; i++)
{
FF_2048_dmod(ws, R[i], fm1, HFLEN_2048);
FF_2048_ct_2w_pow(rhoq, T, WS, 1, C_WINDOW, m->q, ND, HFLEN_2048, HFLEN_2048);
FF_2048_crt(RHO[i], RHO[i], rhoq, m->p, m->invpq, m->n, HFLEN_2048);
}
// Clean memory
FF_2048_zero(fm1, HFLEN_2048);
FF_2048_zero(ws, HFLEN_2048);
FF_2048_zero(rhoq, HFLEN_2048);
FF_2048_zero(ND, HFLEN_2048);
}