Add Botan x25519 ladder (from curve25519_donna).

3 files changed, 29 insertions, 0 deletions

diff --git a/test/data/formulas/ladd-botan-x25519 b/test/data/formulas/ladd-botan-x25519
new file mode 100644
index 0000000..ae1571d
--- /dev/null
+++ b/test/data/formulas/ladd-botan-x25519
@@ -0,0 +1,4 @@
+source Botan 3.2.0 https://github.com/randombit/botan/blob/3.2.0/src/lib/pubkey/curve25519/donna.cpp#L299
+coords xz
+parameter am24
+assume am24 = (a-2)/4
diff --git a/test/data/formulas/ladd-botan-x25519.op3 b/test/data/formulas/ladd-botan-x25519.op3
new file mode 100644
index 0000000..b375514
--- /dev/null
+++ b/test/data/formulas/ladd-botan-x25519.op3
@@ -0,0 +1,18 @@
+Z1new = X2 - Z2
+X1new = X2 + Z2
+Z2new = X3 - Z3
+X2new = X3 + Z3
+xxprime = X2new * Z1new
+zzprime = Z2new * X1new
+zzprime_new = xxprime - zzprime
+xxprime_new = xxprime + zzprime
+X5 = xxprime_new^2
+zzzprime = zzprime_new^2
+Z5 = zzzprime * X1
+xx = X1new^2
+zz = Z1new^2
+X4 = xx * zz
+zz = xx - zz
+zzz = zz * am24
+zzz = zzz + xx
+Z4 = zz * zzz
diff --git a/test/sca/test_structural.py b/test/sca/test_structural.py
index b323f58..970e4fc 100644
--- a/test/sca/test_structural.py
+++ b/test/sca/test_structural.py
@@ -238,6 +238,13 @@ def test_formula_similarity(secp128r1):
             ("other", "Curve25519"),
             DoublingEFDFormula,
         ],
+        [
+            "ladd-botan-x25519",
+            MontgomeryModel,
+            "xz",
+            ("other", "Curve25519"),
+            LadderEFDFormula,
+        ],
     ],
 )
 def test_formula_correctness(name, model, coords, param_spec, formula_type):