package cln16sidh

import (
	"testing"
)

// Perform Alice's (2-isogeny) key generation, using the slow but simple multiplication-based strategy.
//
// This function just exists to ensure that the fast isogeny-tree strategy works correctly.
func aliceKeyGenSlow(secretKey *SIDHSecretKeyAlice) SIDHPublicKeyAlice {
	var xP, xQ, xQmP, xR, xS ProjectivePoint

	xP.fromAffinePrimeField(&affine_xPB)     // = ( x_P : 1) = x(P_B)
	xQ.fromAffinePrimeField(&affine_xPB)     //
	xQ.x.Neg(&xQ.x)                          // = (-x_P : 1) = x(Q_B)
	xQmP = DistortAndDifference(&affine_xPB) // = x(Q_B - P_B)

	xR = SecretPoint(&affine_xPA, &affine_yPA, secretKey.scalar)

	var currentCurve ProjectiveCurveParameters
	// Starting curve has a = 0, so (A:C) = (0,1)
	currentCurve.A.Zero()
	currentCurve.C.One()

	var firstPhi FirstFourIsogeny
	currentCurve, firstPhi = ComputeFirstFourIsogeny(&currentCurve)

	xP = firstPhi.Eval(&xP)
	xQ = firstPhi.Eval(&xQ)
	xQmP = firstPhi.Eval(&xQmP)
	xR = firstPhi.Eval(&xR)

	var phi FourIsogeny
	for e := (372 - 4); e >= 0; e -= 2 {
		xS.Pow2k(&currentCurve, &xR, uint32(e))
		currentCurve, phi = ComputeFourIsogeny(&xS)
		xR = phi.Eval(&xR)
		xP = phi.Eval(&xP)
		xQ = phi.Eval(&xQ)
		xQmP = phi.Eval(&xQmP)
	}

	var invZP, invZQ, invZQmP ExtensionFieldElement
	ExtensionFieldBatch3Inv(&xP.z, &xQ.z, &xQmP.z, &invZP, &invZQ, &invZQmP)

	var publicKey SIDHPublicKeyAlice
	publicKey.affine_xP.Mul(&xP.x, &invZP)
	publicKey.affine_xQ.Mul(&xQ.x, &invZQ)
	publicKey.affine_xQmP.Mul(&xQmP.x, &invZQmP)

	return publicKey
}

// Perform Bob's (3-isogeny) key generation, using the slow but simple multiplication-based strategy.
//
// This function just exists to ensure that the fast isogeny-tree strategy works correctly.
func bobKeyGenSlow(secretKey *SIDHSecretKeyBob) SIDHPublicKeyBob {
	var xP, xQ, xQmP, xR, xS ProjectivePoint

	xP.fromAffinePrimeField(&affine_xPA)     // = ( x_P : 1) = x(P_A)
	xQ.fromAffinePrimeField(&affine_xPA)     //
	xQ.x.Neg(&xQ.x)                          // = (-x_P : 1) = x(Q_A)
	xQmP = DistortAndDifference(&affine_xPA) // = x(Q_B - P_B)

	xR = SecretPoint(&affine_xPB, &affine_yPB, secretKey.scalar)

	var currentCurve ProjectiveCurveParameters
	// Starting curve has a = 0, so (A:C) = (0,1)
	currentCurve.A.Zero()
	currentCurve.C.One()

	var phi ThreeIsogeny
	for e := 238; e >= 0; e-- {
		xS.Pow3k(&currentCurve, &xR, uint32(e))
		currentCurve, phi = ComputeThreeIsogeny(&xS)
		xR = phi.Eval(&xR)
		xP = phi.Eval(&xP)
		xQ = phi.Eval(&xQ)
		xQmP = phi.Eval(&xQmP)
	}

	var invZP, invZQ, invZQmP ExtensionFieldElement
	ExtensionFieldBatch3Inv(&xP.z, &xQ.z, &xQmP.z, &invZP, &invZQ, &invZQmP)

	var publicKey SIDHPublicKeyBob
	publicKey.affine_xP.Mul(&xP.x, &invZP)
	publicKey.affine_xQ.Mul(&xQ.x, &invZQ)
	publicKey.affine_xQmP.Mul(&xQmP.x, &invZQmP)

	return publicKey
}

// Perform Alice's key agreement, using the slow but simple multiplication-based strategy.
//
// This function just exists to ensure that the fast isogeny-tree strategy works correctly.
func aliceSharedSecretSlow(bobPublic *SIDHPublicKeyBob, aliceSecret *SIDHSecretKeyAlice) ExtensionFieldElement {
	var currentCurve = RecoverCurveParameters(&bobPublic.affine_xP, &bobPublic.affine_xQ, &bobPublic.affine_xQmP)

	var xR, xS, xP, xQ, xQmP ProjectivePoint

	xP.fromAffine(&bobPublic.affine_xP)
	xQ.fromAffine(&bobPublic.affine_xQ)
	xQmP.fromAffine(&bobPublic.affine_xQmP)

	xR.ThreePointLadder(&currentCurve, &xP, &xQ, &xQmP, aliceSecret.scalar)

	var firstPhi FirstFourIsogeny
	currentCurve, firstPhi = ComputeFirstFourIsogeny(&currentCurve)
	xR = firstPhi.Eval(&xR)

	var phi FourIsogeny
	for e := (372 - 4); e >= 2; e -= 2 {
		xS.Pow2k(&currentCurve, &xR, uint32(e))
		currentCurve, phi = ComputeFourIsogeny(&xS)
		xR = phi.Eval(&xR)
	}

	currentCurve, _ = ComputeFourIsogeny(&xR)

	return currentCurve.JInvariant()
}

// Perform Bob's key agreement, using the slow but simple multiplication-based strategy.
//
// This function just exists to ensure that the fast isogeny-tree strategy works correctly.
func bobSharedSecretSlow(alicePublic *SIDHPublicKeyAlice, bobSecret *SIDHSecretKeyBob) ExtensionFieldElement {
	var currentCurve = RecoverCurveParameters(&alicePublic.affine_xP, &alicePublic.affine_xQ, &alicePublic.affine_xQmP)

	var xR, xS, xP, xQ, xQmP ProjectivePoint

	xP.fromAffine(&alicePublic.affine_xP)
	xQ.fromAffine(&alicePublic.affine_xQ)
	xQmP.fromAffine(&alicePublic.affine_xQmP)

	xR.ThreePointLadder(&currentCurve, &xP, &xQ, &xQmP, bobSecret.scalar)

	var phi ThreeIsogeny
	for e := 238; e >= 1; e-- {
		xS.Pow3k(&currentCurve, &xR, uint32(e))
		currentCurve, phi = ComputeThreeIsogeny(&xS)
		xR = phi.Eval(&xR)
	}

	currentCurve, _ = ComputeThreeIsogeny(&xR)

	return currentCurve.JInvariant()
}

func TestBobKeyGenFastVsSlow(t *testing.T) {
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var bobSecretKey = SIDHSecretKeyBob{scalar: m_B[:]}
	var fastPubKey = bobSecretKey.PublicKey()
	var slowPubKey = bobKeyGenSlow(&bobSecretKey)

	if !fastPubKey.affine_xP.VartimeEq(&slowPubKey.affine_xP) {
		t.Error("Expected affine_xP = ", fastPubKey.affine_xP, "found", slowPubKey.affine_xP)
	}
	if !fastPubKey.affine_xQ.VartimeEq(&slowPubKey.affine_xQ) {
		t.Error("Expected affine_xQ = ", fastPubKey.affine_xQ, "found", slowPubKey.affine_xQ)
	}
	if !fastPubKey.affine_xQmP.VartimeEq(&slowPubKey.affine_xQmP) {
		t.Error("Expected affine_xQmP = ", fastPubKey.affine_xQmP, "found", slowPubKey.affine_xQmP)
	}
}

func TestAliceKeyGenFastVsSlow(t *testing.T) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}

	var aliceSecretKey = SIDHSecretKeyAlice{scalar: m_A[:]}
	var fastPubKey = aliceSecretKey.PublicKey()
	var slowPubKey = aliceKeyGenSlow(&aliceSecretKey)

	if !fastPubKey.affine_xP.VartimeEq(&slowPubKey.affine_xP) {
		t.Error("Expected affine_xP = ", fastPubKey.affine_xP, "found", slowPubKey.affine_xP)
	}
	if !fastPubKey.affine_xQ.VartimeEq(&slowPubKey.affine_xQ) {
		t.Error("Expected affine_xQ = ", fastPubKey.affine_xQ, "found", slowPubKey.affine_xQ)
	}
	if !fastPubKey.affine_xQmP.VartimeEq(&slowPubKey.affine_xQmP) {
		t.Error("Expected affine_xQmP = ", fastPubKey.affine_xQmP, "found", slowPubKey.affine_xQmP)
	}
}

func TestKeyAgreement(t *testing.T) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var aliceSecret = SIDHSecretKeyAlice{scalar: m_A[:]}
	var bobSecret = SIDHSecretKeyBob{scalar: m_B[:]}

	var alicePublic = aliceSecret.PublicKey()
	var bobPublic = bobSecret.PublicKey()

	var aliceSharedSecretSlow = aliceSharedSecretSlow(&bobPublic, &aliceSecret)
	var aliceSharedSecretFast = aliceSecret.SharedSecret(&bobPublic)
	var bobSharedSecretSlow = bobSharedSecretSlow(&alicePublic, &bobSecret)
	var bobSharedSecretFast = bobSecret.SharedSecret(&alicePublic)

	if !aliceSharedSecretFast.VartimeEq(&bobSharedSecretFast) {
		t.Error("Shared secret (fast) mismatch: Alice has ", aliceSharedSecretFast, " Bob has ", bobSharedSecretFast)
	}
	if !aliceSharedSecretSlow.VartimeEq(&bobSharedSecretSlow) {
		t.Error("Shared secret (slow) mismatch: Alice has ", aliceSharedSecretSlow, " Bob has ", bobSharedSecretSlow)
	}
	if !aliceSharedSecretSlow.VartimeEq(&bobSharedSecretFast) {
		t.Error("Shared secret mismatch: Alice (slow) has ", aliceSharedSecretSlow, " Bob (fast) has ", bobSharedSecretFast)
	}
}

func TestSecretPoint(t *testing.T) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var xR_A = SecretPoint(&affine_xPA, &affine_yPA, m_A[:])
	var xR_B = SecretPoint(&affine_xPB, &affine_yPB, m_B[:])

	var sageAffine_xR_A = ExtensionFieldElement{a: fp751Element{0x29f1dff12103d089, 0x7409b9bf955e0d87, 0xe812441c1cca7288, 0xc32b8b13efba55f9, 0xc3b76a80696d83da, 0x185dd4f93a3dc373, 0xfc07c1a9115b6717, 0x39bfcdd63b5c4254, 0xc4d097d51d41efd8, 0x4f893494389b21c7, 0x373433211d3d0446, 0x53c35ccc3d22}, b: fp751Element{0x722e718f33e40815, 0x8c5fc0fdf715667, 0x850fd292bbe8c74c, 0x212938a60fcbf5d3, 0xfdb2a099d58dc6e7, 0x232f83ab63c9c205, 0x23eda62fa5543f5e, 0x49b5758855d9d04f, 0x6b455e6642ef25d1, 0x9651162537470202, 0xfeced582f2e96ff0, 0x33a9e0c0dea8}}
	var sageAffine_xR_B = ExtensionFieldElement{a: fp751Element{0xdd4e66076e8499f5, 0xe7efddc6907519da, 0xe31f9955b337108c, 0x8e558c5479ffc5e1, 0xfee963ead776bfc2, 0x33aa04c35846bf15, 0xab77d91b23617a0d, 0xbdd70948746070e2, 0x66f71291c277e942, 0x187c39db2f901fce, 0x69262987d5d32aa2, 0xe1db40057dc}, b: fp751Element{0xd1b766abcfd5c167, 0x4591059dc8a382fa, 0x1ddf9490736c223d, 0xc96db091bdf2b3dd, 0x7b8b9c3dc292f502, 0xe5b18ad85e4d3e33, 0xc3f3479b6664b931, 0xa4f17865299e21e6, 0x3f7ef5b332fa1c6e, 0x875bedb5dab06119, 0x9b5a06ea2e23b93, 0x43d48296fb26}}

	var affine_xR_A = xR_A.toAffine()
	if !sageAffine_xR_A.VartimeEq(affine_xR_A) {
		t.Error("Expected \n", sageAffine_xR_A, "\nfound\n", affine_xR_A)
	}

	var affine_xR_B = xR_B.toAffine()
	if !sageAffine_xR_B.VartimeEq(affine_xR_B) {
		t.Error("Expected \n", sageAffine_xR_B, "\nfound\n", affine_xR_B)
	}
}

var keygenBenchPubKeyAlice SIDHPublicKeyAlice
var keygenBenchPubKeyBob SIDHPublicKeyBob

func BenchmarkAliceKeyGenFast(b *testing.B) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}

	var aliceSecretKey = SIDHSecretKeyAlice{scalar: m_A[:]}

	for n := 0; n < b.N; n++ {
		keygenBenchPubKeyAlice = aliceSecretKey.PublicKey()
	}
}

func BenchmarkAliceKeyGenSlow(b *testing.B) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}

	var aliceSecretKey = SIDHSecretKeyAlice{scalar: m_A[:]}

	for n := 0; n < b.N; n++ {
		keygenBenchPubKeyAlice = aliceKeyGenSlow(&aliceSecretKey)
	}
}

func BenchmarkBobKeyGenFast(b *testing.B) {
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var bobSecretKey = SIDHSecretKeyBob{scalar: m_B[:]}

	for n := 0; n < b.N; n++ {
		keygenBenchPubKeyBob = bobSecretKey.PublicKey()
	}
}

func BenchmarkBobKeyGenSlow(b *testing.B) {
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var bobSecretKey = SIDHSecretKeyBob{scalar: m_B[:]}

	for n := 0; n < b.N; n++ {
		keygenBenchPubKeyBob = bobKeyGenSlow(&bobSecretKey)
	}
}

var benchKeyAgreementAlicePublic = SIDHPublicKeyAlice{affine_xP: ExtensionFieldElement{a: fp751Element{0xea6b2d1e2aebb250, 0x35d0b205dc4f6386, 0xb198e93cb1830b8d, 0x3b5b456b496ddcc6, 0x5be3f0d41132c260, 0xce5f188807516a00, 0x54f3e7469ea8866d, 0x33809ef47f36286, 0x6fa45f83eabe1edb, 0x1b3391ae5d19fd86, 0x1e66daf48584af3f, 0xb430c14aaa87}, b: fp751Element{0x97b41ebc61dcb2ad, 0x80ead31cb932f641, 0x40a940099948b642, 0x2a22fd16cdc7fe84, 0xaabf35b17579667f, 0x76c1d0139feb4032, 0x71467e1e7b1949be, 0x678ca8dadd0d6d81, 0x14445daea9064c66, 0x92d161eab4fa4691, 0x8dfbb01b6b238d36, 0x2e3718434e4e}}, affine_xQ: ExtensionFieldElement{a: fp751Element{0xb055cf0ca1943439, 0xa9ff5de2fa6c69ed, 0x4f2761f934e5730a, 0x61a1dcaa1f94aa4b, 0xce3c8fadfd058543, 0xeac432aaa6701b8e, 0x8491d523093aea8b, 0xba273f9bd92b9b7f, 0xd8f59fd34439bb5a, 0xdc0350261c1fe600, 0x99375ab1eb151311, 0x14d175bbdbc5}, b: fp751Element{0xffb0ef8c2111a107, 0x55ceca3825991829, 0xdbf8a1ccc075d34b, 0xb8e9187bd85d8494, 0x670aa2d5c34a03b0, 0xef9fe2ed2b064953, 0xc911f5311d645aee, 0xf4411f409e410507, 0x934a0a852d03e1a8, 0xe6274e67ae1ad544, 0x9f4bc563c69a87bc, 0x6f316019681e}}, affine_xQmP: ExtensionFieldElement{a: fp751Element{0x6ffb44306a153779, 0xc0ffef21f2f918f3, 0x196c46d35d77f778, 0x4a73f80452edcfe6, 0x9b00836bce61c67f, 0x387879418d84219e, 0x20700cf9fc1ec5d1, 0x1dfe2356ec64155e, 0xf8b9e33038256b1c, 0xd2aaf2e14bada0f0, 0xb33b226e79a4e313, 0x6be576fad4e5}, b: fp751Element{0x7db5dbc88e00de34, 0x75cc8cb9f8b6e11e, 0x8c8001c04ebc52ac, 0x67ef6c981a0b5a94, 0xc3654fbe73230738, 0xc6a46ee82983ceca, 0xed1aa61a27ef49f0, 0x17fe5a13b0858fe0, 0x9ae0ca945a4c6b3c, 0x234104a218ad8878, 0xa619627166104394, 0x556a01ff2e7e}}}

var benchKeyAgreementBobPublic = SIDHPublicKeyBob{affine_xP: ExtensionFieldElement{a: fp751Element{0x6e1b8b250595b5fb, 0x800787f5197d963b, 0x6f4a4e314162a8a4, 0xe75cba4d37c02128, 0x2212e7579817a216, 0xd8a5fdb0ab2f843c, 0x44230c9f998cfd6c, 0x311ff789b26aa292, 0x73d05c379ff53e40, 0xddd8f5a223bad56c, 0x94b611e6e931c8b5, 0x4d6b9bfe3555}, b: fp751Element{0x1a3686cfc8381294, 0x57f089b14f639cc4, 0xdb6a1565f2f5cabe, 0x83d67e8f6a02f215, 0x1946272593815e87, 0x2d839631785ca74c, 0xf149dcb2dee2bee, 0x705acd79efe405bf, 0xae3769b67687fbed, 0xacd5e29f2c203cb0, 0xdd91f08fa3153e08, 0x5a9ad8cb7400}}, affine_xQ: ExtensionFieldElement{a: fp751Element{0xd30ed48b8c0d0c4a, 0x949cad95959ec462, 0x188675581e9d1f2a, 0xf57ed3233d33031c, 0x564c6532f7283ce7, 0x80cbef8ee3b66ecb, 0x5c687359315f22ce, 0x1da950f8671fac50, 0x6fa6c045f513ef6, 0x25ffc65a8da12d4a, 0x8b0f4ac0f5244f23, 0xadcb0e07fd92}, b: fp751Element{0x37a43cd933ebfec4, 0x2a2806ef28dacf84, 0xd671fe718611b71e, 0xef7d73f01a676326, 0x99db1524e5799cf2, 0x860271dfbf67ff62, 0xedc2a0a14114bcf, 0x6c7b9b14b1264e5a, 0xf52de61707dc38b4, 0xccddb13fcc691f5a, 0x80f37a1220163920, 0x6a9175b9d5a1}}, affine_xQmP: ExtensionFieldElement{a: fp751Element{0xf08af9e695c626da, 0x7a4b4d52b54e1b38, 0x980272cd4c8b8c10, 0x1afcb6151d113176, 0xaef7dbd877c00f0c, 0xe8a5ea89078700c3, 0x520c1901aa8323fa, 0xfba049c947f3383a, 0x1c38abcab48be9af, 0x9f1212b923481ea, 0x1522da3457a7c293, 0xb746f78e3a61}, b: fp751Element{0x48010d0b48491128, 0x6d1c5c509f99f450, 0xaa3522330e3a8a62, 0x872aaf46193b2bb2, 0xc89260a2d8508973, 0x98bbbebf5524be83, 0x35711d01d895c217, 0x5e44e09ec506ed7, 0xac653a760ef6fd58, 0x5837954e30ad688d, 0xcbd3e9a1b5661da8, 0x15547f5d091a}}}

var benchKeyAgreementJInvariant ExtensionFieldElement

func BenchmarkKeyAgreementAliceFast(b *testing.B) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}

	var aliceSecret = SIDHSecretKeyAlice{scalar: m_A[:]}

	for n := 0; n < b.N; n++ {
		benchKeyAgreementJInvariant = aliceSecret.SharedSecret(&benchKeyAgreementBobPublic)
	}
}

func BenchmarkKeyAgreementAliceSlow(b *testing.B) {
	// m_A = 2*randint(0,2^371)
	var m_A = [...]uint8{248, 31, 9, 39, 165, 125, 79, 135, 70, 97, 87, 231, 221, 204, 245, 38, 150, 198, 187, 184, 199, 148, 156, 18, 137, 71, 248, 83, 111, 170, 138, 61, 112, 25, 188, 197, 132, 151, 1, 0, 207, 178, 24, 72, 171, 22, 11}

	var aliceSecret = SIDHSecretKeyAlice{scalar: m_A[:]}

	for n := 0; n < b.N; n++ {
		benchKeyAgreementJInvariant = aliceSharedSecretSlow(&benchKeyAgreementBobPublic, &aliceSecret)
	}
}

func BenchmarkKeyAgreementBobFast(b *testing.B) {
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var bobSecret = SIDHSecretKeyBob{scalar: m_B[:]}

	for n := 0; n < b.N; n++ {
		benchKeyAgreementJInvariant = bobSecret.SharedSecret(&benchKeyAgreementAlicePublic)
	}
}

func BenchmarkKeyAgreementBobSlow(b *testing.B) {
	// m_B = 3*randint(0,3^238)
	var m_B = [...]uint8{246, 217, 158, 190, 100, 227, 224, 181, 171, 32, 120, 72, 92, 115, 113, 62, 103, 57, 71, 252, 166, 121, 126, 201, 55, 99, 213, 234, 243, 228, 171, 68, 9, 239, 214, 37, 255, 242, 217, 180, 25, 54, 242, 61, 101, 245, 78}

	var bobSecret = SIDHSecretKeyBob{scalar: m_B[:]}

	for n := 0; n < b.N; n++ {
		benchKeyAgreementJInvariant = bobSharedSecretSlow(&benchKeyAgreementAlicePublic, &bobSecret)
	}
}