/** * Negates this group element by subtracting it from the neutral group element. * <p> * TODO-CR BR: why not simply negate the coordinates X and T? * * @return The negative of this group element. */ public GroupElement negate() { if (this.repr != Representation.P3) throw new UnsupportedOperationException(); return this.curve.getZero(Representation.P3).sub(toCached()).toP3PrecomputeDouble(); }
@Test (expected = IllegalArgumentException.class) public void toCachedThrowsIfGroupElementHasP2Representation() { // Arrange: final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P2); // Assert: g.toCached(); }
@Test (expected = IllegalArgumentException.class) public void toCachedThrowsIfGroupElementHasPrecompRepresentation() { // Arrange: final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.PRECOMP); // Assert: g.toCached(); }
@Test (expected = IllegalArgumentException.class) public void toCachedThrowsIfGroupElementHasP1P1Representation() { // Arrange: final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.P1P1); // Assert: g.toCached(); }
/** * Test method for {@link GroupElement#dbl()}. */ @Test public void testDbl() { GroupElement B = ed25519.getB(); // 2 * B = B + B assertThat(B.dbl(), is(equalTo(B.add(B.toCached())))); }
/** * Precomputes table for {@link #doubleScalarMultiplyVariableTime(GroupElement, byte[], byte[])}. * @since 0.9.36 split out from precompute() */ private GroupElement[] precomputeDouble() { // Precomputation for double scalar multiplication. // P,3P,5P,7P,9P,11P,13P,15P GroupElement[] dblPrecmp = new GroupElement[8]; GroupElement Bi = this; for (int i = 0; i < 8; i++) { final FieldElement recip = Bi.Z.invert(); final FieldElement x = Bi.X.multiply(recip); final FieldElement y = Bi.Y.multiply(recip); dblPrecmp[i] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); // Bi = edwards(B,edwards(B,Bi)) Bi = this.add(this.add(Bi.toCached()).toP3().toCached()).toP3(); } return dblPrecmp; }
/** * Precomputes table for {@link #scalarMultiply(byte[])}. * @since 0.9.36 split out from precompute() */ private GroupElement[][] precomputeSingle() { // Precomputation for single scalar multiplication. GroupElement[][] precmp = new GroupElement[32][8]; // TODO-CR BR: check that this == base point when the method is called. GroupElement Bi = this; for (int i = 0; i < 32; i++) { GroupElement Bij = Bi; for (int j = 0; j < 8; j++) { final FieldElement recip = Bij.Z.invert(); final FieldElement x = Bij.X.multiply(recip); final FieldElement y = Bij.Y.multiply(recip); precmp[i][j] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); Bij = Bij.add(Bi.toCached()).toP3(); } // Only every second summand is precomputed (16^2 = 256) for (int k = 0; k < 8; k++) { Bi = Bi.add(Bi.toCached()).toP3(); } } return precmp; }
@Test public void addingNeutralGroupElementDoesNotChangeGroupElement() { final GroupElement neutral = GroupElement.p3(curve, curve.getField().ZERO, curve.getField().ONE, curve.getField().ONE, curve.getField().ZERO); for (int i=0; i<1000; i++) { // Arrange: final GroupElement g = MathUtils.getRandomGroupElement(); // Act: final GroupElement h1 = g.add(neutral.toCached()); final GroupElement h2 = neutral.add(g.toCached()); // Assert: Assert.assertThat(g, IsEqual.equalTo(h1)); Assert.assertThat(g, IsEqual.equalTo(h2)); } }
@Test public void addReturnsExpectedResult() { for (int i=0; i<1000; i++) { // Arrange: final GroupElement g1 = MathUtils.getRandomGroupElement(); final GroupElement g2 = MathUtils.getRandomGroupElement(); // Act: final GroupElement h1 = g1.add(g2.toCached()); final GroupElement h2 = MathUtils.addGroupElements(g1, g2); // Assert: Assert.assertThat(h2, IsEqual.equalTo(h1)); } }
@Test public void subReturnsExpectedResult() { for (int i=0; i<1000; i++) { // Arrange: final GroupElement g1 = MathUtils.getRandomGroupElement(); final GroupElement g2 = MathUtils.getRandomGroupElement(); // Act: final GroupElement h1 = g1.sub(g2.toCached()); final GroupElement h2 = MathUtils.addGroupElements(g1, MathUtils.negateGroupElement(g2)); // Assert: Assert.assertThat(h2, IsEqual.equalTo(h1)); } }
@Test public void toCachedReturnsExpectedResultIfGroupElementHasCachedRepresentation() { for (int i=0; i<10; i++) { // Arrange: final GroupElement g = MathUtils.toRepresentation(MathUtils.getRandomGroupElement(), GroupElement.Representation.CACHED); // Act: final GroupElement h = g.toCached(); // Assert: Assert.assertThat(h, IsEqual.equalTo(g)); Assert.assertThat(h.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.CACHED)); Assert.assertThat(h, IsEqual.equalTo(g)); Assert.assertThat(h.getX(), IsEqual.equalTo(g.getX())); Assert.assertThat(h.getY(), IsEqual.equalTo(g.getY())); Assert.assertThat(h.getZ(), IsEqual.equalTo(g.getZ())); Assert.assertThat(h.getT(), IsEqual.equalTo(g.getT())); } }
is(equalTo(B.dbl().toP3().add(B.toCached()))));
@Test public void toCachedReturnsExpectedResultIfGroupElementHasP3Representation() { for (int i=0; i<10; i++) { // Arrange: final GroupElement g = MathUtils.getRandomGroupElement(); // Act: final GroupElement h1 = g.toCached(); final GroupElement h2 = MathUtils.toRepresentation(g, GroupElement.Representation.CACHED); // Assert: Assert.assertThat(h1, IsEqual.equalTo(h2)); Assert.assertThat(h1.getRepresentation(), IsEqual.equalTo(GroupElement.Representation.CACHED)); Assert.assertThat(h1, IsEqual.equalTo(g)); Assert.assertThat(h1.getX(), IsEqual.equalTo(g.getY().add(g.getX()))); Assert.assertThat(h1.getY(), IsEqual.equalTo(g.getY().subtract(g.getX()))); Assert.assertThat(h1.getZ(), IsEqual.equalTo(g.getZ())); Assert.assertThat(h1.getT(), IsEqual.equalTo(g.getT().multiply(curve.get2D()))); } }
/** * Negates this group element by subtracting it from the neutral group element. * <p> * TODO-CR BR: why not simply negate the coordinates $X$ and $T$? * * @return The negative of this group element. */ public GroupElement negate() { if (this.repr != Representation.P3) throw new UnsupportedOperationException(); return this.curve.getZero(Representation.P3).sub(toCached()).toP3PrecomputeDouble(); }
/** * Precomputes table for {@link #doubleScalarMultiplyVariableTime(GroupElement, byte[], byte[])}. */ private GroupElement[] precomputeDouble() { // Precomputation for double scalar multiplication. // P,3P,5P,7P,9P,11P,13P,15P GroupElement[] dblPrecmp = new GroupElement[8]; GroupElement Bi = this; for (int i = 0; i < 8; i++) { final FieldElement recip = Bi.Z.invert(); final FieldElement x = Bi.X.multiply(recip); final FieldElement y = Bi.Y.multiply(recip); dblPrecmp[i] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); // Bi = edwards(B,edwards(B,Bi)) Bi = this.add(this.add(Bi.toCached()).toP3().toCached()).toP3(); } return dblPrecmp; }
/** * Precomputes table for {@link #scalarMultiply(byte[])}. */ private GroupElement[][] precomputeSingle() { // Precomputation for single scalar multiplication. GroupElement[][] precmp = new GroupElement[32][8]; // TODO-CR BR: check that this == base point when the method is called. GroupElement Bi = this; for (int i = 0; i < 32; i++) { GroupElement Bij = Bi; for (int j = 0; j < 8; j++) { final FieldElement recip = Bij.Z.invert(); final FieldElement x = Bij.X.multiply(recip); final FieldElement y = Bij.Y.multiply(recip); precmp[i][j] = precomp(this.curve, y.add(x), y.subtract(x), x.multiply(y).multiply(this.curve.get2D())); Bij = Bij.add(Bi.toCached()).toP3(); } // Only every second summand is precomputed (16^2 = 256) for (int k = 0; k < 8; k++) { Bi = Bi.add(Bi.toCached()).toP3(); } } return precmp; }