protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { if (!curve.equals(p.getCurve())) { throw new IllegalStateException(); } BigInteger n = p.getCurve().getOrder(); BigInteger[] ab = glvEndomorphism.decomposeScalar(k.mod(n)); BigInteger a = ab[0], b = ab[1]; ECPointMap pointMap = glvEndomorphism.getPointMap(); if (glvEndomorphism.hasEfficientPointMap()) { return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap, b); } return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap.map(p), b); } }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { if (!curve.equals(p.getCurve())) { throw new IllegalStateException(); } BigInteger n = p.getCurve().getOrder(); BigInteger[] ab = glvEndomorphism.decomposeScalar(k.mod(n)); BigInteger a = ab[0], b = ab[1]; ECPointMap pointMap = glvEndomorphism.getPointMap(); if (glvEndomorphism.hasEfficientPointMap()) { return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap, b); } return ECAlgorithms.implShamirsTrickWNaf(p, a, pointMap.map(p), b); } }
static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { boolean negK = k.signum() < 0, negL = l.signum() < 0; k = k.abs(); l = l.abs(); int widthP = Math.max(2, Math.min(16, WNafUtil.getWindowSize(k.bitLength()))); int widthQ = Math.max(2, Math.min(16, WNafUtil.getWindowSize(l.bitLength()))); WNafPreCompInfo infoP = WNafUtil.precompute(P, widthP, true); WNafPreCompInfo infoQ = WNafUtil.precompute(Q, widthQ, true); ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp(); ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp(); ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg(); ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg(); byte[] wnafP = WNafUtil.generateWindowNaf(widthP, k); byte[] wnafQ = WNafUtil.generateWindowNaf(widthQ, l); return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ); }
static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { boolean negK = k.signum() < 0, negL = l.signum() < 0; k = k.abs(); l = l.abs(); int widthP = Math.max(2, Math.min(16, WNafUtil.getWindowSize(k.bitLength()))); int widthQ = Math.max(2, Math.min(16, WNafUtil.getWindowSize(l.bitLength()))); WNafPreCompInfo infoP = WNafUtil.precompute(P, widthP, true); WNafPreCompInfo infoQ = WNafUtil.precompute(Q, widthQ, true); ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp(); ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp(); ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg(); ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg(); byte[] wnafP = WNafUtil.generateWindowNaf(widthP, k); byte[] wnafQ = WNafUtil.generateWindowNaf(widthQ, l); return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ); }
static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k, ECPointMap pointMapQ, BigInteger l) { boolean negK = k.signum() < 0, negL = l.signum() < 0; k = k.abs(); l = l.abs(); int width = Math.max(2, Math.min(16, WNafUtil.getWindowSize(Math.max(k.bitLength(), l.bitLength())))); ECPoint Q = WNafUtil.mapPointWithPrecomp(P, width, true, pointMapQ); WNafPreCompInfo infoP = WNafUtil.getWNafPreCompInfo(P); WNafPreCompInfo infoQ = WNafUtil.getWNafPreCompInfo(Q); ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp(); ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp(); ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg(); ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg(); byte[] wnafP = WNafUtil.generateWindowNaf(width, k); byte[] wnafQ = WNafUtil.generateWindowNaf(width, l); return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ); }
static ECPoint implShamirsTrickWNaf(ECPoint P, BigInteger k, ECPointMap pointMapQ, BigInteger l) { boolean negK = k.signum() < 0, negL = l.signum() < 0; k = k.abs(); l = l.abs(); int width = Math.max(2, Math.min(16, WNafUtil.getWindowSize(Math.max(k.bitLength(), l.bitLength())))); ECPoint Q = WNafUtil.mapPointWithPrecomp(P, width, true, pointMapQ); WNafPreCompInfo infoP = WNafUtil.getWNafPreCompInfo(P); WNafPreCompInfo infoQ = WNafUtil.getWNafPreCompInfo(Q); ECPoint[] preCompP = negK ? infoP.getPreCompNeg() : infoP.getPreComp(); ECPoint[] preCompQ = negL ? infoQ.getPreCompNeg() : infoQ.getPreComp(); ECPoint[] preCompNegP = negK ? infoP.getPreComp() : infoP.getPreCompNeg(); ECPoint[] preCompNegQ = negL ? infoQ.getPreComp() : infoQ.getPreCompNeg(); byte[] wnafP = WNafUtil.generateWindowNaf(width, k); byte[] wnafQ = WNafUtil.generateWindowNaf(width, l); return implShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ); }
public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a, ECPoint Q, BigInteger b) { ECCurve cp = P.getCurve(); Q = importPoint(cp, Q); // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick if (cp instanceof ECCurve.AbstractF2m) { ECCurve.AbstractF2m f2mCurve = (ECCurve.AbstractF2m)cp; if (f2mCurve.isKoblitz()) { return implCheckResult(P.multiply(a).add(Q.multiply(b))); } } ECEndomorphism endomorphism = cp.getEndomorphism(); if (endomorphism instanceof GLVEndomorphism) { return implCheckResult( implSumOfMultipliesGLV(new ECPoint[]{ P, Q }, new BigInteger[]{ a, b }, (GLVEndomorphism)endomorphism)); } return implCheckResult(implShamirsTrickWNaf(P, a, Q, b)); }
public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a, ECPoint Q, BigInteger b) { ECCurve cp = P.getCurve(); Q = importPoint(cp, Q); // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick if (cp instanceof ECCurve.F2m) { ECCurve.F2m f2mCurve = (ECCurve.F2m)cp; if (f2mCurve.isKoblitz()) { return validatePoint(P.multiply(a).add(Q.multiply(b))); } } ECEndomorphism endomorphism = cp.getEndomorphism(); if (endomorphism instanceof GLVEndomorphism) { return validatePoint( implSumOfMultipliesGLV(new ECPoint[]{ P, Q }, new BigInteger[]{ a, b }, (GLVEndomorphism)endomorphism)); } return validatePoint(implShamirsTrickWNaf(P, a, Q, b)); }