/** * Computes the auxiliary values <code>s<sub>0</sub></code> and * <code>s<sub>1</sub></code> used for partial modular reduction. * @param curve The elliptic curve for which to compute * <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>. * @throws IllegalArgumentException if <code>curve</code> is not a * Koblitz curve (Anomalous Binary Curve, ABC). */ public static BigInteger[] getSi(ECCurve.F2m curve) { if (!curve.isKoblitz()) { throw new IllegalArgumentException("si is defined for Koblitz curves only"); } int m = curve.getM(); int a = curve.getA().toBigInteger().intValue(); byte mu = curve.getMu(); int shifts = getShiftsForCofactor(curve.getCofactor()); int index = m + 3 - a; BigInteger[] ui = getLucas(mu, index, false); if (mu == 1) { ui[0] = ui[0].negate(); ui[1] = ui[1].negate(); } BigInteger dividend0 = ECConstants.ONE.add(ui[1]).shiftRight(shifts); BigInteger dividend1 = ECConstants.ONE.add(ui[0]).shiftRight(shifts).negate(); return new BigInteger[] { dividend0, dividend1 }; }
/** * Returns the parameter <code>μ</code> of the elliptic curve. * @param curve The elliptic curve from which to obtain <code>μ</code>. * The curve must be a Koblitz curve, i.e. <code>a</code> equals * <code>0</code> or <code>1</code> and <code>b</code> equals * <code>1</code>. * @return <code>μ</code> of the elliptic curve. * @throws IllegalArgumentException if the given ECCurve is not a Koblitz * curve. */ public static byte getMu(ECCurve.F2m curve) { if (!curve.isKoblitz()) { throw new IllegalArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible"); } if (curve.getA().isZero()) { return -1; } return 1; }
public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a, ECPoint Q, BigInteger b) { ECCurve cp = P.getCurve(); Q = importPoint(cp, Q); // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick if (cp instanceof ECCurve.F2m) { ECCurve.F2m f2mCurve = (ECCurve.F2m)cp; if (f2mCurve.isKoblitz()) { return validatePoint(P.multiply(a).add(Q.multiply(b))); } } ECEndomorphism endomorphism = cp.getEndomorphism(); if (endomorphism instanceof GLVEndomorphism) { return validatePoint( implSumOfMultipliesGLV(new ECPoint[]{ P, Q }, new BigInteger[]{ a, b }, (GLVEndomorphism)endomorphism)); } return validatePoint(implShamirsTrickWNaf(P, a, Q, b)); }
protected ECMultiplier createDefaultMultiplier() { if (isKoblitz()) { return new WTauNafMultiplier(); } return super.createDefaultMultiplier(); }
protected ECMultiplier createDefaultMultiplier() { if (isKoblitz()) { return new WTauNafMultiplier(); } return super.createDefaultMultiplier(); }