/** * @deprecated per-point compression property will be removed, use {@link #createPoint(BigInteger, BigInteger)} * and refer {@link ECPoint#getEncoded(boolean)} */ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression) { return createRawPoint(fromBigInteger(x), fromBigInteger(y), withCompression); }
/** * @deprecated per-point compression property will be removed, use {@link #createPoint(BigInteger, BigInteger)} * and refer {@link ECPoint#getEncoded(boolean)} */ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression) { return createRawPoint(fromBigInteger(x), fromBigInteger(y), withCompression); }
public ECPoint lookup(int index) { byte[] x = new byte[FE_BYTES], y = new byte[FE_BYTES]; int pos = 0; for (int i = 0; i < len; ++i) { int MASK = ((i ^ index) - 1) >> 31; for (int j = 0; j < FE_BYTES; ++j) { x[j] ^= table[pos + j] & MASK; y[j] ^= table[pos + FE_BYTES + j] & MASK; } pos += (FE_BYTES * 2); } return createRawPoint(fromBigInteger(new BigInteger(1, x)), fromBigInteger(new BigInteger(1, y)), false); } };
private static void implPrintRootZ(X9ECParameters x9) { ECFieldElement z = x9.getCurve().fromBigInteger(BigInteger.valueOf(2)); ECFieldElement rootZ = z.sqrt(); System.out.println(rootZ.toBigInteger().toString(16).toUpperCase()); if (!rootZ.square().equals(z)) { throw new IllegalStateException("Optimized-sqrt sanity check failed"); } }
public GLVTypeBEndomorphism(ECCurve curve, GLVTypeBParameters parameters) { this.curve = curve; this.parameters = parameters; this.pointMap = new ScaleXPointMap(curve.fromBigInteger(parameters.getBeta())); }
public GLVTypeBEndomorphism(ECCurve curve, GLVTypeBParameters parameters) { this.curve = curve; this.parameters = parameters; this.pointMap = new ScaleXPointMap(curve.fromBigInteger(parameters.getBeta())); }
private static ECFieldElement hash2FieldElement(ECCurve curve, byte[] hash) { byte[] data = Arrays.reverse(hash); return curve.fromBigInteger(truncate(new BigInteger(1, data), curve.getFieldSize())); }
private static ECFieldElement hash2FieldElement(ECCurve curve, byte[] hash) { byte[] data = Arrays.reverse(hash); return curve.fromBigInteger(truncate(new BigInteger(1, data), curve.getFieldSize())); }
private static ECFieldElement[] findBetaValues(ECCurve c) { BigInteger q = c.getField().getCharacteristic(); BigInteger e = q.divide(ECConstants.THREE); // Search for a random value that generates a non-trival cube root of 1 SecureRandom random = new SecureRandom(); BigInteger b; do { BigInteger r = BigIntegers.createRandomInRange(ECConstants.TWO, q.subtract(ECConstants.TWO), random); b = r.modPow(e, q); } while (b.equals(ECConstants.ONE)); ECFieldElement beta = c.fromBigInteger(b); return new ECFieldElement[]{ beta, beta.square() }; }
protected static ECFieldElement[] getInitialZCoords(ECCurve curve) { // Cope with null curve, most commonly used by implicitlyCa int coord = null == curve ? ECCurve.COORD_AFFINE : curve.getCoordinateSystem(); switch (coord) { case ECCurve.COORD_AFFINE: case ECCurve.COORD_LAMBDA_AFFINE: return EMPTY_ZS; default: break; } ECFieldElement one = curve.fromBigInteger(ECConstants.ONE); switch (coord) { case ECCurve.COORD_HOMOGENEOUS: case ECCurve.COORD_JACOBIAN: case ECCurve.COORD_LAMBDA_PROJECTIVE: return new ECFieldElement[]{ one }; case ECCurve.COORD_JACOBIAN_CHUDNOVSKY: return new ECFieldElement[]{ one, one, one }; case ECCurve.COORD_JACOBIAN_MODIFIED: return new ECFieldElement[]{ one, curve.getA() }; default: throw new IllegalArgumentException("unknown coordinate system"); } }
protected static ECFieldElement[] getInitialZCoords(ECCurve curve) { // Cope with null curve, most commonly used by implicitlyCa int coord = null == curve ? ECCurve.COORD_AFFINE : curve.getCoordinateSystem(); switch (coord) { case ECCurve.COORD_AFFINE: case ECCurve.COORD_LAMBDA_AFFINE: return EMPTY_ZS; default: break; } ECFieldElement one = curve.fromBigInteger(ECConstants.ONE); switch (coord) { case ECCurve.COORD_HOMOGENEOUS: case ECCurve.COORD_JACOBIAN: case ECCurve.COORD_LAMBDA_PROJECTIVE: return new ECFieldElement[]{ one }; case ECCurve.COORD_JACOBIAN_CHUDNOVSKY: return new ECFieldElement[]{ one, one, one }; case ECCurve.COORD_JACOBIAN_MODIFIED: return new ECFieldElement[]{ one, curve.getA() }; default: throw new IllegalArgumentException("unknown coordinate system"); } }
@Deprecated public static ECPoint decompressFPPoint(ECCurve curve, BigInteger X) { // See Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement x = curve.fromBigInteger(X); ECFieldElement rhs = x.square().add(curve.getA()).multiply(x).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; // Q=(x,y) is the canonical representation of the point ECPoint Q = curve.createPoint(X, y); return Q; }
public static BigInteger y(ECCurve curve, BigInteger x) { // Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement X = curve.fromBigInteger(x); ECFieldElement rhs = X.square().add(curve.getA()).multiply(X).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; return y; }
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) { if (r.signum() <= 0 || s.signum() <= 0) { return false; } ECDomainParameters parameters = key.getParameters(); BigInteger n = parameters.getN(); if (r.compareTo(n) >= 0 || s.compareTo(n) >= 0) { return false; } ECCurve curve = parameters.getCurve(); ECFieldElement h = hash2FieldElement(curve, message); if (h.isZero()) { h = curve.fromBigInteger(ONE); } ECPoint R = ECAlgorithms.sumOfTwoMultiplies(parameters.getG(), s, ((ECPublicKeyParameters)key).getQ(), r).normalize(); // components must be bogus. if (R.isInfinity()) { return false; } ECFieldElement y = h.multiply(R.getAffineXCoord()); return fieldElement2Integer(n, y).compareTo(r) == 0; }
public boolean verifySignature(byte[] message, BigInteger r, BigInteger s) { if (r.signum() <= 0 || s.signum() <= 0) { return false; } ECDomainParameters parameters = key.getParameters(); BigInteger n = parameters.getN(); if (r.compareTo(n) >= 0 || s.compareTo(n) >= 0) { return false; } ECCurve curve = parameters.getCurve(); ECFieldElement h = hash2FieldElement(curve, message); if (h.isZero()) { h = curve.fromBigInteger(ONE); } ECPoint R = ECAlgorithms.sumOfTwoMultiplies(parameters.getG(), s, ((ECPublicKeyParameters)key).getQ(), r).normalize(); // components must be bogus. if (R.isInfinity()) { return false; } ECFieldElement y = h.multiply(R.getAffineXCoord()); return fieldElement2Integer(n, y).compareTo(r) == 0; }
ECFieldElement zeroElement = curve.fromBigInteger(ECConstants.ZERO); do ECFieldElement t = curve.fromBigInteger(new BigInteger(m, rand)); z = zeroElement; ECFieldElement w = beta;
ECFieldElement zeroElement = curve.fromBigInteger(ECConstants.ZERO); do ECFieldElement t = curve.fromBigInteger(new BigInteger(m, rand)); z = zeroElement; ECFieldElement w = beta;
if (h.isZero()) h = curve.fromBigInteger(ONE);
if (h.isZero()) h = curve.fromBigInteger(ONE);
ECFieldElement k = curve.fromBigInteger(BigInteger.valueOf(bytes[bytes.length - 1] & 0x1)); ECFieldElement xp = curve.fromBigInteger(new BigInteger(1, bytes)); if (!trace(xp).equals(curve.getA()))