/** * Joye's double-add algorithm. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint[] R = new ECPoint[]{ p.getCurve().getInfinity(), p }; int n = k.bitLength(); for (int i = 0; i < n; ++i) { int b = k.testBit(i) ? 1 : 0; int bp = 1 - b; R[bp] = R[bp].twicePlus(R[b]); } return R[0]; } }
/** * Joye's double-add algorithm. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint[] R = new ECPoint[]{ p.getCurve().getInfinity(), p }; int n = k.bitLength(); for (int i = 0; i < n; ++i) { int b = k.testBit(i) ? 1 : 0; int bp = 1 - b; R[bp] = R[bp].twicePlus(R[b]); } return R[0]; } }
public ECPoint multiply(ECPoint p, BigInteger k) { int sign = k.signum(); if (sign == 0 || p.isInfinity()) { return p.getCurve().getInfinity(); } ECPoint positive = multiplyPositive(p, k.abs()); ECPoint result = sign > 0 ? positive : positive.negate(); /* * Although the various multipliers ought not to produce invalid output under normal * circumstances, a final check here is advised to guard against fault attacks. */ return checkResult(result); }
public ECPoint multiply(ECPoint p, BigInteger k) { int sign = k.signum(); if (sign == 0 || p.isInfinity()) { return p.getCurve().getInfinity(); } ECPoint positive = multiplyPositive(p, k.abs()); ECPoint result = sign > 0 ? positive : positive.negate(); /* * Although the various multipliers ought not to produce invalid output under normal * circumstances, a final check here is advised to guard against fault attacks. */ return ECAlgorithms.validatePoint(result); }
/** * Montgomery ladder. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint[] R = new ECPoint[]{ p.getCurve().getInfinity(), p }; int n = k.bitLength(); int i = n; while (--i >= 0) { int b = k.testBit(i) ? 1 : 0; int bp = 1 - b; R[bp] = R[bp].add(R[b]); R[b] = R[b].twice(); } return R[0]; } }
/** * Montgomery ladder. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint[] R = new ECPoint[]{ p.getCurve().getInfinity(), p }; int n = k.bitLength(); int i = n; while (--i >= 0) { int b = k.testBit(i) ? 1 : 0; int bp = 1 - b; R[bp] = R[bp].add(R[b]); R[b] = R[b].twice(); } return R[0]; } }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement Y1 = this.y; if (Y1.isZero()) { return curve.getInfinity(); } return twiceJacobianModified(true); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement Y1 = this.y; if (Y1.isZero()) { return curve.getInfinity(); } return twiceJacobianModified(true); }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { int[] naf = WNafUtil.generateCompactNaf(k); ECPoint R0 = p.getCurve().getInfinity(), R1 = p; int zeroes = 0; for (int i = 0; i < naf.length; ++i) { int ni = naf[i]; int digit = ni >> 16; zeroes += ni & 0xFFFF; R1 = R1.timesPow2(zeroes); R0 = R0.add(digit < 0 ? R1.negate() : R1); zeroes = 1; } return R0; } }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { int[] naf = WNafUtil.generateCompactNaf(k); ECPoint R0 = p.getCurve().getInfinity(), R1 = p; int zeroes = 0; for (int i = 0; i < naf.length; ++i) { int ni = naf[i]; int digit = ni >> 16; zeroes += ni & 0xFFFF; R1 = R1.timesPow2(zeroes); R0 = R0.add(digit < 0 ? R1.negate() : R1); zeroes = 1; } return R0; } }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { int[] naf = WNafUtil.generateCompactNaf(k); ECPoint addP = p.normalize(), subP = addP.negate(); ECPoint R = p.getCurve().getInfinity(); int i = naf.length; while (--i >= 0) { int ni = naf[i]; int digit = ni >> 16, zeroes = ni & 0xFFFF; R = R.twicePlus(digit < 0 ? subP : addP); R = R.timesPow2(zeroes); } return R; } }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { int[] naf = WNafUtil.generateCompactNaf(k); ECPoint addP = p.normalize(), subP = addP.negate(); ECPoint R = p.getCurve().getInfinity(); int i = naf.length; while (--i >= 0) { int ni = naf[i]; int digit = ni >> 16, zeroes = ni & 0xFFFF; R = R.twicePlus(digit < 0 ? subP : addP); R = R.timesPow2(zeroes); } return R; } }
/** * 'Zeroless' Signed Digit Right-to-Left. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint R0 = p.getCurve().getInfinity(), R1 = p; int n = k.bitLength(); int s = k.getLowestSetBit(); R1 = R1.timesPow2(s); int i = s; while (++i < n) { R0 = R0.add(k.testBit(i) ? R1 : R1.negate()); R1 = R1.twice(); } R0 = R0.add(R1); return R0; } }
/** * 'Zeroless' Signed Digit Right-to-Left. */ protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECPoint R0 = p.getCurve().getInfinity(), R1 = p; int n = k.bitLength(); int s = k.getLowestSetBit(); R1 = R1.timesPow2(s); int i = s; while (++i < n) { R0 = R0.add(k.testBit(i) ? R1 : R1.negate()); R1 = R1.twice(); } R0 = R0.add(R1); return R0; } }
public ECPoint importPoint(ECPoint p) { if (this == p.getCurve()) { return p; } if (p.isInfinity()) { return getInfinity(); } // TODO Default behaviour could be improved if the two curves have the same coordinate system by copying any Z coordinates. p = p.normalize(); return validatePoint(p.getXCoord().toBigInteger(), p.getYCoord().toBigInteger(), p.withCompression); }
public ECPoint importPoint(ECPoint p) { if (this == p.getCurve()) { return p; } if (p.isInfinity()) { return getInfinity(); } // TODO Default behaviour could be improved if the two curves have the same coordinate system by copying any Z coordinates. p = p.normalize(); return createPoint(p.getXCoord().toBigInteger(), p.getYCoord().toBigInteger(), p.withCompression); }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECCurve curveOrig = p.getCurve(); ECCurve curveAdd = configureCurve(curveOrig, additionCoord); ECCurve curveDouble = configureCurve(curveOrig, doublingCoord); int[] naf = WNafUtil.generateCompactNaf(k); ECPoint Ra = curveAdd.getInfinity(); ECPoint Td = curveDouble.importPoint(p); int zeroes = 0; for (int i = 0; i < naf.length; ++i) { int ni = naf[i]; int digit = ni >> 16; zeroes += ni & 0xFFFF; Td = Td.timesPow2(zeroes); ECPoint Tj = curveAdd.importPoint(Td); if (digit < 0) { Tj = Tj.negate(); } Ra = Ra.add(Tj); zeroes = 1; } return curveOrig.importPoint(Ra); }
static ECPoint implShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { ECCurve curve = P.getCurve(); ECPoint infinity = curve.getInfinity(); // TODO conjugate co-Z addition (ZADDC) can return both of these ECPoint PaddQ = P.add(Q); ECPoint PsubQ = P.subtract(Q); ECPoint[] points = new ECPoint[]{ Q, PsubQ, P, PaddQ }; curve.normalizeAll(points); ECPoint[] table = new ECPoint[] { points[3].negate(), points[2].negate(), points[1].negate(), points[0].negate(), infinity, points[0], points[1], points[2], points[3] }; byte[] jsf = WNafUtil.generateJSF(k, l); ECPoint R = infinity; int i = jsf.length; while (--i >= 0) { int jsfi = jsf[i]; // NOTE: The shifting ensures the sign is extended correctly int kDigit = ((jsfi << 24) >> 28), lDigit = ((jsfi << 28) >> 28); int index = 4 + (kDigit * 3) + lDigit; R = R.twicePlus(table[index]); } return R; }
protected ECPoint multiplyPositive(ECPoint p, BigInteger k) { ECCurve curveOrig = p.getCurve(); ECCurve curveAdd = configureCurve(curveOrig, additionCoord); ECCurve curveDouble = configureCurve(curveOrig, doublingCoord); int[] naf = WNafUtil.generateCompactNaf(k); ECPoint Ra = curveAdd.getInfinity(); ECPoint Td = curveDouble.importPoint(p); int zeroes = 0; for (int i = 0; i < naf.length; ++i) { int ni = naf[i]; int digit = ni >> 16; zeroes += ni & 0xFFFF; Td = Td.timesPow2(zeroes); ECPoint Tj = curveAdd.importPoint(Td); if (digit < 0) { Tj = Tj.negate(); } Ra = Ra.add(Tj); zeroes = 1; } return curveOrig.importPoint(Ra); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT163R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }