private static void implPrintRootZ(X9ECParameters x9) { ECFieldElement z = x9.getCurve().fromBigInteger(BigInteger.valueOf(2)); ECFieldElement rootZ = z.sqrt(); System.out.println(rootZ.toBigInteger().toString(16).toUpperCase()); if (!rootZ.square().equals(z)) { throw new IllegalStateException("Optimized-sqrt sanity check failed"); } }
@Deprecated public static ECPoint decompressFPPoint(ECCurve curve, BigInteger X) { // See Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement x = curve.fromBigInteger(X); ECFieldElement rhs = x.square().add(curve.getA()).multiply(x).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; // Q=(x,y) is the canonical representation of the point ECPoint Q = curve.createPoint(X, y); return Q; }
public static BigInteger y(ECCurve curve, BigInteger x) { // Andrey Jivsov https://www.ietf.org/archive/id/draft-jivsov-ecc-compact-05.txt. ECFieldElement X = curve.fromBigInteger(x); ECFieldElement rhs = X.square().add(curve.getA()).multiply(X).add(curve.getB()); // y' = sqrt( C(x) ), where y'>0 ECFieldElement yTilde = rhs.sqrt(); if (yTilde == null) { throw new IllegalArgumentException("invalid point compression"); } // y = min(y',p-y') BigInteger yT = yTilde.toBigInteger(); BigInteger yTn = yTilde.negate().toBigInteger(); BigInteger y = yT.compareTo(yTn) == -1 ? yT : yTn; return y; }
protected ECPoint decompressPoint(int yTilde, BigInteger X1) { ECFieldElement x = this.fromBigInteger(X1); ECFieldElement rhs = x.square().add(a).multiply(x).add(b); ECFieldElement y = rhs.sqrt(); /* * If y is not a square, then we haven't got a point on the curve */ if (y == null) { throw new IllegalArgumentException("Invalid point compression"); } if (y.testBitZero() != (yTilde == 1)) { // Use the other root y = y.negate(); } return this.createRawPoint(x, y, true); } }
protected ECPoint decompressPoint(int yTilde, BigInteger X1) { ECFieldElement x = this.fromBigInteger(X1); ECFieldElement rhs = x.square().add(this.a).multiply(x).add(this.b); ECFieldElement y = rhs.sqrt(); /* * If y is not a square, then we haven't got a point on the curve */ if (y == null) { throw new IllegalArgumentException("Invalid point compression"); } if (y.testBitZero() != (yTilde == 1)) { // Use the other root y = y.negate(); } return this.createRawPoint(x, y, true); } }
if (xp.isZero()) yp = curve.getB().sqrt();
if (xp.isZero()) yp = curve.getB().sqrt();
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT409R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT409R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT233R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT233R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT163R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT163R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement T = L1.square().add(L1Z1).add(Z1Sq); if (T.isZero()) { return new SecT283R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT283R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT131R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT131R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT193R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT193R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT163R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT163R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT113R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT113R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT193R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT193R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT131R1Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT131R1Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
public ECPoint twice() { if (this.isInfinity()) { return this; } ECCurve curve = this.getCurve(); ECFieldElement X1 = this.x; if (X1.isZero()) { // A point with X == 0 is it's own additive inverse return curve.getInfinity(); } ECFieldElement L1 = this.y, Z1 = this.zs[0]; boolean Z1IsOne = Z1.isOne(); ECFieldElement L1Z1 = Z1IsOne ? L1 : L1.multiply(Z1); ECFieldElement Z1Sq = Z1IsOne ? Z1 : Z1.square(); ECFieldElement a = curve.getA(); ECFieldElement aZ1Sq = Z1IsOne ? a : a.multiply(Z1Sq); ECFieldElement T = L1.square().add(L1Z1).add(aZ1Sq); if (T.isZero()) { return new SecT113R2Point(curve, T, curve.getB().sqrt(), withCompression); } ECFieldElement X3 = T.square(); ECFieldElement Z3 = Z1IsOne ? T : T.multiply(Z1Sq); ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.multiply(Z1); ECFieldElement L3 = X1Z1.squarePlusProduct(T, L1Z1).add(X3).add(Z3); return new SecT113R2Point(curve, X3, L3, new ECFieldElement[]{ Z3 }, this.withCompression); }
return new SecT113R1Point(curve, A, curve.getB().sqrt(), withCompression);
return new SecT193R1Point(curve, A, curve.getB().sqrt(), withCompression);