/**
* Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2).
*
* @param yTilde
* ~yp, an indication bit for the decompression of yp.
* @param X1
* The field element xp.
* @return the decompressed point.
*/
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement x = FromBigInteger(X1), y = null;
if (x.IsZero)
{
y = B.Sqrt();
}
else
{
ECFieldElement beta = x.Square().Invert().Multiply(B).Add(A).Add(x);
ECFieldElement z = SolveQuadraticEquation(beta);
if (z != null)
{
if (z.TestBitZero() != (yTilde == 1))
{
z = z.AddOne();
}
switch (this.CoordinateSystem)
{
case COORD_LAMBDA_AFFINE:
case COORD_LAMBDA_PROJECTIVE:
{
y = z.Add(x);
break;
}
default:
{
y = z.Multiply(x);
break;
}
}
}
}
if (y == null)
{
throw new ArgumentException("Invalid point compression");
}
return(this.CreateRawPoint(x, y, true));
}
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement eCFieldElement = FromBigInteger(X1);
ECFieldElement eCFieldElement2 = null;
if (eCFieldElement.IsZero)
{
eCFieldElement2 = B.Sqrt();
}
else
{
ECFieldElement beta = eCFieldElement.Square().Invert().Multiply(B)
.Add(A)
.Add(eCFieldElement);
ECFieldElement eCFieldElement3 = SolveQuadradicEquation(beta);
if (eCFieldElement3 != null)
{
if (eCFieldElement3.TestBitZero() != (yTilde == 1))
{
eCFieldElement3 = eCFieldElement3.AddOne();
}
switch (CoordinateSystem)
{
case 5:
case 6:
eCFieldElement2 = eCFieldElement3.Add(eCFieldElement);
break;
default:
eCFieldElement2 = eCFieldElement3.Multiply(eCFieldElement);
break;
}
}
}
if (eCFieldElement2 == null)
{
throw new ArgumentException("Invalid point compression");
}
return(CreateRawPoint(eCFieldElement, eCFieldElement2, withCompression: true));
}
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement b = this.FromBigInteger(X1);
ECFieldElement y = null;
if (b.IsZero)
{
y = this.B.Sqrt();
}
else
{
ECFieldElement beta = b.Square().Invert().Multiply(this.B).Add(this.A).Add(b);
ECFieldElement element4 = this.SolveQuadraticEquation(beta);
if (element4 != null)
{
if (element4.TestBitZero() != (yTilde == 1))
{
element4 = element4.AddOne();
}
switch (this.CoordinateSystem)
{
case 5:
case 6:
y = element4.Add(b);
goto Label_00A9;
}
y = element4.Multiply(b);
}
}
Label_00A9:
if (y == null)
{
throw new ArgumentException("Invalid point compression");
}
return(this.CreateRawPoint(b, y, true));
}
public override ECPoint TwicePlus(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(Twice());
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
if (X1.IsZero)
{
// A point with X == 0 is it's own Additive inverse
return(b);
}
// NOTE: TwicePlus() only optimized for lambda-affine argument
ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0];
if (X2.IsZero || !Z2.IsOne)
{
return(Twice().Add(b));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord;
ECFieldElement X1Sq = X1.Square();
ECFieldElement L1Sq = L1.Square();
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
//ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
//ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
if (B.IsZero)
{
if (A.IsZero)
{
return(b.Twice());
}
return(curve.Infinity);
}
if (A.IsZero)
{
//return new SecT233K1Point(curve, A, curve.B.sqrt(), withCompression);
return(new SecT233K1Point(curve, A, curve.B, IsCompressed));
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
return(new SecT233K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}
public override ECPoint TwicePlus(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(Twice());
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
if (X1.IsZero)
{
// A point with X == 0 is it's own Additive inverse
return(b);
}
ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0];
if (X2.IsZero || !Z2.IsOne)
{
return(Twice().Add(b));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord;
ECFieldElement X1Sq = X1.Square();
ECFieldElement L1Sq = L1.Square();
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1);
ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
if (B.IsZero)
{
if (A.IsZero)
{
return(b.Twice());
}
return(curve.Infinity);
}
if (A.IsZero)
{
return(new SecT571R1Point(curve, A, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed));
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3);
return(new SecT571R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}