private static GroupElementP1 P2ToP1(ref GroupElementP2 p)
{
var r = new GroupElementP1();
/* XX=X1^2 */
r.X = FieldElementOperations.Squared(ref p.X);
/* YY=Y1^2 */
r.Z = FieldElementOperations.Squared(ref p.Y);
/* B=2*Z1^2 */
r.T = FieldElementOperations.DoubleSquare(ref p.Z);
/* A=X1+Y1 */
r.Y = FieldElementOperations.Add(ref p.X, ref p.Y);
/* AA=A^2 */
var t0 = FieldElementOperations.Squared(ref r.Y);
/* Y3=YY+XX */
r.Y = FieldElementOperations.Add(ref r.Z, ref r.X);
/* Z3=YY-XX */
r.Z = FieldElementOperations.Sub(ref r.Z, ref r.X);
/* X3=AA-Y3 */
r.X = FieldElementOperations.Sub(ref t0, ref r.Y);
/* T3=B-Z3 */
r.T = FieldElementOperations.Sub(ref r.T, ref r.Z);
return(r);
}
private static FieldElement CalculateLadderStep(byte[] n, ref FieldElement p, int noffset = 0)
{
var e = new byte[32];
uint i;
FieldElement x1;
FieldElement x2;
FieldElement z2;
FieldElement x3;
FieldElement z3;
int pos;
uint swap;
for (i = 0; i < 32; ++i)
{
e[i] = n[noffset + i];
}
ClampOperation.Clamp(e, 0);
x1 = p;
x2 = FieldElementOperations.Set1();
z2 = FieldElementOperations.Set0();
x3 = x1;
z3 = FieldElementOperations.Set1();
swap = 0;
for (pos = 254; pos >= 0; --pos)
{
var b = (uint)(e[pos / 8] >> (pos & 7));
b &= 1;
swap ^= b;
FieldElementOperations.Swap(ref x2, ref x3, swap);
FieldElementOperations.Swap(ref z2, ref z3, swap);
swap = b;
/* D = X3-Z3 */
var tmp0 = FieldElementOperations.Sub(ref x3, ref z3);
/* B = X2-Z2 */
var tmp1 = FieldElementOperations.Sub(ref x2, ref z2);
/* A = X2+Z2 */
x2 = FieldElementOperations.Add(ref x2, ref z2);
/* C = X3+Z3 */
z2 = FieldElementOperations.Add(ref x3, ref z3);
/* DA = D*A */
z3 = FieldElementOperations.Multiplication(ref tmp0, ref x2);
/* CB = C*B */
z2 = FieldElementOperations.Multiplication(ref z2, ref tmp1);
/* BB = B^2 */
tmp0 = FieldElementOperations.Squared(ref tmp1);
/* AA = A^2 */
tmp1 = FieldElementOperations.Squared(ref x2);
/* t0 = DA+CB */
x3 = FieldElementOperations.Add(ref z3, ref z2);
/* t1 = DA-CB */
z2 = FieldElementOperations.Sub(ref z3, ref z2);
/* X4 = AA*BB */
x2 = FieldElementOperations.Multiplication(ref tmp1, ref tmp0);
/* E = AA-BB */
tmp1 = FieldElementOperations.Sub(ref tmp1, ref tmp0);
/* t2 = t1^2 */
z2 = FieldElementOperations.Squared(ref z2);
/* t3 = a24*E */
z3 = FieldElementOperations.Multiply121666(ref tmp1);
/* X5 = t0^2 */
x3 = FieldElementOperations.Squared(ref x3);
/* t4 = BB+t3 */
tmp0 = FieldElementOperations.Add(ref tmp0, ref z3);
/* Z5 = X1*t2 */
z3 = FieldElementOperations.Multiplication(ref x1, ref z2);
/* Z4 = E*t4 */
z2 = FieldElementOperations.Multiplication(ref tmp1, ref tmp0);
}
FieldElementOperations.Swap(ref x2, ref x3, swap);
FieldElementOperations.Swap(ref z2, ref z3, swap);
z2 = FieldElementOperations.Invert(ref z2);
x2 = FieldElementOperations.Multiplication(ref x2, ref z2);
var q = x2;
Array.Clear(e, 0, e.Length);
return(q);
}
