Ejemplo n.º 1
0
        public static BigInteger ModOddInverse(BigInteger M, BigInteger X)
        {
            if (!M.TestBit(0))
            {
                throw new ArgumentException("must be odd", "M");
            }
            if (M.SignValue != 1)
            {
                throw new ArithmeticException("BigInteger: modulus not positive");
            }
            if (X.SignValue < 0 || X.CompareTo(M) >= 0)
            {
                X = X.Mod(M);
            }

            int bits = M.BitLength;

            uint[] m   = Nat.FromBigInteger(bits, M);
            uint[] x   = Nat.FromBigInteger(bits, X);
            int    len = m.Length;

            uint[] z = Nat.Create(len);
            if (0 == Mod.ModOddInverse(m, x, z))
            {
                throw new ArithmeticException("BigInteger not invertible");
            }
            return(Nat.ToBigInteger(len, z));
        }
Ejemplo n.º 2
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(160, x);
     if (z[4] == P4 && Nat160.Gte(z, P))
     {
         Nat160.SubFrom(P, z);
     }
     return(z);
 }
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(192, x);
     if (z[5] == P5 && Nat192.Gte(z, P))
     {
         Nat192.SubFrom(P, z);
     }
     return(z);
 }
Ejemplo n.º 4
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(256, x);
     if (z[7] == P7 && Nat256.Gte(z, P))
     {
         Nat256.SubFrom(P, z);
     }
     return(z);
 }
Ejemplo n.º 5
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] numArray = Nat.FromBigInteger(0x209, x);
     if (Nat.Eq(0x11, numArray, P))
     {
         Nat.Zero(0x11, numArray);
     }
     return(numArray);
 }
Ejemplo n.º 6
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(384, x);
     if (z[11] == P11 && Nat.Gte(12, z, P))
     {
         Nat.SubFrom(12, P, z);
     }
     return(z);
 }
Ejemplo n.º 7
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] array = Nat.FromBigInteger(384, x);
     if (array[11] == 4294967295u && Nat.Gte(12, array, SecP384R1Field.P))
     {
         Nat.SubFrom(12, SecP384R1Field.P, array);
     }
     return(array);
 }
Ejemplo n.º 8
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] array = Nat.FromBigInteger(521, x);
     if (Nat.Eq(17, array, P))
     {
         Nat.Zero(17, array);
     }
     return(array);
 }
Ejemplo n.º 9
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] numArray = Nat.FromBigInteger(0x180, x);
     if ((numArray[11] == uint.MaxValue) && Nat.Gte(12, numArray, P))
     {
         Nat.SubFrom(12, P, numArray);
     }
     return(numArray);
 }
Ejemplo n.º 10
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(521, x);
     if (Nat.Eq(17, z, P))
     {
         Nat.Zero(17, z);
     }
     return(z);
 }
Ejemplo n.º 11
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] array = Nat.FromBigInteger(384, x);
     if (array[11] == uint.MaxValue && Nat.Gte(12, array, P))
     {
         Nat.SubFrom(12, P, array);
     }
     return(array);
 }
Ejemplo n.º 12
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(256, x);
     while (Nat256.Gte(z, P))
     {
         Nat256.SubFrom(P, z);
     }
     return(z);
 }
Ejemplo n.º 13
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(224, x);
     if (z[6] == P6 && Nat224.Gte(z, P))
     {
         Nat224.SubFrom(P, z);
     }
     return(z);
 }
Ejemplo n.º 14
0
 public static uint[] FromBigInteger(BigInteger x)
 {
     uint[] z = Nat.FromBigInteger(128, x);
     if (z[3] >= P3 && Nat128.Gte(z, P))
     {
         Nat128.SubFrom(P, z);
     }
     return(z);
 }
Ejemplo n.º 15
0
        protected virtual BigInteger ModInverse(BigInteger x)
        {
            int bits = FieldSize;
            int len  = (bits + 31) >> 5;

            uint[] p = Nat.FromBigInteger(bits, q);
            uint[] n = Nat.FromBigInteger(bits, x);
            uint[] z = Nat.Create(len);
            Mod.Invert(p, n, z);
            return(Nat.ToBigInteger(len, z));
        }
Ejemplo n.º 16
0
    protected virtual BigInteger ModInverse(BigInteger x)
    {
        int fieldSize = FieldSize;
        int len       = fieldSize + 31 >> 5;

        uint[] p     = Nat.FromBigInteger(fieldSize, q);
        uint[] array = Nat.FromBigInteger(fieldSize, x);
        uint[] z     = Nat.Create(len);
        Mod.Invert(p, array, z);
        return(Nat.ToBigInteger(len, z));
    }
Ejemplo n.º 17
0
        protected virtual BigInteger ModInverse(BigInteger x)
        {
            var bits = this.FieldSize;
            var len  = (bits + 31) >> 5;
            var p    = Nat.FromBigInteger(bits, this.Q);
            var n    = Nat.FromBigInteger(bits, x);
            var z    = Nat.Create(len);

            Mod.Invert(p, n, z);
            return(Nat.ToBigInteger(len, z));
        }
Ejemplo n.º 18
0
        protected override ECPoint MultiplyPositive(ECPoint p, BigInteger k)
        {
            ECCurve c    = p.Curve;
            int     size = FixedPointUtilities.GetCombSize(c);

            if (k.BitLength > size)
            {
                /*
                 * TODO The comb works best when the scalars are less than the (possibly unknown) order.
                 * Still, if we want to handle larger scalars, we could allow customization of the comb
                 * size, or alternatively we could deal with the 'extra' bits either by running the comb
                 * multiple times as necessary, or by using an alternative multiplier as prelude.
                 */
                throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
            }

            FixedPointPreCompInfo info        = FixedPointUtilities.Precompute(p);
            ECLookupTable         lookupTable = info.LookupTable;
            int width = info.Width;

            int d = (size + width - 1) / width;

            ECPoint R = c.Infinity;

            int fullComb = d * width;

            uint[] K = Nat.FromBigInteger(fullComb, k);

            int top = fullComb - 1;

            for (int i = 0; i < d; ++i)
            {
                uint secretIndex = 0;

                for (int j = top - i; j >= 0; j -= d)
                {
                    uint secretBit = K[j >> 5] >> (j & 0x1F);
                    secretIndex  ^= secretBit >> 1;
                    secretIndex <<= 1;
                    secretIndex  ^= secretBit;
                }

                ECPoint add = lookupTable.Lookup((int)secretIndex);

                R = R.TwicePlus(add);
            }

            return(R.Add(info.Offset));
        }
Ejemplo n.º 19
0
        private static int Legendre(BigInteger a, BigInteger b)
        {
            //int r = 0, bits = b.IntValue;

            //for (;;)
            //{
            //    int lowestSetBit = a.GetLowestSetBit();
            //    a = a.ShiftRight(lowestSetBit);
            //    r ^= (bits ^ (bits >> 1)) & (lowestSetBit << 1);

            //    int cmp = a.CompareTo(b);
            //    if (cmp == 0)
            //        break;

            //    if (cmp < 0)
            //    {
            //        BigInteger t = a; a = b; b = t;

            //        int oldBits = bits;
            //        bits = b.IntValue;
            //        r ^= oldBits & bits;
            //    }

            //    a = a.Subtract(b);
            //}

            //return BigInteger.One.Equals(b) ? (1 - (r & 2)) : 0;

            int bitLength = b.BitLength;

            uint[] A = Nat.FromBigInteger(bitLength, a);
            uint[] B = Nat.FromBigInteger(bitLength, b);

            int r = 0;

            int len = B.Length;

            for (;;)
            {
                while (A[0] == 0)
                {
                    Nat.ShiftDownWord(len, A, 0);
                }

                int shift = Integers.NumberOfTrailingZeros((int)A[0]);
                if (shift > 0)
                {
                    Nat.ShiftDownBits(len, A, shift, 0);
                    int bits = (int)B[0];
                    r ^= (bits ^ (bits >> 1)) & (shift << 1);
                }

                int cmp = Nat.Compare(len, A, B);
                if (cmp == 0)
                {
                    break;
                }

                if (cmp < 0)
                {
                    r ^= (int)(A[0] & B[0]);
                    uint[] t = A; A = B; B = t;
                }

                while (A[len - 1] == 0)
                {
                    len = len - 1;
                }

                Nat.Sub(len, A, B, A);
            }

            return(Nat.IsOne(len, B) ? (1 - (r & 2)) : 0);
        }
Ejemplo n.º 20
0
        private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l)
        {
            ECCurve c        = p.Curve;
            int     combSize = FixedPointUtilities.GetCombSize(c);

            if (k.BitLength > combSize || l.BitLength > combSize)
            {
                /*
                 * TODO The comb works best when the scalars are less than the (possibly unknown) order.
                 * Still, if we want to handle larger scalars, we could allow customization of the comb
                 * size, or alternatively we could deal with the 'extra' bits either by running the comb
                 * multiple times as necessary, or by using an alternative multiplier as prelude.
                 */
                throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
            }

            FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p);
            FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q);

            ECLookupTable lookupTableP = infoP.LookupTable;
            ECLookupTable lookupTableQ = infoQ.LookupTable;

            int widthP = infoP.Width;
            int widthQ = infoQ.Width;

            // TODO This shouldn't normally happen, but a better "solution" is desirable anyway
            if (widthP != widthQ)
            {
                FixedPointCombMultiplier m = new FixedPointCombMultiplier();
                ECPoint r1 = m.Multiply(p, k);
                ECPoint r2 = m.Multiply(q, l);
                return(r1.Add(r2));
            }

            int width = widthP;

            int d = (combSize + width - 1) / width;

            ECPoint R = c.Infinity;

            int fullComb = d * width;

            uint[] K = Nat.FromBigInteger(fullComb, k);
            uint[] L = Nat.FromBigInteger(fullComb, l);

            int top = fullComb - 1;

            for (int i = 0; i < d; ++i)
            {
                uint secretIndexK = 0, secretIndexL = 0;

                for (int j = top - i; j >= 0; j -= d)
                {
                    uint secretBitK = K[j >> 5] >> (j & 0x1F);
                    secretIndexK  ^= secretBitK >> 1;
                    secretIndexK <<= 1;
                    secretIndexK  ^= secretBitK;

                    uint secretBitL = L[j >> 5] >> (j & 0x1F);
                    secretIndexL  ^= secretBitL >> 1;
                    secretIndexL <<= 1;
                    secretIndexL  ^= secretBitL;
                }

                ECPoint addP = lookupTableP.LookupVar((int)secretIndexK);
                ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL);

                ECPoint T = addP.Add(addQ);

                R = R.TwicePlus(T);
            }

            return(R.Add(infoP.Offset).Add(infoQ.Offset));
        }