/**
* Adds another <code>ECPoints.F2m</code> to <code>this</code> without
* checking if both points are on the same curve. Used by multiplication
* algorithms, because there all points are a multiple of the same point
* and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to add to
* <code>this</code>.
* @return <code>this + b</code>
*/
internal F2MPoint AddSimple(F2MPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
var x2 = (F2MFieldElement)b.X;
var y2 = (F2MFieldElement)b.Y;
// Check if b == this or b == -this
if (this.X.Equals(x2))
{
// this == b, i.e. this must be doubled
if (this.Y.Equals(y2))
{
return((F2MPoint)this.Twice());
}
// this = -other, i.e. the result is the point at infinity
return((F2MPoint)this.Curve.Infinity);
}
var xSum = this.X.Add(x2);
var lambda = (F2MFieldElement)(this.Y.Add(y2)).Divide(xSum);
var x3 = (F2MFieldElement)lambda.Square().Add(lambda).Add(xSum).Add(this.Curve.A);
var y3 = (F2MFieldElement)lambda.Multiply(this.X.Add(x3)).Add(x3).Add(this.Y);
return(new F2MPoint(this.Curve, x3, y3, this.IsCompressed));
}
/**
* Subtracts another <code>ECPoints.F2m</code> from <code>this</code>
* without checking if both points are on the same curve. Used by
* multiplication algorithms, because there all points are a multiple
* of the same point and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to subtract from
* <code>this</code>.
* @return <code>this - b</code>
*/
internal F2MPoint SubtractSimple(
F2MPoint b)
{
if (b.IsInfinity)
{
return(this);
}
// Add -b
return(AddSimple((F2MPoint)b.Negate()));
}
/**
* Constructor for Pentanomial Polynomial Basis (PPB).
* @param m The exponent <code>m</code> of
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param a The coefficient <code>a</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param b The coefficient <code>b</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param n The order of the main subgroup of the elliptic curve.
* @param h The cofactor of the elliptic curve, i.e.
* <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
*/
public F2MCurve(
int m,
int k1,
int k2,
int k3,
IBigInteger a,
IBigInteger b,
IBigInteger n,
IBigInteger h)
{
this._m = m;
this._k1 = k1;
this._k2 = k2;
this._k3 = k3;
this._n = n;
this._h = h;
this._infinity = new F2MPoint(this, null, null);
if (k1 == 0)
{
throw new ArgumentException("k1 must be > 0");
}
if (k2 == 0)
{
if (k3 != 0)
{
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
}
else
{
if (k2 <= k1)
{
throw new ArgumentException("k2 must be > k1");
}
if (k3 <= k2)
{
throw new ArgumentException("k3 must be > k2");
}
}
this.A = FromBigInteger(a);
this.B = FromBigInteger(b);
}
/**
* Subtracts another <code>ECPoints.F2m</code> from <code>this</code>
* without checking if both points are on the same curve. Used by
* multiplication algorithms, because there all points are a multiple
* of the same point and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to subtract from
* <code>this</code>.
* @return <code>this - b</code>
*/
internal F2MPoint SubtractSimple(
F2MPoint b)
{
if (b.IsInfinity)
return this;
// Add -b
return AddSimple((F2MPoint)b.Negate());
}
/**
* Adds another <code>ECPoints.F2m</code> to <code>this</code> without
* checking if both points are on the same curve. Used by multiplication
* algorithms, because there all points are a multiple of the same point
* and hence the checks can be omitted.
* @param b The other <code>ECPoints.F2m</code> to add to
* <code>this</code>.
* @return <code>this + b</code>
*/
internal F2MPoint AddSimple(F2MPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
var x2 = (F2MFieldElement)b.X;
var y2 = (F2MFieldElement)b.Y;
// Check if b == this or b == -this
if (this.X.Equals(x2))
{
// this == b, i.e. this must be doubled
if (this.Y.Equals(y2))
return (F2MPoint)this.Twice();
// this = -other, i.e. the result is the point at infinity
return (F2MPoint)this.Curve.Infinity;
}
var xSum = this.X.Add(x2);
var lambda = (F2MFieldElement)(this.Y.Add(y2)).Divide(xSum);
var x3 = (F2MFieldElement)lambda.Square().Add(lambda).Add(xSum).Add(this.Curve.A);
var y3 = (F2MFieldElement)lambda.Multiply(this.X.Add(x3)).Add(x3).Add(this.Y);
return new F2MPoint(this.Curve, x3, y3, this.IsCompressed);
}
/**
* Constructor for Pentanomial Polynomial Basis (PPB).
* @param m The exponent <code>m</code> of
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
* x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
* represents the reduction polynomial <code>f(z)</code>.
* @param a The coefficient <code>a</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param b The coefficient <code>b</code> in the Weierstrass equation
* for non-supersingular elliptic curves over
* <code>F<sub>2<sup>m</sup></sub></code>.
* @param n The order of the main subgroup of the elliptic curve.
* @param h The cofactor of the elliptic curve, i.e.
* <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
*/
public F2MCurve(
int m,
int k1,
int k2,
int k3,
IBigInteger a,
IBigInteger b,
IBigInteger n,
IBigInteger h)
{
this._m = m;
this._k1 = k1;
this._k2 = k2;
this._k3 = k3;
this._n = n;
this._h = h;
this._infinity = new F2MPoint(this, null, null);
if (k1 == 0)
throw new ArgumentException("k1 must be > 0");
if (k2 == 0)
{
if (k3 != 0)
throw new ArgumentException("k3 must be 0 if k2 == 0");
}
else
{
if (k2 <= k1)
throw new ArgumentException("k2 must be > k1");
if (k3 <= k2)
throw new ArgumentException("k3 must be > k2");
}
this.A = FromBigInteger(a);
this.B = FromBigInteger(b);
}
