public void TestMultiply2()
{
int COUNT = 100;
ECFieldElement[] inputs = new ECFieldElement[COUNT];
BigInteger[] INPUTS = new BigInteger[COUNT];
for (int i = 0; i < inputs.Length; ++i)
{
inputs[i] = GenerateMultiplyInput_Random();
INPUTS[i] = inputs[i].ToBigInteger();
}
for (int j = 0; j < inputs.Length; ++j)
{
for (int k = 0; k < inputs.Length; ++k)
{
BigInteger R = INPUTS[j].Multiply(INPUTS[k]).Mod(Q);
ECFieldElement z = inputs[j].Multiply(inputs[k]);
BigInteger Z = z.ToBigInteger();
Assert.AreEqual(R, Z);
}
}
}
public override ECFieldElement Divide(ECFieldElement b)
{
//return Multiply(b.Invert());
uint[] z = Nat256.Create();
Mod.Invert(Curve25519Field.P, ((Curve25519FieldElement)b).x, z);
Curve25519Field.Multiply(z, x, z);
return new Curve25519FieldElement(z);
}
public override ECFieldElement Divide(ECFieldElement b)
{
//return Multiply(b.Invert());
uint[] z = Nat.Create(12);
Mod.Invert(SecP384R1Field.P, ((SecP384R1FieldElement)b).x, z);
SecP384R1Field.Multiply(z, x, z);
return new SecP384R1FieldElement(z);
}
private ECCurve(BigInteger Q, BigInteger A, BigInteger B, BigInteger N, byte[] G)
{
this.Q = Q;
this.A = new ECFieldElement(A, this);
this.B = new ECFieldElement(B, this);
this.N = N;
this.Infinity = new ECPoint(null, null, this);
this.G = ECPoint.DecodePoint(G, this);
}
/**
* Create a point which encodes with point compression.
*
* @param curve the curve to use
* @param x affine x co-ordinate
* @param y affine y co-ordinate
*
* @deprecated Use ECCurve.CreatePoint to construct points
*/
public Curve25519Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public override ECFieldElement Multiply(ECFieldElement b)
{
uint[] z = Nat256.Create();
SecP256K1Field.Multiply(x, ((SecP256K1FieldElement)b).x, z);
return new SecP256K1FieldElement(z);
}
/**
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecT283K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public override bool Equals(ECFieldElement other)
{
return Equals(other as SecP384R1FieldElement);
}
public override ECFieldElement Subtract(ECFieldElement b)
{
// Addition and Subtraction are the same in F2m
return Add(b);
}
public override ECFieldElement SquarePlusProduct(ECFieldElement x, ECFieldElement y)
{
ulong[] ax = this.x;
ulong[] xx = ((SecT233FieldElement)x).x, yx = ((SecT233FieldElement)y).x;
ulong[] tt = Nat256.CreateExt64();
SecT233Field.SquareAddToExt(ax, tt);
SecT233Field.MultiplyAddToExt(xx, yx, tt);
ulong[] z = Nat256.Create64();
SecT233Field.Reduce(tt, z);
return new SecT233FieldElement(z);
}
/**
* Create a point which encodes with point compression.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
*
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public override bool Equals(ECFieldElement other)
{
return(this.Equals(other as SecP256K1FieldElement));
}
public SecP256R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, withCompression : false)
{
}
public override ECPoint Add(ECPoint b)
{
if (base.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
if (this == b)
{
return(Twice());
}
ECCurve curve = Curve;
SecP256R1FieldElement secP256R1FieldElement = (SecP256R1FieldElement)base.RawXCoord;
SecP256R1FieldElement secP256R1FieldElement2 = (SecP256R1FieldElement)base.RawYCoord;
SecP256R1FieldElement secP256R1FieldElement3 = (SecP256R1FieldElement)b.RawXCoord;
SecP256R1FieldElement secP256R1FieldElement4 = (SecP256R1FieldElement)b.RawYCoord;
SecP256R1FieldElement secP256R1FieldElement5 = (SecP256R1FieldElement)base.RawZCoords[0];
SecP256R1FieldElement secP256R1FieldElement6 = (SecP256R1FieldElement)b.RawZCoords[0];
uint[] array = Nat256.CreateExt();
uint[] array2 = Nat256.Create();
uint[] array3 = Nat256.Create();
uint[] array4 = Nat256.Create();
bool isOne = secP256R1FieldElement5.IsOne;
uint[] array5;
uint[] array6;
if (isOne)
{
array5 = secP256R1FieldElement3.x;
array6 = secP256R1FieldElement4.x;
}
else
{
array6 = array3;
SecP256R1Field.Square(secP256R1FieldElement5.x, array6);
array5 = array2;
SecP256R1Field.Multiply(array6, secP256R1FieldElement3.x, array5);
SecP256R1Field.Multiply(array6, secP256R1FieldElement5.x, array6);
SecP256R1Field.Multiply(array6, secP256R1FieldElement4.x, array6);
}
bool isOne2 = secP256R1FieldElement6.IsOne;
uint[] array7;
uint[] array8;
if (isOne2)
{
array7 = secP256R1FieldElement.x;
array8 = secP256R1FieldElement2.x;
}
else
{
array8 = array4;
SecP256R1Field.Square(secP256R1FieldElement6.x, array8);
array7 = array;
SecP256R1Field.Multiply(array8, secP256R1FieldElement.x, array7);
SecP256R1Field.Multiply(array8, secP256R1FieldElement6.x, array8);
SecP256R1Field.Multiply(array8, secP256R1FieldElement2.x, array8);
}
uint[] array9 = Nat256.Create();
SecP256R1Field.Subtract(array7, array5, array9);
uint[] array10 = array2;
SecP256R1Field.Subtract(array8, array6, array10);
if (Nat256.IsZero(array9))
{
if (Nat256.IsZero(array10))
{
return(Twice());
}
return(curve.Infinity);
}
uint[] array11 = array3;
SecP256R1Field.Square(array9, array11);
uint[] array12 = Nat256.Create();
SecP256R1Field.Multiply(array11, array9, array12);
uint[] array13 = array3;
SecP256R1Field.Multiply(array11, array7, array13);
SecP256R1Field.Negate(array12, array12);
Nat256.Mul(array8, array12, array);
uint x = Nat256.AddBothTo(array13, array13, array12);
SecP256R1Field.Reduce32(x, array12);
SecP256R1FieldElement secP256R1FieldElement7 = new SecP256R1FieldElement(array4);
SecP256R1Field.Square(array10, secP256R1FieldElement7.x);
SecP256R1Field.Subtract(secP256R1FieldElement7.x, array12, secP256R1FieldElement7.x);
SecP256R1FieldElement secP256R1FieldElement8 = new SecP256R1FieldElement(array12);
SecP256R1Field.Subtract(array13, secP256R1FieldElement7.x, secP256R1FieldElement8.x);
SecP256R1Field.MultiplyAddToExt(secP256R1FieldElement8.x, array10, array);
SecP256R1Field.Reduce(array, secP256R1FieldElement8.x);
SecP256R1FieldElement secP256R1FieldElement9 = new SecP256R1FieldElement(array9);
if (!isOne)
{
SecP256R1Field.Multiply(secP256R1FieldElement9.x, secP256R1FieldElement5.x, secP256R1FieldElement9.x);
}
if (!isOne2)
{
SecP256R1Field.Multiply(secP256R1FieldElement9.x, secP256R1FieldElement6.x, secP256R1FieldElement9.x);
}
ECFieldElement[] zs = new ECFieldElement[1]
{
secP256R1FieldElement9
};
return(new SecP256R1Point(curve, secP256R1FieldElement7, secP256R1FieldElement8, zs, base.IsCompressed));
}
internal SecP256R1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
ECFieldElement X2 = b.RawXCoord;
if (X1.IsZero)
{
if (X2.IsZero)
{
return(curve.Infinity);
}
return(b.Add(this));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U2 = X2, S2 = L2;
if (!Z1IsOne)
{
U2 = U2.Multiply(Z1);
S2 = S2.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U1 = X1, S1 = L1;
if (!Z2IsOne)
{
U1 = U1.Multiply(Z2);
S1 = S1.Multiply(Z2);
}
ECFieldElement A = S1.Add(S2);
ECFieldElement B = U1.Add(U2);
if (B.IsZero)
{
if (A.IsZero)
{
return(Twice());
}
return(curve.Infinity);
}
ECFieldElement X3, L3, Z3;
if (X2.IsZero)
{
// TODO This can probably be optimized quite a bit
ECPoint p = this.Normalize();
X1 = p.XCoord;
ECFieldElement Y1 = p.YCoord;
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
X3 = L.Square().Add(L).Add(X1);
if (X3.IsZero)
{
return(new SecT283K1Point(curve, X3, curve.B, IsCompressed));
}
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
L3 = Y3.Divide(X3).Add(X3);
Z3 = curve.FromBigInteger(BigInteger.One);
}
else
{
B = B.Square();
ECFieldElement AU1 = A.Multiply(U1);
ECFieldElement AU2 = A.Multiply(U2);
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
return(new SecT283K1Point(curve, X3, curve.B, IsCompressed));
}
ECFieldElement ABZ2 = A.Multiply(B);
if (!Z2IsOne)
{
ABZ2 = ABZ2.Multiply(Z2);
}
L3 = AU2.Add(B).SquarePlusProduct(ABZ2, L1.Add(Z1));
Z3 = ABZ2;
if (!Z1IsOne)
{
Z3 = Z3.Multiply(Z1);
}
}
return(new SecT283K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}
public override ECPoint TwicePlus(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(Twice());
}
ECCurve curve = this.Curve;
ECFieldElement X1 = this.RawXCoord;
if (X1.IsZero)
{
// A point with X == 0 is its own additive inverse
return(b);
}
// NOTE: TwicePlus() only optimized for lambda-affine argument
ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0];
if (X2.IsZero || !Z2.IsOne)
{
return(Twice().Add(b));
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord;
ECFieldElement X1Sq = X1.Square();
ECFieldElement L1Sq = L1.Square();
ECFieldElement Z1Sq = Z1.Square();
ECFieldElement L1Z1 = L1.Multiply(Z1);
ECFieldElement T = L1Sq.Add(L1Z1);
ECFieldElement L2plus1 = L2.AddOne();
ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
ECFieldElement B = X2Z1Sq.Add(T).Square();
if (B.IsZero)
{
if (A.IsZero)
{
return(b.Twice());
}
return(curve.Infinity);
}
if (A.IsZero)
{
return(new SecT283K1Point(curve, A, curve.B, IsCompressed));
}
ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
return(new SecT283K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed));
}
public override ECFieldElement Add(ECFieldElement b)
{
uint[] z = Nat.Create(17);
SecP521R1Field.Add(x, ((SecP521R1FieldElement)b).x, z);
return new SecP521R1FieldElement(z);
}
public override ECFieldElement Add(ECFieldElement b)
{
uint[] z = Nat256.Create();
SecP256K1Field.Add(this.x, ((SecP256K1FieldElement)b).x, z);
return(new SecP256K1FieldElement(z));
}
internal SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
public override ECFieldElement Subtract(ECFieldElement b)
{
uint[] z = Nat224.Create();
SecP224K1Field.Subtract(x, ((SecP224K1FieldElement)b).x, z);
return(new SecP224K1FieldElement(z));
}
public override ECFieldElement Divide(ECFieldElement b)
{
return Multiply(b.Invert());
}
public override ECFieldElement Multiply(ECFieldElement b)
{
uint[] z = Nat224.Create();
SecP224K1Field.Multiply(x, ((SecP224K1FieldElement)b).x, z);
return(new SecP224K1FieldElement(z));
}
public override ECFieldElement MultiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
return MultiplyPlusProduct(b, x, y);
}
private void AddFieldElement(IDigest digest, ECFieldElement v)
{
byte[] p = v.GetEncoded();
digest.BlockUpdate(p, 0, p.Length);
}
public override ECFieldElement Multiply(ECFieldElement b)
{
uint[] z = Nat.Create(12);
SecP384R1Field.Multiply(x, ((SecP384R1FieldElement)b).x, z);
return new SecP384R1FieldElement(z);
}
public X9FieldElement(
ECFieldElement f)
{
this.f = f;
}
public override ECFieldElement Subtract(ECFieldElement b)
{
uint[] z = Nat256.Create();
SecP256K1Field.Subtract(x, ((SecP256K1FieldElement)b).x, z);
return new SecP256K1FieldElement(z);
}
public override ECFieldElement MultiplyMinusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
return(MultiplyPlusProduct(b, x, y));
}
public SecP256K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, ECFieldElement[] zs,
bool withCompression)
: base(curve, x, y, zs, withCompression)
{
}
public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
ulong[] ax = this.x, bx = ((SecT233FieldElement)b).x;
ulong[] xx = ((SecT233FieldElement)x).x, yx = ((SecT233FieldElement)y).x;
ulong[] tt = Nat256.CreateExt64();
SecT233Field.MultiplyAddToExt(ax, bx, tt);
SecT233Field.MultiplyAddToExt(xx, yx, tt);
ulong[] z = Nat256.Create64();
SecT233Field.Reduce(tt, z);
return(new SecT233FieldElement(z));
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
if (this == b)
return Twice();
ECCurve curve = this.Curve;
Curve25519FieldElement X1 = (Curve25519FieldElement)this.RawXCoord, Y1 = (Curve25519FieldElement)this.RawYCoord,
Z1 = (Curve25519FieldElement)this.RawZCoords[0];
Curve25519FieldElement X2 = (Curve25519FieldElement)b.RawXCoord, Y2 = (Curve25519FieldElement)b.RawYCoord,
Z2 = (Curve25519FieldElement)b.RawZCoords[0];
uint c;
uint[] tt1 = Nat256.CreateExt();
uint[] t2 = Nat256.Create();
uint[] t3 = Nat256.Create();
uint[] t4 = Nat256.Create();
bool Z1IsOne = Z1.IsOne;
uint[] U2, S2;
if (Z1IsOne)
{
U2 = X2.x;
S2 = Y2.x;
}
else
{
S2 = t3;
Curve25519Field.Square(Z1.x, S2);
U2 = t2;
Curve25519Field.Multiply(S2, X2.x, U2);
Curve25519Field.Multiply(S2, Z1.x, S2);
Curve25519Field.Multiply(S2, Y2.x, S2);
}
bool Z2IsOne = Z2.IsOne;
uint[] U1, S1;
if (Z2IsOne)
{
U1 = X1.x;
S1 = Y1.x;
}
else
{
S1 = t4;
Curve25519Field.Square(Z2.x, S1);
U1 = tt1;
Curve25519Field.Multiply(S1, X1.x, U1);
Curve25519Field.Multiply(S1, Z2.x, S1);
Curve25519Field.Multiply(S1, Y1.x, S1);
}
uint[] H = Nat256.Create();
Curve25519Field.Subtract(U1, U2, H);
uint[] R = t2;
Curve25519Field.Subtract(S1, S2, R);
// Check if b == this or b == -this
if (Nat256.IsZero(H))
{
if (Nat256.IsZero(R))
{
// this == b, i.e. this must be doubled
return this.Twice();
}
// this == -b, i.e. the result is the point at infinity
return curve.Infinity;
}
uint[] HSquared = Nat256.Create();
Curve25519Field.Square(H, HSquared);
uint[] G = Nat256.Create();
Curve25519Field.Multiply(HSquared, H, G);
uint[] V = t3;
Curve25519Field.Multiply(HSquared, U1, V);
Curve25519Field.Negate(G, G);
Nat256.Mul(S1, G, tt1);
c = Nat256.AddBothTo(V, V, G);
Curve25519Field.Reduce27(c, G);
Curve25519FieldElement X3 = new Curve25519FieldElement(t4);
Curve25519Field.Square(R, X3.x);
Curve25519Field.Subtract(X3.x, G, X3.x);
Curve25519FieldElement Y3 = new Curve25519FieldElement(G);
Curve25519Field.Subtract(V, X3.x, Y3.x);
Curve25519Field.MultiplyAddToExt(Y3.x, R, tt1);
Curve25519Field.Reduce(tt1, Y3.x);
Curve25519FieldElement Z3 = new Curve25519FieldElement(H);
if (!Z1IsOne)
{
Curve25519Field.Multiply(Z3.x, Z1.x, Z3.x);
}
if (!Z2IsOne)
{
Curve25519Field.Multiply(Z3.x, Z2.x, Z3.x);
}
uint[] Z3Squared = (Z1IsOne && Z2IsOne) ? HSquared : null;
// TODO If the result will only be used in a subsequent addition, we don't need W3
Curve25519FieldElement W3 = CalculateJacobianModifiedW((Curve25519FieldElement)Z3, Z3Squared);
ECFieldElement[] zs = new ECFieldElement[] { Z3, W3 };
return new Curve25519Point(curve, X3, Y3, zs, IsCompressed);
}
public override ECFieldElement Multiply(ECFieldElement b)
{
ulong[] z = Nat256.Create64();
SecT233Field.Multiply(x, ((SecT233FieldElement)b).x, z);
return(new SecT233FieldElement(z));
}
public ScaleXPointMap(ECFieldElement scale)
{
this.scale = scale;
}
protected internal override ECPoint CreateRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, bool withCompression)
{
return(new SecT193R2Point(this, x, y, zs, withCompression));
}
/**
* @deprecated Use ECCurve.createPoint to construct points
*/
public SecT163R2Point(ECCurve curve, ECFieldElement x, ECFieldElement y)
: this(curve, x, y, false)
{
}
public static int GetByteLength(
ECFieldElement fe)
{
return((fe.FieldSize + 7) / 8);
}
/**
* Create a point that encodes with or without point compresion.
*
* @param curve
* the curve to use
* @param x
* affine x co-ordinate
* @param y
* affine y co-ordinate
* @param withCompression
* if true encode with point compression
*
* @deprecated per-point compression property will be removed, refer
* {@link #getEncoded(bool)}
*/
public SecP192K1Point(ECCurve curve, ECFieldElement x, ECFieldElement y, bool withCompression)
: base(curve, x, y, withCompression)
{
if ((x == null) != (y == null))
throw new ArgumentException("Exactly one of the field elements is null");
}
public override ECFieldElement Divide(ECFieldElement b)
{
return(Multiply(b.Invert()));
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
if (this == b)
return Twice();
ECCurve curve = this.Curve;
SecP192K1FieldElement X1 = (SecP192K1FieldElement)this.RawXCoord, Y1 = (SecP192K1FieldElement)this.RawYCoord;
SecP192K1FieldElement X2 = (SecP192K1FieldElement)b.RawXCoord, Y2 = (SecP192K1FieldElement)b.RawYCoord;
SecP192K1FieldElement Z1 = (SecP192K1FieldElement)this.RawZCoords[0];
SecP192K1FieldElement Z2 = (SecP192K1FieldElement)b.RawZCoords[0];
uint c;
uint[] tt1 = Nat192.CreateExt();
uint[] t2 = Nat192.Create();
uint[] t3 = Nat192.Create();
uint[] t4 = Nat192.Create();
bool Z1IsOne = Z1.IsOne;
uint[] U2, S2;
if (Z1IsOne)
{
U2 = X2.x;
S2 = Y2.x;
}
else
{
S2 = t3;
SecP192K1Field.Square(Z1.x, S2);
U2 = t2;
SecP192K1Field.Multiply(S2, X2.x, U2);
SecP192K1Field.Multiply(S2, Z1.x, S2);
SecP192K1Field.Multiply(S2, Y2.x, S2);
}
bool Z2IsOne = Z2.IsOne;
uint[] U1, S1;
if (Z2IsOne)
{
U1 = X1.x;
S1 = Y1.x;
}
else
{
S1 = t4;
SecP192K1Field.Square(Z2.x, S1);
U1 = tt1;
SecP192K1Field.Multiply(S1, X1.x, U1);
SecP192K1Field.Multiply(S1, Z2.x, S1);
SecP192K1Field.Multiply(S1, Y1.x, S1);
}
uint[] H = Nat192.Create();
SecP192K1Field.Subtract(U1, U2, H);
uint[] R = t2;
SecP192K1Field.Subtract(S1, S2, R);
// Check if b == this or b == -this
if (Nat192.IsZero(H))
{
if (Nat192.IsZero(R))
{
// this == b, i.e. this must be doubled
return this.Twice();
}
// this == -b, i.e. the result is the point at infinity
return curve.Infinity;
}
uint[] HSquared = t3;
SecP192K1Field.Square(H, HSquared);
uint[] G = Nat192.Create();
SecP192K1Field.Multiply(HSquared, H, G);
uint[] V = t3;
SecP192K1Field.Multiply(HSquared, U1, V);
SecP192K1Field.Negate(G, G);
Nat192.Mul(S1, G, tt1);
c = Nat192.AddBothTo(V, V, G);
SecP192K1Field.Reduce32(c, G);
SecP192K1FieldElement X3 = new SecP192K1FieldElement(t4);
SecP192K1Field.Square(R, X3.x);
SecP192K1Field.Subtract(X3.x, G, X3.x);
SecP192K1FieldElement Y3 = new SecP192K1FieldElement(G);
SecP192K1Field.Subtract(V, X3.x, Y3.x);
SecP192K1Field.MultiplyAddToExt(Y3.x, R, tt1);
SecP192K1Field.Reduce(tt1, Y3.x);
SecP192K1FieldElement Z3 = new SecP192K1FieldElement(H);
if (!Z1IsOne)
{
SecP192K1Field.Multiply(Z3.x, Z1.x, Z3.x);
}
if (!Z2IsOne)
{
SecP192K1Field.Multiply(Z3.x, Z2.x, Z3.x);
}
ECFieldElement[] zs = new ECFieldElement[] { Z3 };
return new SecP192K1Point(curve, X3, Y3, zs, IsCompressed);
}
public override ECFieldElement SquareMinusProduct(ECFieldElement x, ECFieldElement y)
{
return(SquarePlusProduct(x, y));
}
public override ECFieldElement Add(ECFieldElement b)
{
ulong[] z = Nat256.Create64();
SecT233Field.Add(x, ((SecT233FieldElement)b).x, z);
return new SecT233FieldElement(z);
}
public override bool Equals(ECFieldElement other)
{
return(Equals(other as SecT283FieldElement));
}
public override ECFieldElement SquareMinusProduct(ECFieldElement x, ECFieldElement y)
{
return SquarePlusProduct(x, y);
}
public override ECFieldElement Add(ECFieldElement b)
{
ulong[] z = Nat320.Create64();
SecT283Field.Add(x, ((SecT283FieldElement)b).x, z);
return(new SecT283FieldElement(z));
}
public override ECFieldElement Multiply(ECFieldElement b)
{
ulong[] z = Nat128.Create64();
SecT113Field.Multiply(x, ((SecT113FieldElement)b).x, z);
return new SecT113FieldElement(z);
}
public override ECFieldElement Subtract(ECFieldElement b)
{
// Addition and subtraction are the same in F2m
return(Add(b));
}
public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
ulong[] ax = this.x, bx = ((SecT113FieldElement)b).x;
ulong[] xx = ((SecT113FieldElement)x).x, yx = ((SecT113FieldElement)y).x;
ulong[] tt = Nat128.CreateExt64();
SecT113Field.MultiplyAddToExt(ax, bx, tt);
SecT113Field.MultiplyAddToExt(xx, yx, tt);
ulong[] z = Nat128.Create64();
SecT113Field.Reduce(tt, z);
return new SecT113FieldElement(z);
}
protected internal override ECPoint CreateRawPoint(ECFieldElement x, ECFieldElement y, bool withCompression)
{
return new SecT163R2Point(this, x, y, withCompression);
}
public override ECFieldElement Subtract(ECFieldElement b)
{
uint[] z = Nat.Create(12);
SecP384R1Field.Subtract(x, ((SecP384R1FieldElement)b).x, z);
return new SecP384R1FieldElement(z);
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
if (this == b)
{
return(Twice());
}
ECCurve curve = this.Curve;
SecP521R1FieldElement X1 = (SecP521R1FieldElement)this.RawXCoord, Y1 = (SecP521R1FieldElement)this.RawYCoord;
SecP521R1FieldElement X2 = (SecP521R1FieldElement)b.RawXCoord, Y2 = (SecP521R1FieldElement)b.RawYCoord;
SecP521R1FieldElement Z1 = (SecP521R1FieldElement)this.RawZCoords[0];
SecP521R1FieldElement Z2 = (SecP521R1FieldElement)b.RawZCoords[0];
uint[] t1 = Nat.Create(17);
uint[] t2 = Nat.Create(17);
uint[] t3 = Nat.Create(17);
uint[] t4 = Nat.Create(17);
bool Z1IsOne = Z1.IsOne;
uint[] U2, S2;
if (Z1IsOne)
{
U2 = X2.x;
S2 = Y2.x;
}
else
{
S2 = t3;
SecP521R1Field.Square(Z1.x, S2);
U2 = t2;
SecP521R1Field.Multiply(S2, X2.x, U2);
SecP521R1Field.Multiply(S2, Z1.x, S2);
SecP521R1Field.Multiply(S2, Y2.x, S2);
}
bool Z2IsOne = Z2.IsOne;
uint[] U1, S1;
if (Z2IsOne)
{
U1 = X1.x;
S1 = Y1.x;
}
else
{
S1 = t4;
SecP521R1Field.Square(Z2.x, S1);
U1 = t1;
SecP521R1Field.Multiply(S1, X1.x, U1);
SecP521R1Field.Multiply(S1, Z2.x, S1);
SecP521R1Field.Multiply(S1, Y1.x, S1);
}
uint[] H = Nat.Create(17);
SecP521R1Field.Subtract(U1, U2, H);
uint[] R = t2;
SecP521R1Field.Subtract(S1, S2, R);
// Check if b == this or b == -this
if (Nat.IsZero(17, H))
{
if (Nat.IsZero(17, R))
{
// this == b, i.e. this must be doubled
return(this.Twice());
}
// this == -b, i.e. the result is the point at infinity
return(curve.Infinity);
}
uint[] HSquared = t3;
SecP521R1Field.Square(H, HSquared);
uint[] G = Nat.Create(17);
SecP521R1Field.Multiply(HSquared, H, G);
uint[] V = t3;
SecP521R1Field.Multiply(HSquared, U1, V);
SecP521R1Field.Multiply(S1, G, t1);
SecP521R1FieldElement X3 = new SecP521R1FieldElement(t4);
SecP521R1Field.Square(R, X3.x);
SecP521R1Field.Add(X3.x, G, X3.x);
SecP521R1Field.Subtract(X3.x, V, X3.x);
SecP521R1Field.Subtract(X3.x, V, X3.x);
SecP521R1FieldElement Y3 = new SecP521R1FieldElement(G);
SecP521R1Field.Subtract(V, X3.x, Y3.x);
SecP521R1Field.Multiply(Y3.x, R, t2);
SecP521R1Field.Subtract(t2, t1, Y3.x);
SecP521R1FieldElement Z3 = new SecP521R1FieldElement(H);
if (!Z1IsOne)
{
SecP521R1Field.Multiply(Z3.x, Z1.x, Z3.x);
}
if (!Z2IsOne)
{
SecP521R1Field.Multiply(Z3.x, Z2.x, Z3.x);
}
ECFieldElement[] zs = new ECFieldElement[] { Z3 };
return(new SecP521R1Point(curve, X3, Y3, zs, IsCompressed));
}
/**
* Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
* D.1.6) The other solution is <code>z + 1</code>.
*
* @param beta
* The value to solve the quadratic equation for.
* @return the solution for <code>z<sup>2</sup> + z = beta</code> or
* <code>null</code> if no solution exists.
*/
private ECFieldElement SolveQuadraticEquation(ECFieldElement beta)
{
if (beta.IsZero)
return beta;
ECFieldElement zeroElement = FromBigInteger(BigInteger.Zero);
ECFieldElement z = null;
ECFieldElement gamma = null;
Random rand = new Random();
do
{
ECFieldElement t = FromBigInteger(new BigInteger(163, rand));
z = zeroElement;
ECFieldElement w = beta;
for (int i = 1; i < 163; i++)
{
ECFieldElement w2 = w.Square();
z = z.Square().Add(w2.Multiply(t));
w = w2.Add(beta);
}
if (!w.IsZero)
return null;
gamma = z.Square().Add(z);
}
while (gamma.IsZero);
return z;
}
public override ECFieldElement Add(ECFieldElement b)
{
uint[] z = Nat192.Create();
SecP192K1Field.Add(x, ((SecP192K1FieldElement)b).x, z);
return(new SecP192K1FieldElement(z));
}
protected internal override ECPoint CreateRawPoint(ECFieldElement x, ECFieldElement y, ECFieldElement[] zs, bool withCompression)
{
return new SecP224R1Point(this, x, y, zs, withCompression);
}
public override ECPoint Add(ECPoint b)
{
ECFieldElement element13;
ECFieldElement element14;
ECFieldElement element15;
if (base.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
ECFieldElement rawXCoord = base.RawXCoord;
ECFieldElement element2 = b.RawXCoord;
if (rawXCoord.IsZero)
{
if (element2.IsZero)
{
return(curve.Infinity);
}
return(b.Add(this));
}
ECFieldElement rawYCoord = base.RawYCoord;
ECFieldElement element4 = base.RawZCoords[0];
ECFieldElement element5 = b.RawYCoord;
ECFieldElement element6 = b.RawZCoords[0];
bool isOne = element4.IsOne;
ECFieldElement element7 = element2;
ECFieldElement element8 = element5;
if (!isOne)
{
element7 = element7.Multiply(element4);
element8 = element8.Multiply(element4);
}
bool flag2 = element6.IsOne;
ECFieldElement element9 = rawXCoord;
ECFieldElement element10 = rawYCoord;
if (!flag2)
{
element9 = element9.Multiply(element6);
element10 = element10.Multiply(element6);
}
ECFieldElement element11 = element10.Add(element8);
ECFieldElement element12 = element9.Add(element7);
if (element12.IsZero)
{
if (element11.IsZero)
{
return(this.Twice());
}
return(curve.Infinity);
}
if (element2.IsZero)
{
ECPoint point = this.Normalize();
rawXCoord = point.XCoord;
ECFieldElement yCoord = point.YCoord;
ECFieldElement element17 = element5;
ECFieldElement element18 = yCoord.Add(element17).Divide(rawXCoord);
element13 = element18.Square().Add(element18).Add(rawXCoord).Add(curve.A);
if (element13.IsZero)
{
return(new SecT193R2Point(curve, element13, curve.B.Sqrt(), base.IsCompressed));
}
element14 = element18.Multiply(rawXCoord.Add(element13)).Add(element13).Add(yCoord).Divide(element13).Add(element13);
element15 = curve.FromBigInteger(BigInteger.One);
}
else
{
element12 = element12.Square();
ECFieldElement element20 = element11.Multiply(element9);
ECFieldElement element21 = element11.Multiply(element7);
element13 = element20.Multiply(element21);
if (element13.IsZero)
{
return(new SecT193R2Point(curve, element13, curve.B.Sqrt(), base.IsCompressed));
}
ECFieldElement x = element11.Multiply(element12);
if (!flag2)
{
x = x.Multiply(element6);
}
element14 = element21.Add(element12).SquarePlusProduct(x, rawYCoord.Add(element4));
element15 = x;
if (!isOne)
{
element15 = element15.Multiply(element4);
}
}
return(new SecT193R2Point(curve, element13, element14, new ECFieldElement[] { element15 }, base.IsCompressed));
}
