private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs)
{
int len = 0, count = wnafs.Length;
for (int i = 0; i < count; ++i)
{
len = System.Math.Max(len, wnafs[i].Length);
}
ECCurve curve = infos[0].PreComp[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint R = infinity;
int zeroes = 0;
for (int i = len - 1; i >= 0; --i)
{
ECPoint r = infinity;
for (int j = 0; j < count; ++j)
{
byte[] wnaf = wnafs[j];
int wi = i < wnaf.Length ? (int)(sbyte)wnaf[i] : 0;
if (wi != 0)
{
int n = System.Math.Abs(wi);
WNafPreCompInfo info = infos[j];
ECPoint[] table = (wi < 0 == negs[j]) ? info.PreComp : info.PreCompNeg;
r = r.Add(table[n >> 1]);
}
}
if (r == infinity)
{
++zeroes;
continue;
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
zeroes = 0;
}
R = R.TwicePlus(r);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
}
return(R);
}
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP,
ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ)
{
int len = System.Math.Max(wnafP.Length, wnafQ.Length);
ECCurve curve = preCompP[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint R = infinity;
int zeroes = 0;
for (int i = len - 1; i >= 0; --i)
{
int wiP = i < wnafP.Length ? (int)(sbyte)wnafP[i] : 0;
int wiQ = i < wnafQ.Length ? (int)(sbyte)wnafQ[i] : 0;
if ((wiP | wiQ) == 0)
{
++zeroes;
continue;
}
ECPoint r = infinity;
if (wiP != 0)
{
int nP = System.Math.Abs(wiP);
ECPoint[] tableP = wiP < 0 ? preCompNegP : preCompP;
r = r.Add(tableP[nP >> 1]);
}
if (wiQ != 0)
{
int nQ = System.Math.Abs(wiQ);
ECPoint[] tableQ = wiQ < 0 ? preCompNegQ : preCompQ;
r = r.Add(tableQ[nQ >> 1]);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
zeroes = 0;
}
R = R.TwicePlus(r);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
}
return(R);
}
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs)
{
int num = 0;
int num2 = wnafs.Length;
for (int i = 0; i < num2; i++)
{
num = System.Math.Max(num, wnafs[i].Length);
}
ECCurve curve = infos[0].PreComp[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint eCPoint = infinity;
int num3 = 0;
for (int num4 = num - 1; num4 >= 0; num4--)
{
ECPoint eCPoint2 = infinity;
for (int j = 0; j < num2; j++)
{
byte[] array = wnafs[j];
int num5 = (num4 < array.Length) ? ((sbyte)array[num4]) : 0;
if (num5 != 0)
{
int num6 = System.Math.Abs(num5);
WNafPreCompInfo wNafPreCompInfo = infos[j];
ECPoint[] array2 = (num5 < 0 != negs[j]) ? wNafPreCompInfo.PreCompNeg : wNafPreCompInfo.PreComp;
eCPoint2 = eCPoint2.Add(array2[num6 >> 1]);
}
}
if (eCPoint2 == infinity)
{
num3++;
}
else
{
if (num3 > 0)
{
eCPoint = eCPoint.TimesPow2(num3);
num3 = 0;
}
eCPoint = eCPoint.TwicePlus(eCPoint2);
}
}
if (num3 > 0)
{
eCPoint = eCPoint.TimesPow2(num3);
}
return(eCPoint);
}
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs)
{
int num = 0;
int num2 = wnafs.Length;
for (int i = 0; i < num2; i++)
{
num = Math.Max(num, wnafs[i].Length);
}
ECCurve curve = infos[0].PreComp[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint eCPoint = infinity;
int num3 = 0;
for (int j = num - 1; j >= 0; j--)
{
ECPoint eCPoint2 = infinity;
for (int k = 0; k < num2; k++)
{
byte[] array = wnafs[k];
int num4 = (int)((j < array.Length) ? ((sbyte)array[j]) : 0);
if (num4 != 0)
{
int num5 = Math.Abs(num4);
WNafPreCompInfo wNafPreCompInfo = infos[k];
ECPoint[] array2 = (num4 < 0 == negs[k]) ? wNafPreCompInfo.PreComp : wNafPreCompInfo.PreCompNeg;
eCPoint2 = eCPoint2.Add(array2[num5 >> 1]);
}
}
if (eCPoint2 == infinity)
{
num3++;
}
else
{
if (num3 > 0)
{
eCPoint = eCPoint.TimesPow2(num3);
num3 = 0;
}
eCPoint = eCPoint.TwicePlus(eCPoint2);
}
}
if (num3 > 0)
{
eCPoint = eCPoint.TimesPow2(num3);
}
return(eCPoint);
}
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs)
{
int num = 0;
int length = wnafs.Length;
for (int i = 0; i < length; i++)
{
num = Math.Max(num, wnafs[i].Length);
}
ECPoint infinity = infos[0].PreComp[0].Curve.Infinity;
ECPoint point2 = infinity;
int e = 0;
for (int j = num - 1; j >= 0; j--)
{
ECPoint b = infinity;
for (int k = 0; k < length; k++)
{
byte[] buffer = wnafs[k];
int num7 = (j >= buffer.Length) ? 0 : ((int)((sbyte)buffer[j]));
if (num7 != 0)
{
int num8 = Math.Abs(num7);
WNafPreCompInfo info = infos[k];
ECPoint[] pointArray = ((num7 < 0) != negs[k]) ? info.PreCompNeg : info.PreComp;
b = b.Add(pointArray[num8 >> 1]);
}
}
if (b == infinity)
{
e++;
}
else
{
if (e > 0)
{
point2 = point2.TimesPow2(e);
e = 0;
}
point2 = point2.TwicePlus(b);
}
}
if (e > 0)
{
point2 = point2.TimesPow2(e);
}
return(point2);
}
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ)
{
int num = Math.Max(wnafP.Length, wnafQ.Length);
ECCurve curve = preCompP[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint eCPoint = infinity;
int num2 = 0;
for (int i = num - 1; i >= 0; i--)
{
int num3 = (int)((i < wnafP.Length) ? ((sbyte)wnafP[i]) : 0);
int num4 = (int)((i < wnafQ.Length) ? ((sbyte)wnafQ[i]) : 0);
if ((num3 | num4) == 0)
{
num2++;
}
else
{
ECPoint eCPoint2 = infinity;
if (num3 != 0)
{
int num5 = Math.Abs(num3);
ECPoint[] array = (num3 < 0) ? preCompNegP : preCompP;
eCPoint2 = eCPoint2.Add(array[num5 >> 1]);
}
if (num4 != 0)
{
int num6 = Math.Abs(num4);
ECPoint[] array2 = (num4 < 0) ? preCompNegQ : preCompQ;
eCPoint2 = eCPoint2.Add(array2[num6 >> 1]);
}
if (num2 > 0)
{
eCPoint = eCPoint.TimesPow2(num2);
num2 = 0;
}
eCPoint = eCPoint.TwicePlus(eCPoint2);
}
}
if (num2 > 0)
{
eCPoint = eCPoint.TimesPow2(num2);
}
return(eCPoint);
}
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ)
{
int num = System.Math.Max(wnafP.Length, wnafQ.Length);
ECCurve curve = preCompP[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint eCPoint = infinity;
int num2 = 0;
for (int num3 = num - 1; num3 >= 0; num3--)
{
int num4 = (num3 < wnafP.Length) ? ((sbyte)wnafP[num3]) : 0;
int num5 = (num3 < wnafQ.Length) ? ((sbyte)wnafQ[num3]) : 0;
if ((num4 | num5) == 0)
{
num2++;
}
else
{
ECPoint eCPoint2 = infinity;
if (num4 != 0)
{
int num6 = System.Math.Abs(num4);
ECPoint[] array = (num4 >= 0) ? preCompP : preCompNegP;
eCPoint2 = eCPoint2.Add(array[num6 >> 1]);
}
if (num5 != 0)
{
int num7 = System.Math.Abs(num5);
ECPoint[] array2 = (num5 >= 0) ? preCompQ : preCompNegQ;
eCPoint2 = eCPoint2.Add(array2[num7 >> 1]);
}
if (num2 > 0)
{
eCPoint = eCPoint.TimesPow2(num2);
num2 = 0;
}
eCPoint = eCPoint.TwicePlus(eCPoint2);
}
}
if (num2 > 0)
{
eCPoint = eCPoint.TimesPow2(num2);
}
return(eCPoint);
}
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ)
{
int num = Math.Max(wnafP.Length, wnafQ.Length);
ECPoint infinity = preCompP[0].Curve.Infinity;
ECPoint point2 = infinity;
int e = 0;
for (int i = num - 1; i >= 0; i--)
{
int num4 = (i >= wnafP.Length) ? 0 : ((int)((sbyte)wnafP[i]));
int num5 = (i >= wnafQ.Length) ? 0 : ((int)((sbyte)wnafQ[i]));
if ((num4 | num5) == 0)
{
e++;
}
else
{
ECPoint b = infinity;
if (num4 != 0)
{
int num6 = Math.Abs(num4);
ECPoint[] pointArray = (num4 >= 0) ? preCompP : preCompNegP;
b = b.Add(pointArray[num6 >> 1]);
}
if (num5 != 0)
{
int num7 = Math.Abs(num5);
ECPoint[] pointArray2 = (num5 >= 0) ? preCompQ : preCompNegQ;
b = b.Add(pointArray2[num7 >> 1]);
}
if (e > 0)
{
point2 = point2.TimesPow2(e);
e = 0;
}
point2 = point2.TwicePlus(b);
}
}
if (e > 0)
{
point2 = point2.TimesPow2(e);
}
return(point2);
}
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
{
ECCurve curve = P.Curve;
ECPoint infinity = curve.Infinity;
ECPoint eCPoint = P.Add(Q);
ECPoint eCPoint2 = P.Subtract(Q);
ECPoint[] array = new ECPoint[]
{
Q,
eCPoint2,
P,
eCPoint
};
curve.NormalizeAll(array);
ECPoint[] array2 = new ECPoint[]
{
array[3].Negate(),
array[2].Negate(),
array[1].Negate(),
array[0].Negate(),
infinity,
array[0],
array[1],
array[2],
array[3]
};
byte[] array3 = WNafUtilities.GenerateJsf(k, l);
ECPoint eCPoint3 = infinity;
int num = array3.Length;
while (--num >= 0)
{
int num2 = (int)array3[num];
int num3 = num2 << 24 >> 28;
int num4 = num2 << 28 >> 28;
int num5 = 4 + num3 * 3 + num4;
eCPoint3 = eCPoint3.TwicePlus(array2[num5]);
}
return(eCPoint3);
}
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
{
ECCurve curve = P.Curve;
ECPoint infinity = curve.Infinity;
// TODO conjugate co-Z addition (ZADDC) can return both of these
ECPoint PaddQ = P.Add(Q);
ECPoint PsubQ = P.Subtract(Q);
ECPoint[] points = new ECPoint[] { Q, PsubQ, P, PaddQ };
curve.NormalizeAll(points);
ECPoint[] table = new ECPoint[] {
points[3].Negate(), points[2].Negate(), points[1].Negate(),
points[0].Negate(), infinity, points[0],
points[1], points[2], points[3]
};
byte[] jsf = WNafUtilities.GenerateJsf(k, l);
ECPoint R = infinity;
int i = jsf.Length;
while (--i >= 0)
{
int jsfi = jsf[i];
// NOTE: The shifting ensures the sign is extended correctly
int kDigit = ((jsfi << 24) >> 28), lDigit = ((jsfi << 28) >> 28);
int index = 4 + (kDigit * 3) + lDigit;
R = R.TwicePlus(table[index]);
}
return(R);
}
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
{
ECCurve curve = P.Curve;
ECPoint infinity = curve.Infinity;
ECPoint point2 = P.Add(Q);
ECPoint point3 = P.Subtract(Q);
ECPoint[] points = new ECPoint[] { Q, point3, P, point2 };
curve.NormalizeAll(points);
ECPoint[] pointArray2 = new ECPoint[] { points[3].Negate(), points[2].Negate(), points[1].Negate(), points[0].Negate(), infinity, points[0], points[1], points[2], points[3] };
byte[] buffer = WNafUtilities.GenerateJsf(k, l);
ECPoint point4 = infinity;
int length = buffer.Length;
while (--length >= 0)
{
int num2 = buffer[length];
int num3 = (num2 << 0x18) >> 0x1c;
int num4 = (num2 << 0x1c) >> 0x1c;
int index = (4 + (num3 * 3)) + num4;
point4 = point4.TwicePlus(pointArray2[index]);
}
return(point4);
}
/**
* Tests <code>ECPoint.add()</code> and <code>ECPoint.subtract()</code>
* for the given point and the given point at infinity.
*
* @param p
* The point on which the tests are performed.
* @param infinity
* The point at infinity on the same curve as <code>p</code>.
*/
private void ImplTestAddSubtract(ECPoint p, ECPoint infinity)
{
AssertPointsEqual("Twice and Add inconsistent", p.Twice(), p.Add(p));
AssertPointsEqual("Twice p - p is not p", p, p.Twice().Subtract(p));
AssertPointsEqual("TwicePlus(p, -p) is not p", p, p.TwicePlus(p.Negate()));
AssertPointsEqual("p - p is not infinity", infinity, p.Subtract(p));
AssertPointsEqual("p plus infinity is not p", p, p.Add(infinity));
AssertPointsEqual("infinity plus p is not p", p, infinity.Add(p));
AssertPointsEqual("infinity plus infinity is not infinity ", infinity, infinity.Add(infinity));
AssertPointsEqual("Twice infinity is not infinity ", infinity, infinity.Twice());
}
private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l)
{
ECCurve c = p.Curve;
int combSize = FixedPointUtilities.GetCombSize(c);
if (k.BitLength > combSize || l.BitLength > combSize)
{
/*
* TODO The comb works best when the scalars are less than the (possibly unknown) order.
* Still, if we want to handle larger scalars, we could allow customization of the comb
* size, or alternatively we could deal with the 'extra' bits either by running the comb
* multiple times as necessary, or by using an alternative multiplier as prelude.
*/
throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
}
FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p);
FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q);
ECLookupTable lookupTableP = infoP.LookupTable;
ECLookupTable lookupTableQ = infoQ.LookupTable;
int widthP = infoP.Width;
int widthQ = infoQ.Width;
// TODO This shouldn't normally happen, but a better "solution" is desirable anyway
if (widthP != widthQ)
{
FixedPointCombMultiplier m = new FixedPointCombMultiplier();
ECPoint r1 = m.Multiply(p, k);
ECPoint r2 = m.Multiply(q, l);
return(r1.Add(r2));
}
int width = widthP;
int d = (combSize + width - 1) / width;
ECPoint R = c.Infinity;
int fullComb = d * width;
uint[] K = Nat.FromBigInteger(fullComb, k);
uint[] L = Nat.FromBigInteger(fullComb, l);
int top = fullComb - 1;
for (int i = 0; i < d; ++i)
{
uint secretIndexK = 0, secretIndexL = 0;
for (int j = top - i; j >= 0; j -= d)
{
uint secretBitK = K[j >> 5] >> (j & 0x1F);
secretIndexK ^= secretBitK >> 1;
secretIndexK <<= 1;
secretIndexK ^= secretBitK;
uint secretBitL = L[j >> 5] >> (j & 0x1F);
secretIndexL ^= secretBitL >> 1;
secretIndexL <<= 1;
secretIndexL ^= secretBitL;
}
ECPoint addP = lookupTableP.LookupVar((int)secretIndexK);
ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL);
ECPoint T = addP.Add(addQ);
R = R.TwicePlus(T);
}
return(R.Add(infoP.Offset).Add(infoQ.Offset));
}
internal static ECPoint ImplSumOfMultiplies(ECPoint[] ps, BigInteger[] ks)
{
int count = ps.Length;
int[] widths = new int[count];
WNafPreCompInfo[] infos = new WNafPreCompInfo[count];
byte[][] wnafs = new byte[count][];
int len = 0;
for (int i = 0; i < count; ++i)
{
widths[i] = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(ks[i].BitLength)));
infos[i] = WNafUtilities.Precompute(ps[i], widths[i], true);
wnafs[i] = WNafUtilities.GenerateWindowNaf(widths[i], ks[i]);
len = System.Math.Max(len, wnafs[i].Length);
}
ECCurve curve = ps[0].Curve;
ECPoint infinity = curve.Infinity;
ECPoint R = infinity;
int zeroes = 0;
for (int i = len - 1; i >= 0; --i)
{
ECPoint r = infinity;
for (int j = 0; j < count; ++j)
{
byte[] wnaf = wnafs[j];
int wi = i < wnaf.Length ? (int)(sbyte)wnaf[i] : 0;
if (wi != 0)
{
int n = System.Math.Abs(wi);
WNafPreCompInfo info = infos[j];
ECPoint[] table = wi < 0 ? info.PreCompNeg : info.PreComp;
r = r.Add(table[n >> 1]);
}
}
if (r == infinity)
{
++zeroes;
continue;
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
zeroes = 0;
}
R = R.TwicePlus(r);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
}
return(R);
}
internal static ECPoint ImplShamirsTrickWNaf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
{
int widthP = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(k.BitLength)));
int widthQ = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(l.BitLength)));
WNafPreCompInfo infoP = WNafUtilities.Precompute(P, widthP, true);
WNafPreCompInfo infoQ = WNafUtilities.Precompute(Q, widthQ, true);
ECPoint[] preCompP = infoP.PreComp;
ECPoint[] preCompQ = infoQ.PreComp;
ECPoint[] preCompNegP = infoP.PreCompNeg;
ECPoint[] preCompNegQ = infoQ.PreCompNeg;
byte[] wnafP = WNafUtilities.GenerateWindowNaf(widthP, k);
byte[] wnafQ = WNafUtilities.GenerateWindowNaf(widthQ, l);
int len = System.Math.Max(wnafP.Length, wnafQ.Length);
ECCurve curve = P.Curve;
ECPoint infinity = curve.Infinity;
ECPoint R = infinity;
int zeroes = 0;
for (int i = len - 1; i >= 0; --i)
{
int wiP = i < wnafP.Length ? (int)(sbyte)wnafP[i] : 0;
int wiQ = i < wnafQ.Length ? (int)(sbyte)wnafQ[i] : 0;
if ((wiP | wiQ) == 0)
{
++zeroes;
continue;
}
ECPoint r = infinity;
if (wiP != 0)
{
int nP = System.Math.Abs(wiP);
ECPoint[] tableP = wiP < 0 ? preCompNegP : preCompP;
r = r.Add(tableP[nP >> 1]);
}
if (wiQ != 0)
{
int nQ = System.Math.Abs(wiQ);
ECPoint[] tableQ = wiQ < 0 ? preCompNegQ : preCompQ;
r = r.Add(tableQ[nQ >> 1]);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
zeroes = 0;
}
R = R.TwicePlus(r);
}
if (zeroes > 0)
{
R = R.TimesPow2(zeroes);
}
return(R);
}
