public X9ECParameters(
ECCurve curve,
ECPoint g,
BigInteger n)
: this(curve, g, n, BigInteger.One, null)
{
}
private static ECPoint ImplShamirsTrick(ECPoint P, BigInteger k,
ECPoint Q, BigInteger l)
{
int m = System.Math.Max(k.BitLength, l.BitLength);
ECPoint Z = P.Add(Q);
ECPoint R = P.Curve.Infinity;
for (int i = m - 1; i >= 0; --i)
{
R = R.Twice();
if (k.TestBit(i))
{
if (l.TestBit(i))
{
R = R.Add(Z);
}
else
{
R = R.Add(P);
}
}
else
{
if (l.TestBit(i))
{
R = R.Add(Q);
}
}
}
return R;
}
public ECDomainParameters(
ECCurve curve,
ECPoint g,
BigInteger n)
: this(curve, g, n, BigInteger.One)
{
}
public ECDomainParameters(
ECCurve curve,
ECPoint g,
BigInteger n,
BigInteger h)
: this(curve, g, n, h, null)
{
}
public ECPublicKeyParameters(
ECPoint q,
DerObjectIdentifier publicKeyParamSet)
: base("ECGOST3410", false, publicKeyParamSet)
{
if (q == null)
throw new ArgumentNullException("q");
this.q = q;
}
public ECPublicKeyParameters(
string algorithm,
ECPoint q,
ECDomainParameters parameters)
: base(algorithm, false, parameters)
{
if (q == null)
throw new ArgumentNullException("q");
this.q = q;
}
public ECPublicKeyParameters(
string algorithm,
ECPoint q,
DerObjectIdentifier publicKeyParamSet)
: base(algorithm, false, publicKeyParamSet)
{
if (q == null)
throw new ArgumentNullException("q");
this.q = q;
}
/*
* "Shamir's Trick", originally due to E. G. Straus
* (Addition chains of vectors. American Mathematical Monthly,
* 71(7):806-808, Aug./Sept. 1964)
*
* Input: The points P, Q, scalar k = (km?, ... , k1, k0)
* and scalar l = (lm?, ... , l1, l0).
* Output: R = k * P + l * Q.
* 1: Z <- P + Q
* 2: R <- O
* 3: for i from m-1 down to 0 do
* 4: R <- R + R {point doubling}
* 5: if (ki = 1) and (li = 0) then R <- R + P end if
* 6: if (ki = 0) and (li = 1) then R <- R + Q end if
* 7: if (ki = 1) and (li = 1) then R <- R + Z end if
* 8: end for
* 9: return R
*/
public static ECPoint ShamirsTrick(
ECPoint P,
BigInteger k,
ECPoint Q,
BigInteger l)
{
if (!P.Curve.Equals(Q.Curve))
throw new ArgumentException("P and Q must be on same curve");
return ImplShamirsTrick(P, k, Q, l);
}
public static ECPoint SumOfTwoMultiplies(ECPoint P, BigInteger a,
ECPoint Q, BigInteger b)
{
ECCurve c = P.Curve;
if (!c.Equals(Q.Curve))
throw new ArgumentException("P and Q must be on same curve");
// Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick
if (c is F2mCurve)
{
F2mCurve f2mCurve = (F2mCurve) c;
if (f2mCurve.IsKoblitz)
{
return P.Multiply(a).Add(Q.Multiply(b));
}
}
return ImplShamirsTrick(P, a, Q, b);
}
public X9ECParameters(
Asn1Sequence seq)
{
if (!(seq[0] is DerInteger)
|| !((DerInteger) seq[0]).Value.Equals(BigInteger.One))
{
throw new ArgumentException("bad version in X9ECParameters");
}
X9Curve x9c = null;
if (seq[2] is X9Curve)
{
x9c = (X9Curve) seq[2];
}
else
{
x9c = new X9Curve(
new X9FieldID(
(Asn1Sequence) seq[1]),
(Asn1Sequence) seq[2]);
}
this.curve = x9c.Curve;
if (seq[3] is X9ECPoint)
{
this.g = ((X9ECPoint) seq[3]).Point;
}
else
{
this.g = new X9ECPoint(curve, (Asn1OctetString) seq[3]).Point;
}
this.n = ((DerInteger) seq[4]).Value;
this.seed = x9c.GetSeed();
if (seq.Count == 6)
{
this.h = ((DerInteger) seq[5]).Value;
}
}
public ECDomainParameters(
ECCurve curve,
ECPoint g,
BigInteger n,
BigInteger h,
byte[] seed)
{
if (curve == null)
throw new ArgumentNullException("curve");
if (g == null)
throw new ArgumentNullException("g");
if (n == null)
throw new ArgumentNullException("n");
if (h == null)
throw new ArgumentNullException("h");
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = Arrays.Clone(seed);
}
public X9ECParameters(
ECCurve curve,
ECPoint g,
BigInteger n,
BigInteger h,
byte[] seed)
{
this.curve = curve;
this.g = g;
this.n = n;
this.h = h;
this.seed = seed;
if (curve is FpCurve)
{
this.fieldID = new X9FieldID(((FpCurve) curve).Q);
}
else if (curve is F2mCurve)
{
F2mCurve curveF2m = (F2mCurve) curve;
this.fieldID = new X9FieldID(curveF2m.M, curveF2m.K1,
curveF2m.K2, curveF2m.K3);
}
}
/* (non-Javadoc)
* @see org.bouncycastle.math.ec.ECPoint#add(org.bouncycastle.math.ec.ECPoint)
*/
public override ECPoint Add(ECPoint b)
{
CheckPoints(this, b);
return AddSimple((F2mPoint) b);
}
public abstract ECPoint Subtract(ECPoint b);
public abstract ECPoint Add(ECPoint b);
public X9ECPoint(
ECCurve c,
Asn1OctetString s)
{
this.p = c.DecodePoint(s.GetOctets());
}
public ECPublicKeyParameters(
ECPoint q,
ECDomainParameters parameters)
: this("EC", q, parameters)
{
}
public X9ECPoint(
ECPoint p)
{
this.p = p;
}
/* (non-Javadoc)
* @see org.bouncycastle.math.ec.ECPoint#subtract(org.bouncycastle.math.ec.ECPoint)
*/
public override ECPoint Subtract(
ECPoint b)
{
CheckPoints(this, b);
return SubtractSimple((F2mPoint) b);
}
// B.3 pg 62
public override ECPoint Add(
ECPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
// Check if b = this or b = -this
if (this.x.Equals(b.x))
{
if (this.y.Equals(b.y))
{
// this = b, i.e. this must be doubled
return this.Twice();
}
Debug.Assert(this.y.Equals(b.y.Negate()));
// this = -b, i.e. the result is the point at infinity
return this.curve.Infinity;
}
ECFieldElement gamma = b.y.Subtract(this.y).Divide(b.x.Subtract(this.x));
ECFieldElement x3 = gamma.Square().Subtract(this.x).Subtract(b.x);
ECFieldElement y3 = gamma.Multiply(this.x.Subtract(x3)).Subtract(this.y);
return new FpPoint(curve, x3, y3);
}
/**
* Check, if two <code>ECPoint</code>s can be added or subtracted.
* @param a The first <code>ECPoint</code> to check.
* @param b The second <code>ECPoint</code> to check.
* @throws IllegalArgumentException if <code>a</code> and <code>b</code>
* cannot be added.
*/
private static void CheckPoints(
ECPoint a,
ECPoint b)
{
// Check, if points are on the same curve
if (!a.curve.Equals(b.curve))
throw new ArgumentException("Only points on the same curve can be added or subtracted");
// F2mFieldElement.CheckFieldElements(a.x, b.x);
}
// D.3.2 pg 102 (see Note:)
public override ECPoint Subtract(
ECPoint b)
{
if (b.IsInfinity)
return this;
// Add -b
return Add(b.Negate());
}
