public static void select(Ge_cached t, Ge_cached[] pre, byte b) { Ge_cached minust = new Ge_cached(); int bnegative = negative((sbyte)b); int babs = b - (((-bnegative) & b) << 1); Fe_1.fe_1(t.YplusX); Fe_1.fe_1(t.YminusX); Fe_1.fe_1(t.Z); Fe_1.fe_1(t.Z); Fe_0.fe_0(t.T2d); cmov(t, pre[0], equal((byte)babs, 1)); cmov(t, pre[1], equal((byte)babs, 2)); cmov(t, pre[2], equal((byte)babs, 3)); cmov(t, pre[3], equal((byte)babs, 4)); cmov(t, pre[4], equal((byte)babs, 5)); cmov(t, pre[5], equal((byte)babs, 6)); cmov(t, pre[6], equal((byte)babs, 7)); cmov(t, pre[7], equal((byte)babs, 8)); Fe_copy.fe_copy(minust.YplusX, t.YminusX); Fe_copy.fe_copy(minust.YminusX, t.YplusX); Fe_copy.fe_copy(minust.Z, t.Z); Fe_neg.fe_neg(minust.T2d, t.T2d); cmov(t, minust, bnegative); }
public static void ge_montx_to_p2(Ge_p2 p, int[] u, byte ed_sign_bit) { int[] x = new int[10]; int[] y = new int[10]; int[] A = new int[10]; int[] v = new int[10]; int[] v2 = new int[10]; int[] iv = new int[10]; int[] nx = new int[10]; Fe_frombytes.fe_frombytes(A, A_bytes); /* given u, recover edwards y */ /* given u, recover v */ /* given u and v, recover edwards x */ Fe_montx_to_edy.fe_montx_to_edy(y, u); /* y = (u - 1) / (u + 1) */ Fe_mont_rhs.fe_mont_rhs(v2, u); /* v^2 = u(u^2 + Au + 1) */ Fe_sqrt.fe_sqrt(v, v2); /* v = sqrt(v^2) */ Fe_mul.fe_mul(x, u, A); /* x = u * sqrt(-(A+2)) */ Fe_invert.fe_invert(iv, v); /* 1/v */ Fe_mul.fe_mul(x, x, iv); /* x = (u/v) * sqrt(-(A+2)) */ Fe_neg.fe_neg(nx, x); /* negate x to match sign bit */ Fe_cmov.fe_cmov(x, nx, Fe_isnegative.fe_isnegative(x) ^ ed_sign_bit); Fe_copy.fe_copy(p.X, x); Fe_copy.fe_copy(p.Y, y); Fe_1.fe_1(p.Z); /* POSTCONDITION: check that p->X and p->Y satisfy the Ed curve equation */ /* -x^2 + y^2 = 1 + dx^2y^2 */ //#ifndef NDEBUG //{ //fe one, d, x2, y2, x2y2, dx2y2; // //unsigned char dbytes[32] = { //0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75, //0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00, //0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c, //0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52 //}; // //fe_frombytes(d, dbytes); //fe_1(one); //fe_sq(x2, p->X); /* x^2 */ //fe_sq(y2, p->Y); /* y^2 */ // //fe_mul(dx2y2, x2, y2); /* x^2y^2 */ //fe_mul(dx2y2, dx2y2, d); /* dx^2y^2 */ //fe_add(dx2y2, dx2y2, one); /* dx^2y^2 + 1 */ //fe_neg(x2y2, x2); /* -x^2 */ //fe_add(x2y2, x2y2, y2); /* -x^2 + y^2 */ // //assert(fe_isequal(x2y2, dx2y2)); //} //#endif }
/* * return r = -p */ public static void ge_neg(Ge_p3 r, Ge_p3 p) { Fe_neg.fe_neg(r.X, p.X); Fe_copy.fe_copy(r.Y, p.Y); Fe_copy.fe_copy(r.Z, p.Z); Fe_neg.fe_neg(r.T, p.T); }
public static int ge_frombytes_negate_vartime(Ge_p3 h, byte[] s) { int[] u = new int[10]; int[] v = new int[10]; int[] v3 = new int[10]; int[] vxx = new int[10]; int[] check = new int[10]; Fe_frombytes.fe_frombytes(h.Y, s); Fe_1.fe_1(h.Z); Fe_sq.fe_sq(u, h.Y); Fe_mul.fe_mul(v, u, d); Fe_sub.fe_sub(u, u, h.Z); /* u = y^2-1 */ Fe_add.fe_add(v, v, h.Z); /* v = dy^2+1 */ Fe_sq.fe_sq(v3, v); Fe_mul.fe_mul(v3, v3, v); /* v3 = v^3 */ Fe_sq.fe_sq(h.X, v3); Fe_mul.fe_mul(h.X, h.X, v); Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^7 */ Fe_pow22523.fe_pow22523(h.X, h.X); /* x = (uv^7)^((q-5)/8) */ Fe_mul.fe_mul(h.X, h.X, v3); Fe_mul.fe_mul(h.X, h.X, u); /* x = uv^3(uv^7)^((q-5)/8) */ Fe_sq.fe_sq(vxx, h.X); Fe_mul.fe_mul(vxx, vxx, v); Fe_sub.fe_sub(check, vxx, u); /* vx^2-u */ if (Fe_isnonzero.fe_isnonzero(check) != 0) { Fe_add.fe_add(check, vxx, u); /* vx^2+u */ if (Fe_isnonzero.fe_isnonzero(check) != 0) { return(-1); } Fe_mul.fe_mul(h.X, h.X, sqrtm1); } if (Fe_isnegative.fe_isnegative(h.X) == ((((uint)s[31]) >> 7) & 0x01)) { Fe_neg.fe_neg(h.X, h.X); } Fe_mul.fe_mul(h.T, h.X, h.Y); return(0); }
static void select(Ge_precomp t, int pos, byte b) { Ge_precomp[,] gepc_base = (pos <= 7 ? Ge_precomp_base_0_7.gepc_base : (pos <= 15 ? Ge_precomp_base_8_15.gepc_base : (pos <= 23 ? Ge_precomp_base_16_23.gepc_base : Ge_precomp_base_24_31.gepc_base))); Ge_precomp minust = new Ge_precomp(); int bnegative = negative((sbyte)b); int babs = b - (((-bnegative) & b) << 1); Ge_precomp_0.ge_precomp_0(t); cmov(t, gepc_base[pos, 0], equal((byte)babs, (byte)1)); cmov(t, gepc_base[pos, 1], equal((byte)babs, (byte)2)); cmov(t, gepc_base[pos, 2], equal((byte)babs, (byte)3)); cmov(t, gepc_base[pos, 3], equal((byte)babs, (byte)4)); cmov(t, gepc_base[pos, 4], equal((byte)babs, (byte)5)); cmov(t, gepc_base[pos, 5], equal((byte)babs, (byte)6)); cmov(t, gepc_base[pos, 6], equal((byte)babs, (byte)7)); cmov(t, gepc_base[pos, 7], equal((byte)babs, (byte)8)); Fe_copy.fe_copy(minust.yplusx, t.yminusx); Fe_copy.fe_copy(minust.yminusx, t.yplusx); Fe_neg.fe_neg(minust.xy2d, t.xy2d); cmov(t, minust, bnegative); }