protected override ECPoint MultiplyPositive(ECPoint p, BigInteger k)
{
ECCurve c = p.Curve;
int size = FixedPointUtilities.GetCombSize(c);
if (k.BitLength > size)
{
/*
* TODO The comb works best when the scalars are less than the (possibly unknown) order.
* Still, if we want to handle larger scalars, we could allow customization of the comb
* size, or alternatively we could deal with the 'extra' bits either by running the comb
* multiple times as necessary, or by using an alternative multiplier as prelude.
*/
throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
}
FixedPointPreCompInfo info = FixedPointUtilities.Precompute(p);
ECLookupTable lookupTable = info.LookupTable;
int width = info.Width;
int d = (size + width - 1) / width;
ECPoint R = c.Infinity;
int fullComb = d * width;
uint[] K = Nat.FromBigInteger(fullComb, k);
int top = fullComb - 1;
for (int i = 0; i < d; ++i)
{
uint secretIndex = 0;
for (int j = top - i; j >= 0; j -= d)
{
uint secretBit = K[j >> 5] >> (j & 0x1F);
secretIndex ^= secretBit >> 1;
secretIndex <<= 1;
secretIndex ^= secretBit;
}
ECPoint add = lookupTable.Lookup((int)secretIndex);
R = R.TwicePlus(add);
}
return(R.Add(info.Offset));
}
private bool CheckTable(ECLookupTable table, int n)
{
return(table != null && table.Size >= n);
}
private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l)
{
ECCurve c = p.Curve;
int combSize = FixedPointUtilities.GetCombSize(c);
if (k.BitLength > combSize || l.BitLength > combSize)
{
/*
* TODO The comb works best when the scalars are less than the (possibly unknown) order.
* Still, if we want to handle larger scalars, we could allow customization of the comb
* size, or alternatively we could deal with the 'extra' bits either by running the comb
* multiple times as necessary, or by using an alternative multiplier as prelude.
*/
throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
}
FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p);
FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q);
ECLookupTable lookupTableP = infoP.LookupTable;
ECLookupTable lookupTableQ = infoQ.LookupTable;
int widthP = infoP.Width;
int widthQ = infoQ.Width;
// TODO This shouldn't normally happen, but a better "solution" is desirable anyway
if (widthP != widthQ)
{
FixedPointCombMultiplier m = new FixedPointCombMultiplier();
ECPoint r1 = m.Multiply(p, k);
ECPoint r2 = m.Multiply(q, l);
return(r1.Add(r2));
}
int width = widthP;
int d = (combSize + width - 1) / width;
ECPoint R = c.Infinity;
int fullComb = d * width;
uint[] K = Nat.FromBigInteger(fullComb, k);
uint[] L = Nat.FromBigInteger(fullComb, l);
int top = fullComb - 1;
for (int i = 0; i < d; ++i)
{
uint secretIndexK = 0, secretIndexL = 0;
for (int j = top - i; j >= 0; j -= d)
{
uint secretBitK = K[j >> 5] >> (j & 0x1F);
secretIndexK ^= secretBitK >> 1;
secretIndexK <<= 1;
secretIndexK ^= secretBitK;
uint secretBitL = L[j >> 5] >> (j & 0x1F);
secretIndexL ^= secretBitL >> 1;
secretIndexL <<= 1;
secretIndexL ^= secretBitL;
}
ECPoint addP = lookupTableP.LookupVar((int)secretIndexK);
ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL);
ECPoint T = addP.Add(addQ);
R = R.TwicePlus(T);
}
return(R.Add(infoP.Offset).Add(infoQ.Offset));
}
