コード例 #1
    protected override ECPoint MultiplyPositive(ECPoint p, BigInteger k)
        ECCurve curve    = p.Curve;
        int     combSize = FixedPointUtilities.GetCombSize(curve);

        if (k.BitLength > combSize)
            throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
        int widthForCombSize = GetWidthForCombSize(combSize);
        FixedPointPreCompInfo fixedPointPreCompInfo = FixedPointUtilities.Precompute(p, widthForCombSize);

        ECPoint[] preComp = fixedPointPreCompInfo.PreComp;
        int       width   = fixedPointPreCompInfo.Width;
        int       num     = (combSize + width - 1) / width;
        ECPoint   eCPoint = curve.Infinity;
        int       num2    = num * width - 1;

        for (int i = 0; i < num; i++)
            int num3 = 0;
            for (int num4 = num2 - i; num4 >= 0; num4 -= num)
                num3 <<= 1;
                if (k.TestBit(num4))
                    num3 |= 1;
            eCPoint = eCPoint.TwicePlus(preComp[num3]);
コード例 #2
        internal static ECPoint ImplShamirsTrickWNaf(ECPoint P, BigInteger k,
                                                     ECPoint Q, BigInteger l)
            bool negK = k.SignValue < 0, negL = l.SignValue < 0;

            BigInteger kAbs = k.Abs(), lAbs = l.Abs();

            int minWidthP = WNafUtilities.GetWindowSize(kAbs.BitLength, 8);
            int minWidthQ = WNafUtilities.GetWindowSize(lAbs.BitLength, 8);

            WNafPreCompInfo infoP = WNafUtilities.Precompute(P, minWidthP, true);
            WNafPreCompInfo infoQ = WNafUtilities.Precompute(Q, minWidthQ, true);

            // When P, Q are 'promoted' (i.e. reused several times), switch to fixed-point algorithm
                ECCurve c        = P.Curve;
                int     combSize = FixedPointUtilities.GetCombSize(c);
                if (!negK && !negL &&
                    k.BitLength <= combSize && l.BitLength <= combSize &&
                    infoP.IsPromoted && infoQ.IsPromoted)
                    return(ImplShamirsTrickFixedPoint(P, k, Q, l));

            int widthP = System.Math.Min(8, infoP.Width);
            int widthQ = System.Math.Min(8, infoQ.Width);

            ECPoint[] preCompP    = negK ? infoP.PreCompNeg : infoP.PreComp;
            ECPoint[] preCompQ    = negL ? infoQ.PreCompNeg : infoQ.PreComp;
            ECPoint[] preCompNegP = negK ? infoP.PreComp : infoP.PreCompNeg;
            ECPoint[] preCompNegQ = negL ? infoQ.PreComp : infoQ.PreCompNeg;

            byte[] wnafP = WNafUtilities.GenerateWindowNaf(widthP, kAbs);
            byte[] wnafQ = WNafUtilities.GenerateWindowNaf(widthQ, lAbs);

            return(ImplShamirsTrickWNaf(preCompP, preCompNegP, wnafP, preCompQ, preCompNegQ, wnafQ));
コード例 #3
        private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l)
            ECCurve c        = p.Curve;
            int     combSize = FixedPointUtilities.GetCombSize(c);

            if (k.BitLength > combSize || l.BitLength > combSize)
                 * TODO The comb works best when the scalars are less than the (possibly unknown) order.
                 * Still, if we want to handle larger scalars, we could allow customization of the comb
                 * size, or alternatively we could deal with the 'extra' bits either by running the comb
                 * multiple times as necessary, or by using an alternative multiplier as prelude.
                throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");

            FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p);
            FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q);

            ECLookupTable lookupTableP = infoP.LookupTable;
            ECLookupTable lookupTableQ = infoQ.LookupTable;

            int widthP = infoP.Width;
            int widthQ = infoQ.Width;

            // TODO This shouldn't normally happen, but a better "solution" is desirable anyway
            if (widthP != widthQ)
                FixedPointCombMultiplier m = new FixedPointCombMultiplier();
                ECPoint r1 = m.Multiply(p, k);
                ECPoint r2 = m.Multiply(q, l);

            int width = widthP;

            int d = (combSize + width - 1) / width;

            ECPoint R = c.Infinity;

            int fullComb = d * width;

            uint[] K = Nat.FromBigInteger(fullComb, k);
            uint[] L = Nat.FromBigInteger(fullComb, l);

            int top = fullComb - 1;

            for (int i = 0; i < d; ++i)
                uint secretIndexK = 0, secretIndexL = 0;

                for (int j = top - i; j >= 0; j -= d)
                    uint secretBitK = K[j >> 5] >> (j & 0x1F);
                    secretIndexK  ^= secretBitK >> 1;
                    secretIndexK <<= 1;
                    secretIndexK  ^= secretBitK;

                    uint secretBitL = L[j >> 5] >> (j & 0x1F);
                    secretIndexL  ^= secretBitL >> 1;
                    secretIndexL <<= 1;
                    secretIndexL  ^= secretBitL;

                ECPoint addP = lookupTableP.LookupVar((int)secretIndexK);
                ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL);

                ECPoint T = addP.Add(addQ);

                R = R.TwicePlus(T);
