private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs) { int len = 0, count = wnafs.Length; for (int i = 0; i < count; ++i) { len = System.Math.Max(len, wnafs[i].Length); } ECCurve curve = infos[0].PreComp[0].Curve; ECPoint infinity = curve.Infinity; ECPoint R = infinity; int zeroes = 0; for (int i = len - 1; i >= 0; --i) { ECPoint r = infinity; for (int j = 0; j < count; ++j) { byte[] wnaf = wnafs[j]; int wi = i < wnaf.Length ? (int)(sbyte)wnaf[i] : 0; if (wi != 0) { int n = System.Math.Abs(wi); WNafPreCompInfo info = infos[j]; ECPoint[] table = (wi < 0 == negs[j]) ? info.PreComp : info.PreCompNeg; r = r.Add(table[n >> 1]); } } if (r == infinity) { ++zeroes; continue; } if (zeroes > 0) { R = R.TimesPow2(zeroes); zeroes = 0; } R = R.TwicePlus(r); } if (zeroes > 0) { R = R.TimesPow2(zeroes); } return(R); }
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ) { int len = System.Math.Max(wnafP.Length, wnafQ.Length); ECCurve curve = preCompP[0].Curve; ECPoint infinity = curve.Infinity; ECPoint R = infinity; int zeroes = 0; for (int i = len - 1; i >= 0; --i) { int wiP = i < wnafP.Length ? (int)(sbyte)wnafP[i] : 0; int wiQ = i < wnafQ.Length ? (int)(sbyte)wnafQ[i] : 0; if ((wiP | wiQ) == 0) { ++zeroes; continue; } ECPoint r = infinity; if (wiP != 0) { int nP = System.Math.Abs(wiP); ECPoint[] tableP = wiP < 0 ? preCompNegP : preCompP; r = r.Add(tableP[nP >> 1]); } if (wiQ != 0) { int nQ = System.Math.Abs(wiQ); ECPoint[] tableQ = wiQ < 0 ? preCompNegQ : preCompQ; r = r.Add(tableQ[nQ >> 1]); } if (zeroes > 0) { R = R.TimesPow2(zeroes); zeroes = 0; } R = R.TwicePlus(r); } if (zeroes > 0) { R = R.TimesPow2(zeroes); } return(R); }
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs) { int num = 0; int num2 = wnafs.Length; for (int i = 0; i < num2; i++) { num = System.Math.Max(num, wnafs[i].Length); } ECCurve curve = infos[0].PreComp[0].Curve; ECPoint infinity = curve.Infinity; ECPoint eCPoint = infinity; int num3 = 0; for (int num4 = num - 1; num4 >= 0; num4--) { ECPoint eCPoint2 = infinity; for (int j = 0; j < num2; j++) { byte[] array = wnafs[j]; int num5 = (num4 < array.Length) ? ((sbyte)array[num4]) : 0; if (num5 != 0) { int num6 = System.Math.Abs(num5); WNafPreCompInfo wNafPreCompInfo = infos[j]; ECPoint[] array2 = (num5 < 0 != negs[j]) ? wNafPreCompInfo.PreCompNeg : wNafPreCompInfo.PreComp; eCPoint2 = eCPoint2.Add(array2[num6 >> 1]); } } if (eCPoint2 == infinity) { num3++; } else { if (num3 > 0) { eCPoint = eCPoint.TimesPow2(num3); num3 = 0; } eCPoint = eCPoint.TwicePlus(eCPoint2); } } if (num3 > 0) { eCPoint = eCPoint.TimesPow2(num3); } return(eCPoint); }
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs) { int num = 0; int num2 = wnafs.Length; for (int i = 0; i < num2; i++) { num = Math.Max(num, wnafs[i].Length); } ECCurve curve = infos[0].PreComp[0].Curve; ECPoint infinity = curve.Infinity; ECPoint eCPoint = infinity; int num3 = 0; for (int j = num - 1; j >= 0; j--) { ECPoint eCPoint2 = infinity; for (int k = 0; k < num2; k++) { byte[] array = wnafs[k]; int num4 = (int)((j < array.Length) ? ((sbyte)array[j]) : 0); if (num4 != 0) { int num5 = Math.Abs(num4); WNafPreCompInfo wNafPreCompInfo = infos[k]; ECPoint[] array2 = (num4 < 0 == negs[k]) ? wNafPreCompInfo.PreComp : wNafPreCompInfo.PreCompNeg; eCPoint2 = eCPoint2.Add(array2[num5 >> 1]); } } if (eCPoint2 == infinity) { num3++; } else { if (num3 > 0) { eCPoint = eCPoint.TimesPow2(num3); num3 = 0; } eCPoint = eCPoint.TwicePlus(eCPoint2); } } if (num3 > 0) { eCPoint = eCPoint.TimesPow2(num3); } return(eCPoint); }
private static ECPoint ImplSumOfMultiplies(bool[] negs, WNafPreCompInfo[] infos, byte[][] wnafs) { int num = 0; int length = wnafs.Length; for (int i = 0; i < length; i++) { num = Math.Max(num, wnafs[i].Length); } ECPoint infinity = infos[0].PreComp[0].Curve.Infinity; ECPoint point2 = infinity; int e = 0; for (int j = num - 1; j >= 0; j--) { ECPoint b = infinity; for (int k = 0; k < length; k++) { byte[] buffer = wnafs[k]; int num7 = (j >= buffer.Length) ? 0 : ((int)((sbyte)buffer[j])); if (num7 != 0) { int num8 = Math.Abs(num7); WNafPreCompInfo info = infos[k]; ECPoint[] pointArray = ((num7 < 0) != negs[k]) ? info.PreCompNeg : info.PreComp; b = b.Add(pointArray[num8 >> 1]); } } if (b == infinity) { e++; } else { if (e > 0) { point2 = point2.TimesPow2(e); e = 0; } point2 = point2.TwicePlus(b); } } if (e > 0) { point2 = point2.TimesPow2(e); } return(point2); }
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ) { int num = Math.Max(wnafP.Length, wnafQ.Length); ECCurve curve = preCompP[0].Curve; ECPoint infinity = curve.Infinity; ECPoint eCPoint = infinity; int num2 = 0; for (int i = num - 1; i >= 0; i--) { int num3 = (int)((i < wnafP.Length) ? ((sbyte)wnafP[i]) : 0); int num4 = (int)((i < wnafQ.Length) ? ((sbyte)wnafQ[i]) : 0); if ((num3 | num4) == 0) { num2++; } else { ECPoint eCPoint2 = infinity; if (num3 != 0) { int num5 = Math.Abs(num3); ECPoint[] array = (num3 < 0) ? preCompNegP : preCompP; eCPoint2 = eCPoint2.Add(array[num5 >> 1]); } if (num4 != 0) { int num6 = Math.Abs(num4); ECPoint[] array2 = (num4 < 0) ? preCompNegQ : preCompQ; eCPoint2 = eCPoint2.Add(array2[num6 >> 1]); } if (num2 > 0) { eCPoint = eCPoint.TimesPow2(num2); num2 = 0; } eCPoint = eCPoint.TwicePlus(eCPoint2); } } if (num2 > 0) { eCPoint = eCPoint.TimesPow2(num2); } return(eCPoint); }
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ) { int num = System.Math.Max(wnafP.Length, wnafQ.Length); ECCurve curve = preCompP[0].Curve; ECPoint infinity = curve.Infinity; ECPoint eCPoint = infinity; int num2 = 0; for (int num3 = num - 1; num3 >= 0; num3--) { int num4 = (num3 < wnafP.Length) ? ((sbyte)wnafP[num3]) : 0; int num5 = (num3 < wnafQ.Length) ? ((sbyte)wnafQ[num3]) : 0; if ((num4 | num5) == 0) { num2++; } else { ECPoint eCPoint2 = infinity; if (num4 != 0) { int num6 = System.Math.Abs(num4); ECPoint[] array = (num4 >= 0) ? preCompP : preCompNegP; eCPoint2 = eCPoint2.Add(array[num6 >> 1]); } if (num5 != 0) { int num7 = System.Math.Abs(num5); ECPoint[] array2 = (num5 >= 0) ? preCompQ : preCompNegQ; eCPoint2 = eCPoint2.Add(array2[num7 >> 1]); } if (num2 > 0) { eCPoint = eCPoint.TimesPow2(num2); num2 = 0; } eCPoint = eCPoint.TwicePlus(eCPoint2); } } if (num2 > 0) { eCPoint = eCPoint.TimesPow2(num2); } return(eCPoint); }
private static ECPoint ImplShamirsTrickWNaf(ECPoint[] preCompP, ECPoint[] preCompNegP, byte[] wnafP, ECPoint[] preCompQ, ECPoint[] preCompNegQ, byte[] wnafQ) { int num = Math.Max(wnafP.Length, wnafQ.Length); ECPoint infinity = preCompP[0].Curve.Infinity; ECPoint point2 = infinity; int e = 0; for (int i = num - 1; i >= 0; i--) { int num4 = (i >= wnafP.Length) ? 0 : ((int)((sbyte)wnafP[i])); int num5 = (i >= wnafQ.Length) ? 0 : ((int)((sbyte)wnafQ[i])); if ((num4 | num5) == 0) { e++; } else { ECPoint b = infinity; if (num4 != 0) { int num6 = Math.Abs(num4); ECPoint[] pointArray = (num4 >= 0) ? preCompP : preCompNegP; b = b.Add(pointArray[num6 >> 1]); } if (num5 != 0) { int num7 = Math.Abs(num5); ECPoint[] pointArray2 = (num5 >= 0) ? preCompQ : preCompNegQ; b = b.Add(pointArray2[num7 >> 1]); } if (e > 0) { point2 = point2.TimesPow2(e); e = 0; } point2 = point2.TwicePlus(b); } } if (e > 0) { point2 = point2.TimesPow2(e); } return(point2); }
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { ECCurve curve = P.Curve; ECPoint infinity = curve.Infinity; ECPoint eCPoint = P.Add(Q); ECPoint eCPoint2 = P.Subtract(Q); ECPoint[] array = new ECPoint[] { Q, eCPoint2, P, eCPoint }; curve.NormalizeAll(array); ECPoint[] array2 = new ECPoint[] { array[3].Negate(), array[2].Negate(), array[1].Negate(), array[0].Negate(), infinity, array[0], array[1], array[2], array[3] }; byte[] array3 = WNafUtilities.GenerateJsf(k, l); ECPoint eCPoint3 = infinity; int num = array3.Length; while (--num >= 0) { int num2 = (int)array3[num]; int num3 = num2 << 24 >> 28; int num4 = num2 << 28 >> 28; int num5 = 4 + num3 * 3 + num4; eCPoint3 = eCPoint3.TwicePlus(array2[num5]); } return(eCPoint3); }
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { ECCurve curve = P.Curve; ECPoint infinity = curve.Infinity; // TODO conjugate co-Z addition (ZADDC) can return both of these ECPoint PaddQ = P.Add(Q); ECPoint PsubQ = P.Subtract(Q); ECPoint[] points = new ECPoint[] { Q, PsubQ, P, PaddQ }; curve.NormalizeAll(points); ECPoint[] table = new ECPoint[] { points[3].Negate(), points[2].Negate(), points[1].Negate(), points[0].Negate(), infinity, points[0], points[1], points[2], points[3] }; byte[] jsf = WNafUtilities.GenerateJsf(k, l); ECPoint R = infinity; int i = jsf.Length; while (--i >= 0) { int jsfi = jsf[i]; // NOTE: The shifting ensures the sign is extended correctly int kDigit = ((jsfi << 24) >> 28), lDigit = ((jsfi << 28) >> 28); int index = 4 + (kDigit * 3) + lDigit; R = R.TwicePlus(table[index]); } return(R); }
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { ECCurve curve = P.Curve; ECPoint infinity = curve.Infinity; ECPoint point2 = P.Add(Q); ECPoint point3 = P.Subtract(Q); ECPoint[] points = new ECPoint[] { Q, point3, P, point2 }; curve.NormalizeAll(points); ECPoint[] pointArray2 = new ECPoint[] { points[3].Negate(), points[2].Negate(), points[1].Negate(), points[0].Negate(), infinity, points[0], points[1], points[2], points[3] }; byte[] buffer = WNafUtilities.GenerateJsf(k, l); ECPoint point4 = infinity; int length = buffer.Length; while (--length >= 0) { int num2 = buffer[length]; int num3 = (num2 << 0x18) >> 0x1c; int num4 = (num2 << 0x1c) >> 0x1c; int index = (4 + (num3 * 3)) + num4; point4 = point4.TwicePlus(pointArray2[index]); } return(point4); }
/** * Tests <code>ECPoint.add()</code> and <code>ECPoint.subtract()</code> * for the given point and the given point at infinity. * * @param p * The point on which the tests are performed. * @param infinity * The point at infinity on the same curve as <code>p</code>. */ private void ImplTestAddSubtract(ECPoint p, ECPoint infinity) { AssertPointsEqual("Twice and Add inconsistent", p.Twice(), p.Add(p)); AssertPointsEqual("Twice p - p is not p", p, p.Twice().Subtract(p)); AssertPointsEqual("TwicePlus(p, -p) is not p", p, p.TwicePlus(p.Negate())); AssertPointsEqual("p - p is not infinity", infinity, p.Subtract(p)); AssertPointsEqual("p plus infinity is not p", p, p.Add(infinity)); AssertPointsEqual("infinity plus p is not p", p, infinity.Add(p)); AssertPointsEqual("infinity plus infinity is not infinity ", infinity, infinity.Add(infinity)); AssertPointsEqual("Twice infinity is not infinity ", infinity, infinity.Twice()); }
private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l) { ECCurve c = p.Curve; int combSize = FixedPointUtilities.GetCombSize(c); if (k.BitLength > combSize || l.BitLength > combSize) { /* * TODO The comb works best when the scalars are less than the (possibly unknown) order. * Still, if we want to handle larger scalars, we could allow customization of the comb * size, or alternatively we could deal with the 'extra' bits either by running the comb * multiple times as necessary, or by using an alternative multiplier as prelude. */ throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order"); } FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p); FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q); ECLookupTable lookupTableP = infoP.LookupTable; ECLookupTable lookupTableQ = infoQ.LookupTable; int widthP = infoP.Width; int widthQ = infoQ.Width; // TODO This shouldn't normally happen, but a better "solution" is desirable anyway if (widthP != widthQ) { FixedPointCombMultiplier m = new FixedPointCombMultiplier(); ECPoint r1 = m.Multiply(p, k); ECPoint r2 = m.Multiply(q, l); return(r1.Add(r2)); } int width = widthP; int d = (combSize + width - 1) / width; ECPoint R = c.Infinity; int fullComb = d * width; uint[] K = Nat.FromBigInteger(fullComb, k); uint[] L = Nat.FromBigInteger(fullComb, l); int top = fullComb - 1; for (int i = 0; i < d; ++i) { uint secretIndexK = 0, secretIndexL = 0; for (int j = top - i; j >= 0; j -= d) { uint secretBitK = K[j >> 5] >> (j & 0x1F); secretIndexK ^= secretBitK >> 1; secretIndexK <<= 1; secretIndexK ^= secretBitK; uint secretBitL = L[j >> 5] >> (j & 0x1F); secretIndexL ^= secretBitL >> 1; secretIndexL <<= 1; secretIndexL ^= secretBitL; } ECPoint addP = lookupTableP.LookupVar((int)secretIndexK); ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL); ECPoint T = addP.Add(addQ); R = R.TwicePlus(T); } return(R.Add(infoP.Offset).Add(infoQ.Offset)); }
internal static ECPoint ImplSumOfMultiplies(ECPoint[] ps, BigInteger[] ks) { int count = ps.Length; int[] widths = new int[count]; WNafPreCompInfo[] infos = new WNafPreCompInfo[count]; byte[][] wnafs = new byte[count][]; int len = 0; for (int i = 0; i < count; ++i) { widths[i] = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(ks[i].BitLength))); infos[i] = WNafUtilities.Precompute(ps[i], widths[i], true); wnafs[i] = WNafUtilities.GenerateWindowNaf(widths[i], ks[i]); len = System.Math.Max(len, wnafs[i].Length); } ECCurve curve = ps[0].Curve; ECPoint infinity = curve.Infinity; ECPoint R = infinity; int zeroes = 0; for (int i = len - 1; i >= 0; --i) { ECPoint r = infinity; for (int j = 0; j < count; ++j) { byte[] wnaf = wnafs[j]; int wi = i < wnaf.Length ? (int)(sbyte)wnaf[i] : 0; if (wi != 0) { int n = System.Math.Abs(wi); WNafPreCompInfo info = infos[j]; ECPoint[] table = wi < 0 ? info.PreCompNeg : info.PreComp; r = r.Add(table[n >> 1]); } } if (r == infinity) { ++zeroes; continue; } if (zeroes > 0) { R = R.TimesPow2(zeroes); zeroes = 0; } R = R.TwicePlus(r); } if (zeroes > 0) { R = R.TimesPow2(zeroes); } return(R); }
internal static ECPoint ImplShamirsTrickWNaf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l) { int widthP = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(k.BitLength))); int widthQ = System.Math.Max(2, System.Math.Min(16, WNafUtilities.GetWindowSize(l.BitLength))); WNafPreCompInfo infoP = WNafUtilities.Precompute(P, widthP, true); WNafPreCompInfo infoQ = WNafUtilities.Precompute(Q, widthQ, true); ECPoint[] preCompP = infoP.PreComp; ECPoint[] preCompQ = infoQ.PreComp; ECPoint[] preCompNegP = infoP.PreCompNeg; ECPoint[] preCompNegQ = infoQ.PreCompNeg; byte[] wnafP = WNafUtilities.GenerateWindowNaf(widthP, k); byte[] wnafQ = WNafUtilities.GenerateWindowNaf(widthQ, l); int len = System.Math.Max(wnafP.Length, wnafQ.Length); ECCurve curve = P.Curve; ECPoint infinity = curve.Infinity; ECPoint R = infinity; int zeroes = 0; for (int i = len - 1; i >= 0; --i) { int wiP = i < wnafP.Length ? (int)(sbyte)wnafP[i] : 0; int wiQ = i < wnafQ.Length ? (int)(sbyte)wnafQ[i] : 0; if ((wiP | wiQ) == 0) { ++zeroes; continue; } ECPoint r = infinity; if (wiP != 0) { int nP = System.Math.Abs(wiP); ECPoint[] tableP = wiP < 0 ? preCompNegP : preCompP; r = r.Add(tableP[nP >> 1]); } if (wiQ != 0) { int nQ = System.Math.Abs(wiQ); ECPoint[] tableQ = wiQ < 0 ? preCompNegQ : preCompQ; r = r.Add(tableQ[nQ >> 1]); } if (zeroes > 0) { R = R.TimesPow2(zeroes); zeroes = 0; } R = R.TwicePlus(r); } if (zeroes > 0) { R = R.TimesPow2(zeroes); } return(R); }