protected override ECPoint MultiplyPositive(ECPoint p, BigInteger k)
{
ECCurve curve = p.Curve;
int combSize = FixedPointUtilities.GetCombSize(curve);
if (k.BitLength > combSize)
{
throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
}
int widthForCombSize = GetWidthForCombSize(combSize);
FixedPointPreCompInfo fixedPointPreCompInfo = FixedPointUtilities.Precompute(p, widthForCombSize);
ECPoint[] preComp = fixedPointPreCompInfo.PreComp;
int width = fixedPointPreCompInfo.Width;
int num = (combSize + width - 1) / width;
ECPoint eCPoint = curve.Infinity;
int num2 = num * width - 1;
for (int i = 0; i < num; i++)
{
int num3 = 0;
for (int num4 = num2 - i; num4 >= 0; num4 -= num)
{
num3 <<= 1;
if (k.TestBit(num4))
{
num3 |= 1;
}
}
eCPoint = eCPoint.TwicePlus(preComp[num3]);
}
return(eCPoint);
}
public static FixedPointPreCompInfo Precompute(ECPoint p, int minWidth)
{
ECCurve c = p.Curve;
int n = 1 << minWidth;
FixedPointPreCompInfo info = GetFixedPointPreCompInfo(c.GetPreCompInfo(p, PRECOMP_NAME));
ECPoint[] lookupTable = info.PreComp;
if (lookupTable == null || lookupTable.Length < n)
{
int bits = GetCombSize(c);
int d = (bits + minWidth - 1) / minWidth;
ECPoint[] pow2Table = new ECPoint[minWidth + 1];
pow2Table[0] = p;
for (int i = 1; i < minWidth; ++i)
{
pow2Table[i] = pow2Table[i - 1].TimesPow2(d);
}
// This will be the 'offset' value
pow2Table[minWidth] = pow2Table[0].Subtract(pow2Table[1]);
c.NormalizeAll(pow2Table);
lookupTable = new ECPoint[n];
lookupTable[0] = pow2Table[0];
for (int bit = minWidth - 1; bit >= 0; --bit)
{
ECPoint pow2 = pow2Table[bit];
int step = 1 << bit;
for (int i = step; i < n; i += (step << 1))
{
lookupTable[i] = lookupTable[i - step].Add(pow2);
}
}
c.NormalizeAll(lookupTable);
info.Offset = pow2Table[minWidth];
info.PreComp = lookupTable;
info.Width = minWidth;
c.SetPreCompInfo(p, PRECOMP_NAME, info);
}
return(info);
}
public static FixedPointPreCompInfo Precompute(ECPoint p, int minWidth)
{
ECCurve curve = p.Curve;
int num = 1 << minWidth;
FixedPointPreCompInfo fixedPointPreCompInfo = GetFixedPointPreCompInfo(curve.GetPreCompInfo(p, PRECOMP_NAME));
ECPoint[] preComp = fixedPointPreCompInfo.PreComp;
if (preComp == null || preComp.Length < num)
{
int combSize = GetCombSize(curve);
int e = (combSize + minWidth - 1) / minWidth;
ECPoint[] array = new ECPoint[minWidth];
array[0] = p;
for (int i = 1; i < minWidth; i++)
{
array[i] = array[i - 1].TimesPow2(e);
}
curve.NormalizeAll(array);
preComp = new ECPoint[num];
preComp[0] = curve.Infinity;
for (int num2 = minWidth - 1; num2 >= 0; num2--)
{
ECPoint b = array[num2];
int num3 = 1 << num2;
for (int j = num3; j < num; j += num3 << 1)
{
preComp[j] = preComp[j - num3].Add(b);
}
}
curve.NormalizeAll(preComp);
fixedPointPreCompInfo.PreComp = preComp;
fixedPointPreCompInfo.Width = minWidth;
curve.SetPreCompInfo(p, PRECOMP_NAME, fixedPointPreCompInfo);
}
return(fixedPointPreCompInfo);
}
private static ECPoint ImplShamirsTrickFixedPoint(ECPoint p, BigInteger k, ECPoint q, BigInteger l)
{
ECCurve c = p.Curve;
int combSize = FixedPointUtilities.GetCombSize(c);
if (k.BitLength > combSize || l.BitLength > combSize)
{
/*
* TODO The comb works best when the scalars are less than the (possibly unknown) order.
* Still, if we want to handle larger scalars, we could allow customization of the comb
* size, or alternatively we could deal with the 'extra' bits either by running the comb
* multiple times as necessary, or by using an alternative multiplier as prelude.
*/
throw new InvalidOperationException("fixed-point comb doesn't support scalars larger than the curve order");
}
FixedPointPreCompInfo infoP = FixedPointUtilities.Precompute(p);
FixedPointPreCompInfo infoQ = FixedPointUtilities.Precompute(q);
ECLookupTable lookupTableP = infoP.LookupTable;
ECLookupTable lookupTableQ = infoQ.LookupTable;
int widthP = infoP.Width;
int widthQ = infoQ.Width;
// TODO This shouldn't normally happen, but a better "solution" is desirable anyway
if (widthP != widthQ)
{
FixedPointCombMultiplier m = new FixedPointCombMultiplier();
ECPoint r1 = m.Multiply(p, k);
ECPoint r2 = m.Multiply(q, l);
return(r1.Add(r2));
}
int width = widthP;
int d = (combSize + width - 1) / width;
ECPoint R = c.Infinity;
int fullComb = d * width;
uint[] K = Nat.FromBigInteger(fullComb, k);
uint[] L = Nat.FromBigInteger(fullComb, l);
int top = fullComb - 1;
for (int i = 0; i < d; ++i)
{
uint secretIndexK = 0, secretIndexL = 0;
for (int j = top - i; j >= 0; j -= d)
{
uint secretBitK = K[j >> 5] >> (j & 0x1F);
secretIndexK ^= secretBitK >> 1;
secretIndexK <<= 1;
secretIndexK ^= secretBitK;
uint secretBitL = L[j >> 5] >> (j & 0x1F);
secretIndexL ^= secretBitL >> 1;
secretIndexL <<= 1;
secretIndexL ^= secretBitL;
}
ECPoint addP = lookupTableP.LookupVar((int)secretIndexK);
ECPoint addQ = lookupTableQ.LookupVar((int)secretIndexL);
ECPoint T = addP.Add(addQ);
R = R.TwicePlus(T);
}
return(R.Add(infoP.Offset).Add(infoQ.Offset));
}
