private static ECPoint DecompressPoint(int yTilde, BigInteger X1, ECCurve curve)
{
ECFieldElement x = new ECFieldElement(X1, curve);
ECFieldElement alpha = x * (x.Square() + curve.A) + curve.B;
ECFieldElement beta = alpha.Sqrt();
//
// if we can't find a sqrt we haven't got a point on the
// curve - run!
//
if (beta == null)
{
throw new ArithmeticException("Invalid point compression");
}
BigInteger betaValue = beta.Value;
int bit0 = betaValue.IsEven ? 0 : 1;
if (bit0 != yTilde)
{
// Use the other root
beta = new ECFieldElement(curve.Q - betaValue, curve);
}
return(new ECPoint(x, beta, curve));
}
public static FpPoint GetRandomPoint(string input, FpCurve curve, int index, Formatter formater, out int finalCounter)
{
int counter = 0;
ECFieldElement x = null, y = null, z = null;
while (y == null)
{
x = GetX(input, curve, index, counter);
z = x.Multiply(x.Square().Add(curve.A)).Add(curve.B);
if (z.ToBigInteger() == BigInteger.Zero)
{
y = z;
}
else
{
y = z.Sqrt(); // returns null if sqrt does not exist
}
counter++;
}
finalCounter = counter - 1;
if (formater != null)
{
formater.PrintBigInteger("vr_z", "UCAHR", null, z.ToBigInteger());
}
ECFieldElement yPrime = y.Negate();
return(new FpPoint(curve, x, y.ToBigInteger().CompareTo(yPrime.ToBigInteger()) < 0 ? y : yPrime));
}
private void ImplSqrtTest(ECCurve c)
{
if (ECAlgorithms.IsFpCurve(c))
{
BigInteger p = c.Field.Characteristic;
BigInteger pMinusOne = p.Subtract(BigInteger.One);
BigInteger legendreExponent = p.ShiftRight(1);
int count = 0;
while (count < 10)
{
BigInteger nonSquare = BigIntegers.CreateRandomInRange(BigInteger.Two, pMinusOne, Random);
if (!nonSquare.ModPow(legendreExponent, p).Equals(BigInteger.One))
{
ECFieldElement root = c.FromBigInteger(nonSquare).Sqrt();
Assert.IsNull(root);
++count;
}
}
}
else if (ECAlgorithms.IsF2mCurve(c))
{
int m = c.FieldSize;
BigInteger x = new BigInteger(m, Random);
ECFieldElement fe = c.FromBigInteger(x);
for (int i = 0; i < 100; ++i)
{
ECFieldElement sq = fe.Square();
ECFieldElement check = sq.Sqrt();
Assert.AreEqual(fe, check);
fe = sq;
}
}
}
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement eCFieldElement = FromBigInteger(X1);
ECFieldElement eCFieldElement2 = eCFieldElement.Square().Add(A).Multiply(eCFieldElement)
.Add(B);
ECFieldElement eCFieldElement3 = eCFieldElement2.Sqrt();
if (eCFieldElement3 == null)
{
throw new ArgumentException("Invalid point compression");
}
if (eCFieldElement3.TestBitZero() != (yTilde == 1))
{
eCFieldElement3 = eCFieldElement3.Negate();
}
return(CreateRawPoint(eCFieldElement, eCFieldElement3, withCompression: true));
}
public void TestSqrt()
{
ECFieldElement element = new ECFieldElement(new BigInteger(100), ECCurve.Secp256k1);
element.Sqrt().Should().Be(new ECFieldElement(BigInteger.Parse("115792089237316195423570985008687907853269984665640564039457584007908834671653"), ECCurve.Secp256k1));
ConstructorInfo constructor = typeof(ECCurve).GetConstructor(BindingFlags.NonPublic | BindingFlags.Instance, null, new Type[] { typeof(BigInteger), typeof(BigInteger), typeof(BigInteger), typeof(BigInteger), typeof(byte[]) }, null);
ECCurve testCruve = constructor.Invoke(new object[] {
BigInteger.Parse("00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFF0", NumberStyles.AllowHexSpecifier),
BigInteger.Parse("00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFF00", NumberStyles.AllowHexSpecifier),
BigInteger.Parse("005AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", NumberStyles.AllowHexSpecifier),
BigInteger.Parse("00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", NumberStyles.AllowHexSpecifier),
("04" + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5").HexToBytes()
}) as ECCurve;
element = new ECFieldElement(new BigInteger(200), testCruve);
element.Sqrt().Should().Be(null);
}
private void ImplValidityTest(ECCurve c, ECPoint g)
{
Assert.IsTrue(g.IsValid());
if (ECAlgorithms.IsF2mCurve(c))
{
BigInteger h = c.Cofactor;
if (null != h)
{
if (!h.TestBit(0))
{
ECFieldElement sqrtB = c.B.Sqrt();
ECPoint order2 = c.CreatePoint(BigInteger.Zero, sqrtB.ToBigInteger());
Assert.IsTrue(order2.Twice().IsInfinity);
Assert.IsFalse(order2.IsValid());
ECPoint bad2 = g.Add(order2);
Assert.IsFalse(bad2.IsValid());
ECPoint good2 = bad2.Add(order2);
Assert.IsTrue(good2.IsValid());
if (!h.TestBit(1))
{
ECFieldElement L = SolveQuadraticEquation(c, c.A);
Assert.IsNotNull(L);
ECFieldElement T = sqrtB;
ECFieldElement x = T.Sqrt();
ECFieldElement y = T.Add(x.Multiply(L));
ECPoint order4 = c.CreatePoint(x.ToBigInteger(), y.ToBigInteger());
Assert.IsTrue(order4.Twice().Equals(order2));
Assert.IsFalse(order4.IsValid());
ECPoint bad4_1 = g.Add(order4);
Assert.IsFalse(bad4_1.IsValid());
ECPoint bad4_2 = bad4_1.Add(order4);
Assert.IsFalse(bad4_2.IsValid());
ECPoint bad4_3 = bad4_2.Add(order4);
Assert.IsFalse(bad4_3.IsValid());
ECPoint good4 = bad4_3.Add(order4);
Assert.IsTrue(good4.IsValid());
}
}
}
}
}
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement x = FromBigInteger(X1);
ECFieldElement alpha = x.Square().Add(A).Multiply(x).Add(B);
ECFieldElement beta = alpha.Sqrt();
//
// if we can't find a sqrt we haven't got a point on the
// curve - run!
//
if (beta == null)
{
throw new ArithmeticException("Invalid point compression");
}
if (beta.TestBitZero() != (yTilde == 1))
{
// Use the other root
beta = beta.Negate();
}
return(new SecP521R1Point(this, x, beta, true));
}