/** * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2). * * @param yTilde * ~yp, an indication bit for the decompression of yp. * @param X1 * The field element xp. * @return the decompressed point. */ protected override ECPoint DecompressPoint(int yTilde, BigInteger X1) { ECFieldElement x = FromBigInteger(X1), y = null; if (x.IsZero) { y = B.Sqrt(); } else { ECFieldElement beta = x.Square().Invert().Multiply(B).Add(A).Add(x); ECFieldElement z = SolveQuadraticEquation(beta); if (z != null) { if (z.TestBitZero() != (yTilde == 1)) { z = z.AddOne(); } switch (this.CoordinateSystem) { case COORD_LAMBDA_AFFINE: case COORD_LAMBDA_PROJECTIVE: { y = z.Add(x); break; } default: { y = z.Multiply(x); break; } } } } if (y == null) { throw new ArgumentException("Invalid point compression"); } return(this.CreateRawPoint(x, y, true)); }
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1) { ECFieldElement eCFieldElement = FromBigInteger(X1); ECFieldElement eCFieldElement2 = null; if (eCFieldElement.IsZero) { eCFieldElement2 = B.Sqrt(); } else { ECFieldElement beta = eCFieldElement.Square().Invert().Multiply(B) .Add(A) .Add(eCFieldElement); ECFieldElement eCFieldElement3 = SolveQuadradicEquation(beta); if (eCFieldElement3 != null) { if (eCFieldElement3.TestBitZero() != (yTilde == 1)) { eCFieldElement3 = eCFieldElement3.AddOne(); } switch (CoordinateSystem) { case 5: case 6: eCFieldElement2 = eCFieldElement3.Add(eCFieldElement); break; default: eCFieldElement2 = eCFieldElement3.Multiply(eCFieldElement); break; } } } if (eCFieldElement2 == null) { throw new ArgumentException("Invalid point compression"); } return(CreateRawPoint(eCFieldElement, eCFieldElement2, withCompression: true)); }
protected override ECPoint DecompressPoint(int yTilde, BigInteger X1) { ECFieldElement b = this.FromBigInteger(X1); ECFieldElement y = null; if (b.IsZero) { y = this.B.Sqrt(); } else { ECFieldElement beta = b.Square().Invert().Multiply(this.B).Add(this.A).Add(b); ECFieldElement element4 = this.SolveQuadraticEquation(beta); if (element4 != null) { if (element4.TestBitZero() != (yTilde == 1)) { element4 = element4.AddOne(); } switch (this.CoordinateSystem) { case 5: case 6: y = element4.Add(b); goto Label_00A9; } y = element4.Multiply(b); } } Label_00A9: if (y == null) { throw new ArgumentException("Invalid point compression"); } return(this.CreateRawPoint(b, y, true)); }
public override ECPoint TwicePlus(ECPoint b) { if (this.IsInfinity) { return(b); } if (b.IsInfinity) { return(Twice()); } ECCurve curve = this.Curve; ECFieldElement X1 = this.RawXCoord; if (X1.IsZero) { // A point with X == 0 is it's own Additive inverse return(b); } // NOTE: TwicePlus() only optimized for lambda-affine argument ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0]; if (X2.IsZero || !Z2.IsOne) { return(Twice().Add(b)); } ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0]; ECFieldElement L2 = b.RawYCoord; ECFieldElement X1Sq = X1.Square(); ECFieldElement L1Sq = L1.Square(); ECFieldElement Z1Sq = Z1.Square(); ECFieldElement L1Z1 = L1.Multiply(Z1); //ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1); ECFieldElement T = L1Sq.Add(L1Z1); ECFieldElement L2plus1 = L2.AddOne(); //ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement A = L2plus1.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq); ECFieldElement B = X2Z1Sq.Add(T).Square(); if (B.IsZero) { if (A.IsZero) { return(b.Twice()); } return(curve.Infinity); } if (A.IsZero) { //return new SecT233K1Point(curve, A, curve.B.sqrt(), withCompression); return(new SecT233K1Point(curve, A, curve.B, IsCompressed)); } ECFieldElement X3 = A.Square().Multiply(X2Z1Sq); ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq); ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3); return(new SecT233K1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed)); }
public override ECPoint TwicePlus(ECPoint b) { if (this.IsInfinity) { return(b); } if (b.IsInfinity) { return(Twice()); } ECCurve curve = this.Curve; ECFieldElement X1 = this.RawXCoord; if (X1.IsZero) { // A point with X == 0 is it's own Additive inverse return(b); } ECFieldElement X2 = b.RawXCoord, Z2 = b.RawZCoords[0]; if (X2.IsZero || !Z2.IsOne) { return(Twice().Add(b)); } ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0]; ECFieldElement L2 = b.RawYCoord; ECFieldElement X1Sq = X1.Square(); ECFieldElement L1Sq = L1.Square(); ECFieldElement Z1Sq = Z1.Square(); ECFieldElement L1Z1 = L1.Multiply(Z1); ECFieldElement T = Z1Sq.Add(L1Sq).Add(L1Z1); ECFieldElement A = L2.Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq); ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq); ECFieldElement B = X2Z1Sq.Add(T).Square(); if (B.IsZero) { if (A.IsZero) { return(b.Twice()); } return(curve.Infinity); } if (A.IsZero) { return(new SecT571R1Point(curve, A, SecT571R1Curve.SecT571R1_B_SQRT, IsCompressed)); } ECFieldElement X3 = A.Square().Multiply(X2Z1Sq); ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq); ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2.AddOne(), Z3); return(new SecT571R1Point(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed)); }