public override ECPoint LookupVar(int index)
{
ulong[] x = Nat128.Create64(), y = Nat128.Create64();
int pos = index * SECT113R2_FE_LONGS * 2;
for (int j = 0; j < SECT113R2_FE_LONGS; ++j)
{
x[j] = m_table[pos + j];
y[j] = m_table[pos + SECT113R2_FE_LONGS + j];
}
return(CreatePoint(x, y));
}
public override ECPoint LookupVar(int index)
{
uint[] x = Nat128.Create(), y = Nat128.Create();
int pos = index * SECP128R1_FE_INTS * 2;
for (int j = 0; j < SECP128R1_FE_INTS; ++j)
{
x[j] = m_table[pos + j];
y[j] = m_table[pos + SECP128R1_FE_INTS + j];
}
return(CreatePoint(x, y));
}
public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
ulong[] array = this.x;
ulong[] y2 = ((SecT113FieldElement)b).x;
ulong[] array2 = ((SecT113FieldElement)x).x;
ulong[] y3 = ((SecT113FieldElement)y).x;
ulong[] array3 = Nat128.CreateExt64();
SecT113Field.MultiplyAddToExt(array, y2, array3);
SecT113Field.MultiplyAddToExt(array2, y3, array3);
ulong[] z = Nat128.Create64();
SecT113Field.Reduce(array3, z);
return(new SecT113FieldElement(z));
}
public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
ulong[] ax = this.x, bx = ((SecT113FieldElement)b).x;
ulong[] xx = ((SecT113FieldElement)x).x, yx = ((SecT113FieldElement)y).x;
ulong[] tt = Nat128.CreateExt64();
SecT113Field.MultiplyAddToExt(ax, bx, tt);
SecT113Field.MultiplyAddToExt(xx, yx, tt);
ulong[] z = Nat128.Create64();
SecT113Field.Reduce(tt, z);
return(new SecT113FieldElement(z));
}
public override ECFieldElement MultiplyPlusProduct(ECFieldElement b, ECFieldElement x, ECFieldElement y)
{
ulong[] numArray = this.x;
ulong[] numArray2 = ((SecT113FieldElement)b).x;
ulong[] numArray3 = ((SecT113FieldElement)x).x;
ulong[] numArray4 = ((SecT113FieldElement)y).x;
ulong[] zz = Nat128.CreateExt64();
SecT113Field.MultiplyAddToExt(numArray, numArray2, zz);
SecT113Field.MultiplyAddToExt(numArray3, numArray4, zz);
ulong[] z = Nat128.Create64();
SecT113Field.Reduce(zz, z);
return(new SecT113FieldElement(z));
}
public static void SquareN(uint[] x, int n, uint[] z)
{
Debug.Assert(n > 0);
uint[] tt = Nat128.CreateExt();
Nat128.Square(x, tt);
Reduce(tt, z);
while (--n > 0)
{
Nat128.Square(z, tt);
Reduce(tt, z);
}
}
public static void SquareN(ulong[] x, int n, ulong[] z)
{
Debug.Assert(n > 0);
ulong[] tt = Nat128.CreateExt64();
ImplSquare(x, tt);
Reduce(tt, z);
while (--n > 0)
{
ImplSquare(z, tt);
Reduce(tt, z);
}
}
public static void HalfTrace(ulong[] x, ulong[] z)
{
ulong[] tt = Nat128.CreateExt64();
Nat128.Copy64(x, z);
for (int i = 1; i < 113; i += 2)
{
ImplSquare(z, tt);
Reduce(tt, z);
ImplSquare(z, tt);
Reduce(tt, z);
AddTo(x, z);
}
}
public static void Inv(uint[] x, uint[] z)
{
/*
* Raise this element to the exponent 2^128 - 2^97 - 3
*
* Breaking up the exponent's binary representation into "repunits", we get:
* { 30 1s } { 1 0s } { 95 1s } { 1 0s } { 1 1s }
*
* We use an addition chain for the beginning: [1], 2, 3, [5], 10, 20, [30]
*/
if (0 != IsZero(x))
{
throw new ArgumentException("cannot be 0", "x");
}
uint[] x1 = x;
uint[] x2 = Nat128.Create();
Square(x1, x2);
Multiply(x2, x1, x2);
uint[] x3 = Nat128.Create();
Square(x2, x3);
Multiply(x3, x1, x3);
uint[] x5 = x3;
SquareN(x3, 2, x5);
Multiply(x5, x2, x5);
uint[] x10 = x2;
SquareN(x5, 5, x10);
Multiply(x10, x5, x10);
uint[] x20 = Nat128.Create();
SquareN(x10, 10, x20);
Multiply(x20, x10, x20);
uint[] x30 = x20;
SquareN(x20, 10, x30);
Multiply(x30, x10, x30);
uint[] t = x10;
SquareN(x30, 31, t);
Multiply(t, x30, t);
SquareN(t, 30, t);
Multiply(t, x30, t);
SquareN(t, 30, t);
Multiply(t, x30, t);
SquareN(t, 5, t);
Multiply(t, x5, t);
SquareN(t, 2, t);
// NOTE that x1 and z could be the same array
Multiply(x1, t, z);
}
public override ECLookupTable CreateCacheSafeLookupTable(ECPoint[] points, int off, int len)
{
uint[] table = new uint[len * SECP128R1_FE_INTS * 2];
{
int pos = 0;
for (int i = 0; i < len; ++i)
{
ECPoint p = points[off + i];
Nat128.Copy(((SecP128R1FieldElement)p.RawXCoord).x, 0, table, pos); pos += SECP128R1_FE_INTS;
Nat128.Copy(((SecP128R1FieldElement)p.RawYCoord).x, 0, table, pos); pos += SECP128R1_FE_INTS;
}
}
return(new SecP128R1LookupTable(this, table, len));
}
public override ECLookupTable CreateCacheSafeLookupTable(ECPoint[] points, int off, int len)
{
ulong[] table = new ulong[len * SECT113R2_FE_LONGS * 2];
{
int pos = 0;
for (int i = 0; i < len; ++i)
{
ECPoint p = points[off + i];
Nat128.Copy64(((SecT113FieldElement)p.RawXCoord).x, 0, table, pos); pos += SECT113R2_FE_LONGS;
Nat128.Copy64(((SecT113FieldElement)p.RawYCoord).x, 0, table, pos); pos += SECT113R2_FE_LONGS;
}
}
return(new SecT113R2LookupTable(this, table, len));
}
// D.1.4 91
/**
* return a sqrt root - the routine verifies that the calculation returns the right value - if
* none exists it returns null.
*/
public override ECFieldElement Sqrt()
{
/*
* Raise this element to the exponent 2^126 - 2^95
*
* Breaking up the exponent's binary representation into "repunits", we get:
* { 31 1s } { 95 0s }
*
* Therefore we need an addition chain containing 31 (the length of the repunit) We use:
* 1, 2, 4, 8, 10, 20, 30, [31]
*/
uint[] x1 = this.x;
if (Nat128.IsZero(x1) || Nat128.IsOne(x1))
{
return(this);
}
uint[] x2 = Nat128.Create();
SecP128R1Field.Square(x1, x2);
SecP128R1Field.Multiply(x2, x1, x2);
uint[] x4 = Nat128.Create();
SecP128R1Field.SquareN(x2, 2, x4);
SecP128R1Field.Multiply(x4, x2, x4);
uint[] x8 = Nat128.Create();
SecP128R1Field.SquareN(x4, 4, x8);
SecP128R1Field.Multiply(x8, x4, x8);
uint[] x10 = x4;
SecP128R1Field.SquareN(x8, 2, x10);
SecP128R1Field.Multiply(x10, x2, x10);
uint[] x20 = x2;
SecP128R1Field.SquareN(x10, 10, x20);
SecP128R1Field.Multiply(x20, x10, x20);
uint[] x30 = x8;
SecP128R1Field.SquareN(x20, 10, x30);
SecP128R1Field.Multiply(x30, x10, x30);
uint[] x31 = x10;
SecP128R1Field.Square(x30, x31);
SecP128R1Field.Multiply(x31, x1, x31);
uint[] t1 = x31;
SecP128R1Field.SquareN(t1, 95, t1);
uint[] t2 = x30;
SecP128R1Field.Square(t1, t2);
return(Nat128.Eq(x1, t2) ? new SecP128R1FieldElement(t1) : null);
}
public virtual ECPoint Lookup(int index)
{
ulong[] x = Nat128.Create64(), y = Nat128.Create64();
int pos = 0;
for (int i = 0; i < m_size; ++i)
{
ulong MASK = (ulong)(long)(((i ^ index) - 1) >> 31);
for (int j = 0; j < SECT113R1_FE_LONGS; ++j)
{
x[j] ^= m_table[pos + j] & MASK;
y[j] ^= m_table[pos + SECT113R1_FE_LONGS + j] & MASK;
}
pos += (SECT113R1_FE_LONGS * 2);
}
return(m_outer.CreateRawPoint(new SecT113FieldElement(x), new SecT113FieldElement(y), false));
}
public virtual ECPoint Lookup(int index)
{
uint[] x = Nat128.Create(), y = Nat128.Create();
int pos = 0;
for (int i = 0; i < m_size; ++i)
{
uint MASK = (uint)(((i ^ index) - 1) >> 31);
for (int j = 0; j < SECP128R1_FE_INTS; ++j)
{
x[j] ^= m_table[pos + j] & MASK;
y[j] ^= m_table[pos + SECP128R1_FE_INTS + j] & MASK;
}
pos += (SECP128R1_FE_INTS * 2);
}
return(m_outer.CreateRawPoint(new SecP128R1FieldElement(x), new SecP128R1FieldElement(y), false));
}
public override ECPoint Lookup(int index)
{
ulong[] x = Nat128.Create64(), y = Nat128.Create64();
int pos = 0;
for (int i = 0; i < m_size; ++i)
{
ulong MASK = (ulong)(long)(((i ^ index) - 1) >> 31);
for (int j = 0; j < SECT113R2_FE_LONGS; ++j)
{
x[j] ^= m_table[pos + j] & MASK;
y[j] ^= m_table[pos + SECT113R2_FE_LONGS + j] & MASK;
}
pos += (SECT113R2_FE_LONGS * 2);
}
return(CreatePoint(x, y));
}
public override ECPoint Lookup(int index)
{
uint[] x = Nat128.Create(), y = Nat128.Create();
int pos = 0;
for (int i = 0; i < m_size; ++i)
{
uint MASK = (uint)(((i ^ index) - 1) >> 31);
for (int j = 0; j < SECP128R1_FE_INTS; ++j)
{
x[j] ^= m_table[pos + j] & MASK;
y[j] ^= m_table[pos + SECP128R1_FE_INTS + j] & MASK;
}
pos += (SECP128R1_FE_INTS * 2);
}
return(CreatePoint(x, y));
}
public override ECFieldElement Sqrt()
{
uint[] y = x;
if (Nat128.IsZero(y) || Nat128.IsOne(y))
{
return(this);
}
uint[] array = Nat128.Create();
SecP128R1Field.Square(y, array);
SecP128R1Field.Multiply(array, y, array);
uint[] array2 = Nat128.Create();
SecP128R1Field.SquareN(array, 2, array2);
SecP128R1Field.Multiply(array2, array, array2);
uint[] array3 = Nat128.Create();
SecP128R1Field.SquareN(array2, 4, array3);
SecP128R1Field.Multiply(array3, array2, array3);
uint[] array4 = array2;
SecP128R1Field.SquareN(array3, 2, array4);
SecP128R1Field.Multiply(array4, array, array4);
uint[] z = array;
SecP128R1Field.SquareN(array4, 10, z);
SecP128R1Field.Multiply(z, array4, z);
uint[] array5 = array3;
SecP128R1Field.SquareN(z, 10, array5);
SecP128R1Field.Multiply(array5, array4, array5);
uint[] array6 = array4;
SecP128R1Field.Square(array5, array6);
SecP128R1Field.Multiply(array6, y, array6);
uint[] z2 = array6;
SecP128R1Field.SquareN(z2, 95, z2);
uint[] array7 = array5;
SecP128R1Field.Square(z2, array7);
if (!Nat128.Eq(y, array7))
{
return(null);
}
return(new SecP128R1FieldElement(z2));
}
public override ECFieldElement Multiply(ECFieldElement b)
{
ulong[] z = Nat128.Create64();
SecT113Field.Multiply(x, ((SecT113FieldElement)b).x, z);
return(new SecT113FieldElement(z));
}
public override ECFieldElement AddOne()
{
ulong[] z = Nat128.Create64();
SecT113Field.AddOne(x, z);
return(new SecT113FieldElement(z));
}
public override BigInteger ToBigInteger()
{
return(Nat128.ToBigInteger64(x));
}
public SecT113FieldElement()
{
this.x = Nat128.Create64();
}
public static void Multiply(uint[] x, uint[] y, uint[] z)
{
uint[] tt = Nat128.CreateExt();
Nat128.Mul(x, y, tt);
Reduce(tt, z);
}
public override ECFieldElement Subtract(ECFieldElement b)
{
uint[] z = Nat128.Create();
SecP128R1Field.Subtract(x, ((SecP128R1FieldElement)b).x, z);
return(new SecP128R1FieldElement(z));
}
public override ECFieldElement AddOne()
{
uint[] z = Nat128.Create();
SecP128R1Field.AddOne(x, z);
return(new SecP128R1FieldElement(z));
}
public override bool TestBitZero()
{
return(Nat128.GetBit(x, 0) == 1);
}
public SecP128R1FieldElement()
{
this.x = Nat128.Create();
}
public override ECFieldElement Invert()
{
uint[] z = Nat128.Create();
Mod.Invert(SecP128R1Field.P, x, z);
return(new SecP128R1FieldElement(z));
}
public override ECFieldElement Multiply(ECFieldElement b)
{
uint[] z = Nat128.Create();
SecP128R1Field.Multiply(x, ((SecP128R1FieldElement)b).x, z);
return(new SecP128R1FieldElement(z));
}
public override ECPoint Add(ECPoint b)
{
if (base.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
if (this == b)
{
return(Twice());
}
ECCurve curve = Curve;
SecP128R1FieldElement secP128R1FieldElement = (SecP128R1FieldElement)base.RawXCoord;
SecP128R1FieldElement secP128R1FieldElement2 = (SecP128R1FieldElement)base.RawYCoord;
SecP128R1FieldElement secP128R1FieldElement3 = (SecP128R1FieldElement)b.RawXCoord;
SecP128R1FieldElement secP128R1FieldElement4 = (SecP128R1FieldElement)b.RawYCoord;
SecP128R1FieldElement secP128R1FieldElement5 = (SecP128R1FieldElement)base.RawZCoords[0];
SecP128R1FieldElement secP128R1FieldElement6 = (SecP128R1FieldElement)b.RawZCoords[0];
uint[] array = Nat128.CreateExt();
uint[] array2 = Nat128.Create();
uint[] array3 = Nat128.Create();
uint[] array4 = Nat128.Create();
bool isOne = secP128R1FieldElement5.IsOne;
uint[] array5;
uint[] array6;
if (isOne)
{
array5 = secP128R1FieldElement3.x;
array6 = secP128R1FieldElement4.x;
}
else
{
array6 = array3;
SecP128R1Field.Square(secP128R1FieldElement5.x, array6);
array5 = array2;
SecP128R1Field.Multiply(array6, secP128R1FieldElement3.x, array5);
SecP128R1Field.Multiply(array6, secP128R1FieldElement5.x, array6);
SecP128R1Field.Multiply(array6, secP128R1FieldElement4.x, array6);
}
bool isOne2 = secP128R1FieldElement6.IsOne;
uint[] array7;
uint[] array8;
if (isOne2)
{
array7 = secP128R1FieldElement.x;
array8 = secP128R1FieldElement2.x;
}
else
{
array8 = array4;
SecP128R1Field.Square(secP128R1FieldElement6.x, array8);
array7 = array;
SecP128R1Field.Multiply(array8, secP128R1FieldElement.x, array7);
SecP128R1Field.Multiply(array8, secP128R1FieldElement6.x, array8);
SecP128R1Field.Multiply(array8, secP128R1FieldElement2.x, array8);
}
uint[] array9 = Nat128.Create();
SecP128R1Field.Subtract(array7, array5, array9);
uint[] array10 = array2;
SecP128R1Field.Subtract(array8, array6, array10);
if (Nat128.IsZero(array9))
{
if (Nat128.IsZero(array10))
{
return(Twice());
}
return(curve.Infinity);
}
uint[] array11 = array3;
SecP128R1Field.Square(array9, array11);
uint[] array12 = Nat128.Create();
SecP128R1Field.Multiply(array11, array9, array12);
uint[] array13 = array3;
SecP128R1Field.Multiply(array11, array7, array13);
SecP128R1Field.Negate(array12, array12);
Nat128.Mul(array8, array12, array);
uint x = Nat128.AddBothTo(array13, array13, array12);
SecP128R1Field.Reduce32(x, array12);
SecP128R1FieldElement secP128R1FieldElement7 = new SecP128R1FieldElement(array4);
SecP128R1Field.Square(array10, secP128R1FieldElement7.x);
SecP128R1Field.Subtract(secP128R1FieldElement7.x, array12, secP128R1FieldElement7.x);
SecP128R1FieldElement secP128R1FieldElement8 = new SecP128R1FieldElement(array12);
SecP128R1Field.Subtract(array13, secP128R1FieldElement7.x, secP128R1FieldElement8.x);
SecP128R1Field.MultiplyAddToExt(secP128R1FieldElement8.x, array10, array);
SecP128R1Field.Reduce(array, secP128R1FieldElement8.x);
SecP128R1FieldElement secP128R1FieldElement9 = new SecP128R1FieldElement(array9);
if (!isOne)
{
SecP128R1Field.Multiply(secP128R1FieldElement9.x, secP128R1FieldElement5.x, secP128R1FieldElement9.x);
}
if (!isOne2)
{
SecP128R1Field.Multiply(secP128R1FieldElement9.x, secP128R1FieldElement6.x, secP128R1FieldElement9.x);
}
ECFieldElement[] zs = new ECFieldElement[1] {
secP128R1FieldElement9
};
return(new SecP128R1Point(curve, secP128R1FieldElement7, secP128R1FieldElement8, zs, base.IsCompressed));
}
public override ECPoint Twice()
{
if (base.IsInfinity)
{
return(this);
}
ECCurve curve = Curve;
SecP128R1FieldElement secP128R1FieldElement = (SecP128R1FieldElement)base.RawYCoord;
if (secP128R1FieldElement.IsZero)
{
return(curve.Infinity);
}
SecP128R1FieldElement secP128R1FieldElement2 = (SecP128R1FieldElement)base.RawXCoord;
SecP128R1FieldElement secP128R1FieldElement3 = (SecP128R1FieldElement)base.RawZCoords[0];
uint[] array = Nat128.Create();
uint[] array2 = Nat128.Create();
uint[] array3 = Nat128.Create();
SecP128R1Field.Square(secP128R1FieldElement.x, array3);
uint[] array4 = Nat128.Create();
SecP128R1Field.Square(array3, array4);
bool isOne = secP128R1FieldElement3.IsOne;
uint[] array5 = secP128R1FieldElement3.x;
if (!isOne)
{
array5 = array2;
SecP128R1Field.Square(secP128R1FieldElement3.x, array5);
}
SecP128R1Field.Subtract(secP128R1FieldElement2.x, array5, array);
uint[] array6 = array2;
SecP128R1Field.Add(secP128R1FieldElement2.x, array5, array6);
SecP128R1Field.Multiply(array6, array, array6);
uint x = Nat128.AddBothTo(array6, array6, array6);
SecP128R1Field.Reduce32(x, array6);
uint[] array7 = array3;
SecP128R1Field.Multiply(array3, secP128R1FieldElement2.x, array7);
x = Nat.ShiftUpBits(4, array7, 2, 0u);
SecP128R1Field.Reduce32(x, array7);
x = Nat.ShiftUpBits(4, array4, 3, 0u, array);
SecP128R1Field.Reduce32(x, array);
SecP128R1FieldElement secP128R1FieldElement4 = new SecP128R1FieldElement(array4);
SecP128R1Field.Square(array6, secP128R1FieldElement4.x);
SecP128R1Field.Subtract(secP128R1FieldElement4.x, array7, secP128R1FieldElement4.x);
SecP128R1Field.Subtract(secP128R1FieldElement4.x, array7, secP128R1FieldElement4.x);
SecP128R1FieldElement secP128R1FieldElement5 = new SecP128R1FieldElement(array7);
SecP128R1Field.Subtract(array7, secP128R1FieldElement4.x, secP128R1FieldElement5.x);
SecP128R1Field.Multiply(secP128R1FieldElement5.x, array6, secP128R1FieldElement5.x);
SecP128R1Field.Subtract(secP128R1FieldElement5.x, array, secP128R1FieldElement5.x);
SecP128R1FieldElement secP128R1FieldElement6 = new SecP128R1FieldElement(array6);
SecP128R1Field.Twice(secP128R1FieldElement.x, secP128R1FieldElement6.x);
if (!isOne)
{
SecP128R1Field.Multiply(secP128R1FieldElement6.x, secP128R1FieldElement3.x, secP128R1FieldElement6.x);
}
return(new SecP128R1Point(curve, secP128R1FieldElement4, secP128R1FieldElement5, new ECFieldElement[1] {
secP128R1FieldElement6
}, base.IsCompressed));
}
