private static ECPoint ImplShamirsTrick(ECPoint P, BigInteger k,
ECPoint Q, BigInteger l)
{
int m = System.Math.Max(k.BitLength, l.BitLength);
ECPoint Z = P.Add(Q);
ECPoint R = P.Curve.Infinity;
for (int i = m - 1; i >= 0; --i)
{
R = R.Twice();
if (k.TestBit(i))
{
if (l.TestBit(i))
{
R = R.Add(Z);
}
else
{
R = R.Add(P);
}
}
else
{
if (l.TestBit(i))
{
R = R.Add(Q);
}
}
}
return R;
}
private static ECPoint ImplShamirsTrick(ECPoint p, IBigInteger k, ECPoint q, IBigInteger l)
{
var m = System.Math.Max(k.BitLength, l.BitLength);
var z = p.Add(q);
var r = p.Curve.Infinity;
for (var i = m - 1; i >= 0; --i)
{
r = r.Twice();
if (k.TestBit(i))
{
r = r.Add(l.TestBit(i) ? z : p);
}
else
{
if (l.TestBit(i))
{
r = r.Add(q);
}
}
}
return r;
}
/**
* Tests <code>ECPoint.add()</code> and <code>ECPoint.subtract()</code>
* for the given point and the given point at infinity.
*
* @param p
* The point on which the tests are performed.
* @param infinity
* The point at infinity on the same curve as <code>p</code>.
*/
private void ImplTestAddSubtract(ECPoint p, ECPoint infinity)
{
AssertPointsEqual("Twice and Add inconsistent", p.Twice(), p.Add(p));
AssertPointsEqual("Twice p - p is not p", p, p.Twice().Subtract(p));
AssertPointsEqual("TwicePlus(p, -p) is not p", p, p.TwicePlus(p.Negate()));
AssertPointsEqual("p - p is not infinity", infinity, p.Subtract(p));
AssertPointsEqual("p plus infinity is not p", p, p.Add(infinity));
AssertPointsEqual("infinity plus p is not p", p, infinity.Add(p));
AssertPointsEqual("infinity plus infinity is not infinity ", infinity, infinity.Add(infinity));
AssertPointsEqual("Twice infinity is not infinity ", infinity, infinity.Twice());
}
/**
* Tests <code>ECPoint.add()</code> against literature values.
*
* @param p
* The array of literature values.
* @param infinity
* The point at infinity on the respective curve.
*/
private void ImplTestAdd(ECPoint[] p, ECPoint infinity)
{
AssertPointsEqual("p0 plus p1 does not equal p2", p[2], p[0].Add(p[1]));
AssertPointsEqual("p1 plus p0 does not equal p2", p[2], p[1].Add(p[0]));
for (int i = 0; i < p.Length; i++)
{
AssertPointsEqual("Adding infinity failed", p[i], p[i].Add(infinity));
AssertPointsEqual("Adding to infinity failed", p[i], infinity.Add(p[i]));
}
}
internal static ECPoint ImplShamirsTrickJsf(ECPoint P, BigInteger k, ECPoint Q, BigInteger l)
{
ECCurve curve = P.Curve;
ECPoint infinity = curve.Infinity;
// TODO conjugate co-Z addition (ZADDC) can return both of these
ECPoint PaddQ = P.Add(Q);
ECPoint PsubQ = P.Subtract(Q);
ECPoint[] points = new ECPoint[] { Q, PsubQ, P, PaddQ };
curve.NormalizeAll(points);
ECPoint[] table = new ECPoint[] {
points[3].Negate(), points[2].Negate(), points[1].Negate(),
points[0].Negate(), infinity, points[0],
points[1], points[2], points[3] };
byte[] jsf = WNafUtilities.GenerateJsf(k, l);
ECPoint R = infinity;
int i = jsf.Length;
while (--i >= 0)
{
int jsfi = jsf[i];
// NOTE: The shifting ensures the sign is extended correctly
int kDigit = ((jsfi << 24) >> 28), lDigit = ((jsfi << 28) >> 28);
int index = 4 + (kDigit * 3) + lDigit;
R = R.TwicePlus(table[index]);
}
return R;
}
/**
* Tests <code>ECPoint.add()</code> and <code>ECPoint.subtract()</code>
* for the given point and the given point at infinity.
*
* @param p
* The point on which the tests are performed.
* @param infinity
* The point at infinity on the same curve as <code>p</code>.
*/
private void implTestAddSubtract(ECPoint p, ECPoint infinity)
{
Assert.AreEqual(p.Twice(), p.Add(p), "Twice and Add inconsistent");
Assert.AreEqual(p, p.Twice().Subtract(p), "Twice p - p is not p");
Assert.AreEqual(infinity, p.Subtract(p), "p - p is not infinity");
Assert.AreEqual(p, p.Add(infinity), "p plus infinity is not p");
Assert.AreEqual(p, infinity.Add(p), "infinity plus p is not p");
Assert.AreEqual(infinity, infinity.Add(infinity), "infinity plus infinity is not infinity ");
}
public override ECPoint Add(ECPoint b)
{
if (this.IsInfinity)
return b;
if (b.IsInfinity)
return this;
ECCurve curve = this.Curve;
int coord = curve.CoordinateSystem;
ECFieldElement X1 = this.RawXCoord;
ECFieldElement X2 = b.RawXCoord;
switch (coord)
{
case ECCurve.COORD_AFFINE:
{
ECFieldElement Y1 = this.RawYCoord;
ECFieldElement Y2 = b.RawYCoord;
ECFieldElement dx = X1.Add(X2), dy = Y1.Add(Y2);
if (dx.IsZero)
{
if (dy.IsZero)
{
return Twice();
}
return curve.Infinity;
}
ECFieldElement L = dy.Divide(dx);
ECFieldElement X3 = L.Square().Add(L).Add(dx).Add(curve.A);
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
return new F2mPoint(curve, X3, Y3, IsCompressed);
}
case ECCurve.COORD_HOMOGENEOUS:
{
ECFieldElement Y1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement Y2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U1 = Y2, V1 = X2;
if (!Z1IsOne)
{
U1 = U1.Multiply(Z1);
V1 = V1.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U2 = Y1, V2 = X1;
if (!Z2IsOne)
{
U2 = U2.Multiply(Z2);
V2 = V2.Multiply(Z2);
}
ECFieldElement U = U1.Add(U2);
ECFieldElement V = V1.Add(V2);
if (V.IsZero)
{
if (U.IsZero)
{
return Twice();
}
return curve.Infinity;
}
ECFieldElement VSq = V.Square();
ECFieldElement VCu = VSq.Multiply(V);
ECFieldElement W = Z1IsOne ? Z2 : Z2IsOne ? Z1 : Z1.Multiply(Z2);
ECFieldElement uv = U.Add(V);
ECFieldElement A = uv.MultiplyPlusProduct(U, VSq, curve.A).Multiply(W).Add(VCu);
ECFieldElement X3 = V.Multiply(A);
ECFieldElement VSqZ2 = Z2IsOne ? VSq : VSq.Multiply(Z2);
ECFieldElement Y3 = U.MultiplyPlusProduct(X1, V, Y1).MultiplyPlusProduct(VSqZ2, uv, A);
ECFieldElement Z3 = VCu.Multiply(W);
return new F2mPoint(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
}
case ECCurve.COORD_LAMBDA_PROJECTIVE:
{
if (X1.IsZero)
{
if (X2.IsZero)
return curve.Infinity;
return b.Add(this);
}
ECFieldElement L1 = this.RawYCoord, Z1 = this.RawZCoords[0];
ECFieldElement L2 = b.RawYCoord, Z2 = b.RawZCoords[0];
bool Z1IsOne = Z1.IsOne;
ECFieldElement U2 = X2, S2 = L2;
if (!Z1IsOne)
{
U2 = U2.Multiply(Z1);
S2 = S2.Multiply(Z1);
}
bool Z2IsOne = Z2.IsOne;
ECFieldElement U1 = X1, S1 = L1;
if (!Z2IsOne)
{
U1 = U1.Multiply(Z2);
S1 = S1.Multiply(Z2);
}
ECFieldElement A = S1.Add(S2);
ECFieldElement B = U1.Add(U2);
if (B.IsZero)
{
if (A.IsZero)
{
return Twice();
}
return curve.Infinity;
}
ECFieldElement X3, L3, Z3;
if (X2.IsZero)
{
// TODO This can probably be optimized quite a bit
ECPoint p = this.Normalize();
X1 = p.RawXCoord;
ECFieldElement Y1 = p.YCoord;
ECFieldElement Y2 = L2;
ECFieldElement L = Y1.Add(Y2).Divide(X1);
X3 = L.Square().Add(L).Add(X1).Add(curve.A);
if (X3.IsZero)
{
return new F2mPoint(curve, X3, curve.B.Sqrt(), IsCompressed);
}
ECFieldElement Y3 = L.Multiply(X1.Add(X3)).Add(X3).Add(Y1);
L3 = Y3.Divide(X3).Add(X3);
Z3 = curve.FromBigInteger(BigInteger.One);
}
else
{
B = B.Square();
ECFieldElement AU1 = A.Multiply(U1);
ECFieldElement AU2 = A.Multiply(U2);
X3 = AU1.Multiply(AU2);
if (X3.IsZero)
{
return new F2mPoint(curve, X3, curve.B.Sqrt(), IsCompressed);
}
ECFieldElement ABZ2 = A.Multiply(B);
if (!Z2IsOne)
{
ABZ2 = ABZ2.Multiply(Z2);
}
L3 = AU2.Add(B).SquarePlusProduct(ABZ2, L1.Add(Z1));
Z3 = ABZ2;
if (!Z1IsOne)
{
Z3 = Z3.Multiply(Z1);
}
}
return new F2mPoint(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
}
default:
{
throw new InvalidOperationException("unsupported coordinate system");
}
}
}
public override ECPoint Add(ECPoint b)
{
if (base.IsInfinity)
{
return(b);
}
if (b.IsInfinity)
{
return(this);
}
ECCurve curve = this.Curve;
int coordinateSystem = curve.CoordinateSystem;
ECFieldElement rawXCoord = base.RawXCoord;
ECFieldElement rawXCoord2 = b.RawXCoord;
int num = coordinateSystem;
switch (num)
{
case 0:
{
ECFieldElement rawYCoord = base.RawYCoord;
ECFieldElement rawYCoord2 = b.RawYCoord;
ECFieldElement eCFieldElement = rawXCoord.Add(rawXCoord2);
ECFieldElement eCFieldElement2 = rawYCoord.Add(rawYCoord2);
if (!eCFieldElement.IsZero)
{
ECFieldElement eCFieldElement3 = eCFieldElement2.Divide(eCFieldElement);
ECFieldElement eCFieldElement4 = eCFieldElement3.Square().Add(eCFieldElement3).Add(eCFieldElement).Add(curve.A);
ECFieldElement y = eCFieldElement3.Multiply(rawXCoord.Add(eCFieldElement4)).Add(eCFieldElement4).Add(rawYCoord);
return(new F2mPoint(curve, eCFieldElement4, y, base.IsCompressed));
}
if (eCFieldElement2.IsZero)
{
return(this.Twice());
}
return(curve.Infinity);
}
case 1:
{
ECFieldElement rawYCoord3 = base.RawYCoord;
ECFieldElement eCFieldElement5 = base.RawZCoords[0];
ECFieldElement rawYCoord4 = b.RawYCoord;
ECFieldElement eCFieldElement6 = b.RawZCoords[0];
bool isOne = eCFieldElement5.IsOne;
ECFieldElement eCFieldElement7 = rawYCoord4;
ECFieldElement eCFieldElement8 = rawXCoord2;
if (!isOne)
{
eCFieldElement7 = eCFieldElement7.Multiply(eCFieldElement5);
eCFieldElement8 = eCFieldElement8.Multiply(eCFieldElement5);
}
bool isOne2 = eCFieldElement6.IsOne;
ECFieldElement eCFieldElement9 = rawYCoord3;
ECFieldElement eCFieldElement10 = rawXCoord;
if (!isOne2)
{
eCFieldElement9 = eCFieldElement9.Multiply(eCFieldElement6);
eCFieldElement10 = eCFieldElement10.Multiply(eCFieldElement6);
}
ECFieldElement eCFieldElement11 = eCFieldElement7.Add(eCFieldElement9);
ECFieldElement eCFieldElement12 = eCFieldElement8.Add(eCFieldElement10);
if (!eCFieldElement12.IsZero)
{
ECFieldElement eCFieldElement13 = eCFieldElement12.Square();
ECFieldElement eCFieldElement14 = eCFieldElement13.Multiply(eCFieldElement12);
ECFieldElement b2 = isOne ? eCFieldElement6 : (isOne2 ? eCFieldElement5 : eCFieldElement5.Multiply(eCFieldElement6));
ECFieldElement eCFieldElement15 = eCFieldElement11.Add(eCFieldElement12);
ECFieldElement eCFieldElement16 = eCFieldElement15.MultiplyPlusProduct(eCFieldElement11, eCFieldElement13, curve.A).Multiply(b2).Add(eCFieldElement14);
ECFieldElement x = eCFieldElement12.Multiply(eCFieldElement16);
ECFieldElement b3 = isOne2 ? eCFieldElement13 : eCFieldElement13.Multiply(eCFieldElement6);
ECFieldElement y2 = eCFieldElement11.MultiplyPlusProduct(rawXCoord, eCFieldElement12, rawYCoord3).MultiplyPlusProduct(b3, eCFieldElement15, eCFieldElement16);
ECFieldElement eCFieldElement17 = eCFieldElement14.Multiply(b2);
return(new F2mPoint(curve, x, y2, new ECFieldElement[]
{
eCFieldElement17
}, base.IsCompressed));
}
if (eCFieldElement11.IsZero)
{
return(this.Twice());
}
return(curve.Infinity);
}
default:
if (num != 6)
{
throw new InvalidOperationException("unsupported coordinate system");
}
if (rawXCoord.IsZero)
{
if (rawXCoord2.IsZero)
{
return(curve.Infinity);
}
return(b.Add(this));
}
else
{
ECFieldElement rawYCoord5 = base.RawYCoord;
ECFieldElement eCFieldElement18 = base.RawZCoords[0];
ECFieldElement rawYCoord6 = b.RawYCoord;
ECFieldElement eCFieldElement19 = b.RawZCoords[0];
bool isOne3 = eCFieldElement18.IsOne;
ECFieldElement eCFieldElement20 = rawXCoord2;
ECFieldElement eCFieldElement21 = rawYCoord6;
if (!isOne3)
{
eCFieldElement20 = eCFieldElement20.Multiply(eCFieldElement18);
eCFieldElement21 = eCFieldElement21.Multiply(eCFieldElement18);
}
bool isOne4 = eCFieldElement19.IsOne;
ECFieldElement eCFieldElement22 = rawXCoord;
ECFieldElement eCFieldElement23 = rawYCoord5;
if (!isOne4)
{
eCFieldElement22 = eCFieldElement22.Multiply(eCFieldElement19);
eCFieldElement23 = eCFieldElement23.Multiply(eCFieldElement19);
}
ECFieldElement eCFieldElement24 = eCFieldElement23.Add(eCFieldElement21);
ECFieldElement eCFieldElement25 = eCFieldElement22.Add(eCFieldElement20);
if (!eCFieldElement25.IsZero)
{
ECFieldElement eCFieldElement27;
ECFieldElement y3;
ECFieldElement eCFieldElement29;
if (rawXCoord2.IsZero)
{
ECPoint eCPoint = this.Normalize();
rawXCoord = eCPoint.RawXCoord;
ECFieldElement yCoord = eCPoint.YCoord;
ECFieldElement b4 = rawYCoord6;
ECFieldElement eCFieldElement26 = yCoord.Add(b4).Divide(rawXCoord);
eCFieldElement27 = eCFieldElement26.Square().Add(eCFieldElement26).Add(rawXCoord).Add(curve.A);
if (eCFieldElement27.IsZero)
{
return(new F2mPoint(curve, eCFieldElement27, curve.B.Sqrt(), base.IsCompressed));
}
ECFieldElement eCFieldElement28 = eCFieldElement26.Multiply(rawXCoord.Add(eCFieldElement27)).Add(eCFieldElement27).Add(yCoord);
y3 = eCFieldElement28.Divide(eCFieldElement27).Add(eCFieldElement27);
eCFieldElement29 = curve.FromBigInteger(BigInteger.One);
}
else
{
eCFieldElement25 = eCFieldElement25.Square();
ECFieldElement eCFieldElement30 = eCFieldElement24.Multiply(eCFieldElement22);
ECFieldElement eCFieldElement31 = eCFieldElement24.Multiply(eCFieldElement20);
eCFieldElement27 = eCFieldElement30.Multiply(eCFieldElement31);
if (eCFieldElement27.IsZero)
{
return(new F2mPoint(curve, eCFieldElement27, curve.B.Sqrt(), base.IsCompressed));
}
ECFieldElement eCFieldElement32 = eCFieldElement24.Multiply(eCFieldElement25);
if (!isOne4)
{
eCFieldElement32 = eCFieldElement32.Multiply(eCFieldElement19);
}
y3 = eCFieldElement31.Add(eCFieldElement25).SquarePlusProduct(eCFieldElement32, rawYCoord5.Add(eCFieldElement18));
eCFieldElement29 = eCFieldElement32;
if (!isOne3)
{
eCFieldElement29 = eCFieldElement29.Multiply(eCFieldElement18);
}
}
return(new F2mPoint(curve, eCFieldElement27, y3, new ECFieldElement[]
{
eCFieldElement29
}, base.IsCompressed));
}
if (eCFieldElement24.IsZero)
{
return(this.Twice());
}
return(curve.Infinity);
}
break;
}
}