void eb_pck(eb_t r, const eb_t p) {
if (eb_curve_is_super()) {
/* z3 = y1/c. */
fb_inv(r->z, eb_curve_get_c());
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/c). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
} else {
/* z3 = y1/x1. */
fb_inv(r->z, p->x);
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/x1). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
int eb_upk(eb_t r, const eb_t p) {
fb_t t0, t1;
int res = 0;
fb_null(t0);
fb_null(t1);
TRY {
fb_new(t0);
fb_new(t1);
eb_rhs(t1, p);
if (eb_curve_is_super()) {
/* t0 = c^2. */
fb_sqr(t0, eb_curve_get_c());
/* t0 = 1/c^2. */
fb_inv(t0, t0);
/* t0 = t1/c^2. */
fb_mul(t0, t0, t1);
res = (fb_trc(t0) == 0);
/* Solve t1^2 + t1 = t0. */
fb_slv(t1, t0);
/* If this is not the correct solution, try the other. */
if (fb_get_bit(t1, 0) != fb_get_bit(p->y, 0)) {
fb_add_dig(t1, t1, 1);
}
/* x3 = x1, y3 = t1 * c, z3 = 1. */
fb_mul(r->y, t1, eb_curve_get_c());
} else {
fb_sqr(t0, p->x);
/* t0 = 1/x1^2. */
fb_inv(t0, t0);
/* t0 = t1/x1^2. */
fb_mul(t0, t0, t1);
res = (fb_trc(t0) == 0);
/* Solve t1^2 + t1 = t0. */
fb_slv(t1, t0);
/* If this is not the correct solution, try the other. */
if (fb_get_bit(t1, 0) != fb_get_bit(p->y, 0)) {
fb_add_dig(t1, t1, 1);
}
/* x3 = x1, y3 = t1 * x1, z3 = 1. */
fb_mul(r->y, t1, p->x);
}
fb_copy(r->x, p->x);
fb_set_dig(r->z, 1);
r->norm = 1;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
}
return res;
}
void fb2_inv(fb2_t c, fb2_t a) {
fb_t a0, a1, m0, m1;
fb_null(a0);
fb_null(a1);
fb_null(m0);
fb_null(m1);
TRY {
fb_new(a0);
fb_new(a1);
fb_new(m0);
fb_new(m1);
fb_add(a0, a[0], a[1]);
fb_sqr(m0, a[0]);
fb_mul(m1, a0, a[1]);
fb_add(a1, m0, m1);
fb_inv(a1, a1);
fb_mul(c[0], a0, a1);
fb_mul(c[1], a[1], a1);
} CATCH_ANY {
THROW(ERR_CAUGHT);
} FINALLY {
fb_free(a0);
fb_free(a1);
fb_free(m0);
fb_free(m1);
}
}
void eb_pck(eb_t r, const eb_t p) {
/* z3 = y1/x1. */
fb_inv(r->z, p->x);
fb_mul(r->z, r->z, p->y);
/* x3 = x1. */
fb_copy(r->x, p->x);
/* y3 = b(y1/x1). */
fb_set_dig(r->y, fb_get_bit(r->z, 0));
/* z3 = 1. */
fb_set_dig(r->z, 1);
r->norm = 1;
}
/**
* Normalizes a point represented in projective coordinates.
*
* @param r - the result.
* @param p - the point to normalize.
*/
static void eb_norm_super(eb_t r, const eb_t p, int flag) {
if (!p->norm) {
if (flag) {
fb_copy(r->z, p->z);
} else {
fb_inv(r->z, p->z);
}
fb_mul(r->x, p->x, r->z);
fb_mul(r->y, p->y, r->z);
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
/**
* Normalizes a point represented in projective coordinates.
*
* @param[out] r - the result.
* @param[in] p - the point to normalize.
* @param[in] flag - if the Z coordinate is already inverted.
*/
static void eb_norm_ordin(eb_t r, eb_t p, int flag) {
if (!p->norm) {
if (flag) {
fb_copy(r->z, p->z);
} else {
fb_inv(r->z, p->z);
}
fb_mul(r->x, p->x, r->z);
fb_sqr(r->z, r->z);
fb_mul(r->y, p->y, r->z);
fb_set_dig(r->z, 1);
}
r->norm = 1;
}
void fb_inv_sim(fb_t *c, fb_t *a, int n) {
int i;
fb_t u, t[n];
for (i = 0; i < n; i++) {
fb_null(t[i]);
}
fb_null(u);
TRY {
for (i = 0; i < n; i++) {
fb_new(t[i]);
}
fb_new(u);
fb_copy(c[0], a[0]);
fb_copy(t[0], a[0]);
for (i = 1; i < n; i++) {
fb_copy(t[i], a[i]);
fb_mul(c[i], c[i - 1], a[i]);
}
fb_inv(u, c[n - 1]);
for (i = n - 1; i > 0; i--) {
fb_mul(c[i], u, c[i - 1]);
fb_mul(u, u, t[i]);
}
fb_copy(c[0], u);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
for (i = 0; i < n; i++) {
fb_free(t[i]);
}
fb_free(u);
}
}
/**
* Doubles a point represented in affine coordinates on an ordinary binary
* elliptic curve.
*
* @param[out] r - the result.
* @param[in] p - the point to double.
*/
static void eb_dbl_basic_imp(eb_t r, const eb_t p) {
fb_t t0, t1, t2;
fb_null(t0);
fb_null(t1);
fb_null(t2);
TRY {
fb_new(t0);
fb_new(t1);
fb_new(t2);
/* t0 = 1/x1. */
fb_inv(t0, p->x);
/* t0 = y1/x1. */
fb_mul(t0, t0, p->y);
/* t0 = lambda = x1 + y1/x1. */
fb_add(t0, t0, p->x);
/* t1 = lambda^2. */
fb_sqr(t1, t0);
/* t2 = lambda^2 + lambda. */
fb_add(t2, t1, t0);
/* t2 = lambda^2 + lambda + a2. */
switch (eb_curve_opt_a()) {
case OPT_ZERO:
break;
case OPT_ONE:
fb_add_dig(t2, t2, (dig_t)1);
break;
case OPT_DIGIT:
fb_add_dig(t2, t2, eb_curve_get_a()[0]);
break;
default:
fb_add(t2, t2, eb_curve_get_a());
break;
}
/* t1 = x1 + x3. */
fb_add(t1, t2, p->x);
/* t1 = lambda * (x1 + x3). */
fb_mul(t1, t0, t1);
fb_copy(r->x, t2);
/* y3 = lambda * (x1 + x3) + x3 + y1. */
fb_add(t1, t1, r->x);
fb_add(r->y, t1, p->y);
fb_copy(r->z, p->z);
r->norm = 1;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
fb_free(t2);
}
}
/**
* Adds two points represented in affine coordinates on an ordinary binary
* elliptic curve.
*
* @param[out] r - the result.
* @param[in] p - the first point to add.
* @param[in] q - the second point to add.
*/
static void eb_add_basic_imp(eb_t r, const eb_t p, const eb_t q) {
fb_t t0, t1, t2;
fb_null(t0);
fb_null(t1);
fb_null(t2);
TRY {
fb_new(t0);
fb_new(t1);
fb_new(t2);
/* t0 = (y1 + y2). */
fb_add(t0, p->y, q->y);
/* t1 = (x1 + x2). */
fb_add(t1, p->x, q->x);
if (fb_is_zero(t1)) {
if (fb_is_zero(t0)) {
/* If t1 is zero and t0 is zero, p = q, should have doubled. */
eb_dbl_basic(r, p);
} else {
/* If t0 is not zero and t1 is zero, q = -p and r = infinity. */
eb_set_infty(r);
}
} else {
/* t2 = 1/(x1 + x2). */
fb_inv(t2, t1);
/* t0 = lambda = (y1 + y2)/(x1 + x2). */
fb_mul(t0, t0, t2);
/* t2 = lambda^2. */
fb_sqr(t2, t0);
/* t2 = lambda^2 + lambda + x1 + x2 + a. */
fb_add(t2, t2, t0);
fb_add(t2, t2, t1);
switch (eb_curve_opt_a()) {
case OPT_ZERO:
break;
case OPT_ONE:
fb_add_dig(t2, t2, (dig_t)1);
break;
case OPT_DIGIT:
fb_add_dig(t2, t2, eb_curve_get_a()[0]);
break;
default:
fb_add(t2, t2, eb_curve_get_a());
break;
}
/* y3 = lambda*(x3 + x1) + x3 + y1. */
fb_add(t1, t2, p->x);
fb_mul(t1, t1, t0);
fb_add(t1, t1, t2);
fb_add(r->y, p->y, t1);
/* x3 = lambda^2 + lambda + x1 + x2 + a. */
fb_copy(r->x, t2);
fb_copy(r->z, p->z);
r->norm = 1;
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t0);
fb_free(t1);
fb_free(t2);
}
}
