예제 #1
0
void eb_hlv(eb_t r, const eb_t p) {
	fb_t l, t;

	fb_null(l);
	fb_null(t);

	TRY {
		fb_new(l);
		fb_new(t);

		/* Solve l^2 + l = u + a. */
		switch (eb_curve_opt_a()) {
			case RLC_ZERO:
				fb_copy(t, p->x);
				break;
			case RLC_ONE:
				fb_add_dig(t, p->x, (dig_t)1);
				break;
			case RLC_TINY:
				fb_add_dig(t, p->x, eb_curve_get_a()[0]);
				break;
			default:
				fb_add(t, p->x, eb_curve_get_a());
				break;
		}

		fb_slv(l, t);

		if (p->norm == 1) {
			/* Compute t = v + u * lambda. */
			fb_mul(t, l, p->x);
			fb_add(t, t, p->y);
		} else {
			/* Compute t = u * (u + lambda_P + lambda). */
			fb_add(t, l, p->y);
			fb_add(t, t, p->x);
			fb_mul(t, t, p->x);
		}

		/* If Tr(t) = 0 then lambda_P = lambda, u = sqrt(t + u). */
		if (fb_trc(t) == 0) {
			fb_copy(r->y, l);
			fb_add(t, t, p->x);
			fb_srt(r->x, t);
		} else {
			/* Else lambda_P = lambda + 1, u = sqrt(t). */
			fb_add_dig(r->y, l, 1);
			fb_srt(r->x, t);
		}
		fb_set_dig(r->z, 1);
		r->norm = 2;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(l);
		fb_free(t);
	}
}
예제 #2
0
void eb_rhs(fb_t rhs, const eb_t p) {
	fb_t t0, t1;

	fb_null(t0);
	fb_null(t1);

	TRY {
		fb_new(t0);
		fb_new(t1);

		/* t0 = x1^2. */
		fb_sqr(t0, p->x);
		/* t1 = x1^3. */
		fb_mul(t1, t0, p->x);

		/* t1 = x1^3 + a * x1^2 + b. */
		switch (eb_curve_opt_a()) {
			case OPT_ZERO:
				break;
			case OPT_ONE:
				fb_add(t1, t1, t0);
				break;
			case OPT_DIGIT:
				fb_mul_dig(t0, t0, eb_curve_get_a()[0]);
				fb_add(t1, t1, t0);
				break;
			default:
				fb_mul(t0, t0, eb_curve_get_a());
				fb_add(t1, t1, t0);
				break;
		}

		switch (eb_curve_opt_b()) {
			case OPT_ZERO:
				break;
			case OPT_ONE:
				fb_add_dig(t1, t1, 1);
				break;
			case OPT_DIGIT:
				fb_add_dig(t1, t1, eb_curve_get_b()[0]);
				break;
			default:
				fb_add(t1, t1, eb_curve_get_b());
				break;
		}

		fb_copy(rhs, t1);
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
	}
}
예제 #3
0
/**
 * Adds a point represented in affine coordinates to a point represented in
 * projective coordinates.
 *
 * @param r					- the result.
 * @param p					- the affine point.
 * @param q					- the projective point.
 */
static void eb_add_projc_ordin_mix(eb_t r, eb_t p, eb_t q) {
	fb_t t0, t1, t2, t3, t4, t5;

	fb_null(t0);
	fb_null(t1);
	fb_null(t2);
	fb_null(t3);
	fb_null(t4);
	fb_null(t5);

	TRY {
		fb_new(t0);
		fb_new(t1);
		fb_new(t2);
		fb_new(t3);
		fb_new(t4);
		fb_new(t5);

		if (!p->norm) {
			/* A = y1 + y2 * z1^2. */
			fb_sqr(t0, p->z);
			fb_mul(t0, t0, q->y);
			fb_add(t0, t0, p->y);
			/* B = x1 + x2 * z1. */
			fb_mul(t1, p->z, q->x);
			fb_add(t1, t1, p->x);
		} else {
			/* t0 = A = y1 + y2. */
			fb_add(t0, p->y, q->y);
			/* t1 = B = x1 + x2. */
			fb_add(t1, p->x, q->x);
		}

		if (fb_is_zero(t1)) {
			if (fb_is_zero(t0)) {
				/* If t0 = 0 and t1 = 0, p = q, should have doubled! */
				eb_dbl_projc(r, p);
			} else {
				/* If t0 = 0, r is infinity. */
				eb_set_infty(r);
			}
		} else {
			if (!p->norm) {
				/* t2 = C = B * z1. */
				fb_mul(t2, p->z, t1);
				/* z3 = C^2. */
				fb_sqr(r->z, t2);
				/* t1 = B^2. */
				fb_sqr(t1, t1);
				/* t1 = A + B^2. */
				fb_add(t1, t0, t1);
			} else {
				/* If z1 = 0, t2 = C = B. */
				fb_copy(t2, t1);
				/* z3 = B^2. */
				fb_sqr(r->z, t1);
				/* t1 = A + z3. */
				fb_add(t1, t0, r->z);
			}

			/* t3 = D = x2 * z3. */
			fb_mul(t3, r->z, q->x);

			/* t4 = (y2 + x2). */
			fb_add(t4, q->x, q->y);

			/* z3 = A^2. */
			fb_sqr(r->x, t0);

			/* t1 = A + B^2 + a2 * C. */
			switch (eb_curve_opt_a()) {
				case OPT_ZERO:
					break;
				case OPT_ONE:
					fb_add(t1, t1, t2);
					break;
				case OPT_DIGIT:
					/* t5 = a2 * C. */
					fb_mul_dig(t5, t2, eb_curve_get_a()[0]);
					fb_add(t1, t1, t5);
					break;
				default:
					/* t5 = a2 * C. */
					fb_mul(t5, eb_curve_get_a(), t2);
					fb_add(t1, t1, t5);
					break;
			}

			/* t1 = C * (A + B^2 + a2 * C). */
			fb_mul(t1, t1, t2);
			/* x3 = A^2 + C * (A + B^2 + a2 * C). */
			fb_add(r->x, r->x, t1);

			/* t3 = D + x3. */
			fb_add(t3, t3, r->x);
			/* t2 = A * B. */
			fb_mul(t2, t0, t2);
			/* y3 = (D + x3) * (A * B + z3). */
			fb_add(r->y, t2, r->z);
			fb_mul(r->y, r->y, t3);
			/* t0 = z3^2. */
			fb_sqr(t0, r->z);
			/* t0 = (y2 + x2) * z3^2. */
			fb_mul(t0, t0, t4);
			/* y3 = (D + x3) * (A * B + z3) + (y2 + x2) * z3^2. */
			fb_add(r->y, r->y, t0);
		}

		r->norm = 0;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
		fb_free(t2);
		fb_free(t3);
		fb_free(t4);
		fb_free(t5);
	}
}
예제 #4
0
파일: relic_eb_dbl.c 프로젝트: Gesine/relic 
/**
 * Doubles a point represented in affine coordinates on an ordinary binary
 * elliptic curve.
 *
 * @param[out] r				- the result.
 * @param[in] p					- the point to double.
 */
static void eb_dbl_basic_imp(eb_t r, const eb_t p) {
	fb_t t0, t1, t2;

	fb_null(t0);
	fb_null(t1);
	fb_null(t2);

	TRY {
		fb_new(t0);
		fb_new(t1);
		fb_new(t2);

		/* t0 = 1/x1. */
		fb_inv(t0, p->x);
		/* t0 = y1/x1. */
		fb_mul(t0, t0, p->y);
		/* t0 = lambda = x1 + y1/x1. */
		fb_add(t0, t0, p->x);
		/* t1 = lambda^2. */
		fb_sqr(t1, t0);
		/* t2 = lambda^2 + lambda. */
		fb_add(t2, t1, t0);

		/* t2 = lambda^2 + lambda + a2. */
		switch (eb_curve_opt_a()) {
			case OPT_ZERO:
				break;
			case OPT_ONE:
				fb_add_dig(t2, t2, (dig_t)1);
				break;
			case OPT_DIGIT:
				fb_add_dig(t2, t2, eb_curve_get_a()[0]);
				break;
			default:
				fb_add(t2, t2, eb_curve_get_a());
				break;
		}

		/* t1 = x1 + x3. */
		fb_add(t1, t2, p->x);

		/* t1 = lambda * (x1 + x3). */
		fb_mul(t1, t0, t1);

		fb_copy(r->x, t2);
		/* y3 = lambda * (x1 + x3) + x3 + y1. */
		fb_add(t1, t1, r->x);
		fb_add(r->y, t1, p->y);

		fb_copy(r->z, p->z);

		r->norm = 1;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
		fb_free(t2);
	}
}
예제 #5
0
파일: relic_eb_dbl.c 프로젝트: Gesine/relic 
/**
 * Doubles a point represented in projective coordinates on an ordinary binary
 * elliptic curve.
 *
 * @param[out] r				- the result.
 * @param[in] p					- the point to double.
 */
static void eb_dbl_projc_imp(eb_t r, const eb_t p) {
	fb_t t0, t1;

	fb_null(t0);
	fb_null(t1);

	TRY {
		fb_new(t0);
		fb_new(t1);

		/* t0 = B = x1^2. */
		fb_sqr(t0, p->x);
		/* C = B + y1. */
		fb_add(r->y, t0, p->y);

		if (!p->norm) {
			/* A = x1 * z1. */
			fb_mul(t1, p->x, p->z);
			/* z3 = A^2. */
			fb_sqr(r->z, t1);
		} else {
			/* if z1 = 1, A = x1. */
			fb_copy(t1, p->x);
			/* if z1 = 1, z3 = x1^2. */
			fb_copy(r->z, t0);
		}

		/* t1 = D = A * C. */
		fb_mul(t1, t1, r->y);

		/* C^2 + D. */
		fb_sqr(r->y, r->y);
		fb_add(r->x, t1, r->y);

		/* C^2 + D + a2 * z3. */
		switch (eb_curve_opt_a()) {
			case OPT_ZERO:
				break;
			case OPT_ONE:
				fb_add(r->x, r->z, r->x);
				break;
			case OPT_DIGIT:
				fb_mul_dig(r->y, r->z, eb_curve_get_a()[0]);
				fb_add(r->x, r->y, r->x);
				break;
			default:
				fb_mul(r->y, r->z, eb_curve_get_a());
				fb_add(r->x, r->y, r->x);
				break;
		}

		/* t1 = (D + z3). */
		fb_add(t1, t1, r->z);
		/* t0 = B^2. */
		fb_sqr(t0, t0);
		/* t0 = B^2 * z3. */
		fb_mul(t0, t0, r->z);
		/* y3 = (D + z3) * r3 + B^2 * z3. */
		fb_mul(r->y, t1, r->x);
		fb_add(r->y, r->y, t0);

		r->norm = 0;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
	}
}
예제 #6
0
파일: relic_eb_add.c 프로젝트: Gesine/relic 
/**
 * Adds two points represented in affine coordinates on an ordinary binary
 * elliptic curve.
 *
 * @param[out] r				- the result.
 * @param[in] p					- the first point to add.
 * @param[in] q					- the second point to add.
 */
static void eb_add_basic_imp(eb_t r, const eb_t p, const eb_t q) {
	fb_t t0, t1, t2;

	fb_null(t0);
	fb_null(t1);
	fb_null(t2);

	TRY {
		fb_new(t0);
		fb_new(t1);
		fb_new(t2);

		/* t0 = (y1 + y2). */
		fb_add(t0, p->y, q->y);
		/* t1 = (x1 + x2). */
		fb_add(t1, p->x, q->x);

		if (fb_is_zero(t1)) {
			if (fb_is_zero(t0)) {
				/* If t1 is zero and t0 is zero, p = q, should have doubled. */
				eb_dbl_basic(r, p);
			} else {
				/* If t0 is not zero and t1 is zero, q = -p and r = infinity. */
				eb_set_infty(r);
			}
		} else {
			/* t2 = 1/(x1 + x2). */
			fb_inv(t2, t1);
			/* t0 = lambda = (y1 + y2)/(x1 + x2). */
			fb_mul(t0, t0, t2);
			/* t2 = lambda^2. */
			fb_sqr(t2, t0);

			/* t2 = lambda^2 + lambda + x1 + x2 + a. */
			fb_add(t2, t2, t0);
			fb_add(t2, t2, t1);

			switch (eb_curve_opt_a()) {
				case OPT_ZERO:
					break;
				case OPT_ONE:
					fb_add_dig(t2, t2, (dig_t)1);
					break;
				case OPT_DIGIT:
					fb_add_dig(t2, t2, eb_curve_get_a()[0]);
					break;
				default:
					fb_add(t2, t2, eb_curve_get_a());
					break;
			}

			/* y3 = lambda*(x3 + x1) + x3 + y1. */
			fb_add(t1, t2, p->x);
			fb_mul(t1, t1, t0);
			fb_add(t1, t1, t2);
			fb_add(r->y, p->y, t1);

			/* x3 = lambda^2 + lambda + x1 + x2 + a. */
			fb_copy(r->x, t2);
			fb_copy(r->z, p->z);

			r->norm = 1;
		}
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
		fb_free(t2);
	}
}
예제 #7
0
파일: relic_eb_add.c 프로젝트: Gesine/relic 
/**
 * Adds a point represented in affine coordinates to a point represented in
 * projective coordinates.
 *
 * @param[out] r				- the result.
 * @param[in] p					- the affine point.
 * @param[in] q					- the projective point.
 */
static void eb_add_projc_mix(eb_t r, const eb_t p, const eb_t q) {
	fb_t t0, t1, t2, t3, t4, t5;

	fb_null(t0);
	fb_null(t1);
	fb_null(t2);
	fb_null(t3);
	fb_null(t4);
	fb_null(t5);

	TRY {
		fb_new(t0);
		fb_new(t1);
		fb_new(t2);
		fb_new(t3);
		fb_new(t4);
		fb_new(t5);

		/* madd-2005-dl formulas: 7M + 4S + 9add + 1*4 + 3*2. */
		/* http://www.hyperelliptic.org/EFD/g12o/auto-shortw-lopezdahab-1.html#addition-madd-2005-dl */

		if (!p->norm) {
			/* A = y1 + y2 * z1^2. */
			fb_sqr(t0, p->z);
			fb_mul(t0, t0, q->y);
			fb_add(t0, t0, p->y);
			/* B = x1 + x2 * z1. */
			fb_mul(t1, p->z, q->x);
			fb_add(t1, t1, p->x);
		} else {
			/* t0 = A = y1 + y2. */
			fb_add(t0, p->y, q->y);
			/* t1 = B = x1 + x2. */
			fb_add(t1, p->x, q->x);
		}

		if (fb_is_zero(t1)) {
			if (fb_is_zero(t0)) {
				/* If t0 = 0 and t1 = 0, p = q, should have doubled! */
				eb_dbl_projc(r, p);
			} else {
				/* If t0 = 0, r is infinity. */
				eb_set_infty(r);
			}
		} else {
			if (!p->norm) {
				/* t2 = C = B * z1. */
				fb_mul(t2, p->z, t1);
				/* z3 = C^2. */
				fb_sqr(r->z, t2);
				/* t1 = B^2. */
				fb_sqr(t1, t1);
				/* t1 = A + B^2. */
				fb_add(t1, t0, t1);
			} else {
				/* If z1 = 0, t2 = C = B. */
				fb_copy(t2, t1);
				/* z3 = B^2. */
				fb_sqr(r->z, t1);
				/* t1 = A + z3. */
				fb_add(t1, t0, r->z);
			}

			/* t3 = D = x2 * z3. */
			fb_mul(t3, r->z, q->x);

			/* t4 = (y2 + x2). */
			fb_add(t4, q->x, q->y);

			/* z3 = A^2. */
			fb_sqr(r->x, t0);

			/* t1 = A + B^2 + a2 * C. */
			switch (eb_curve_opt_a()) {
				case OPT_ZERO:
					break;
				case OPT_ONE:
					fb_add(t1, t1, t2);
					break;
				case OPT_DIGIT:
					/* t5 = a2 * C. */
					fb_mul_dig(t5, t2, eb_curve_get_a()[0]);
					fb_add(t1, t1, t5);
					break;
				default:
					/* t5 = a2 * C. */
					fb_mul(t5, eb_curve_get_a(), t2);
					fb_add(t1, t1, t5);
					break;
			}

			/* t1 = C * (A + B^2 + a2 * C). */
			fb_mul(t1, t1, t2);
			/* x3 = A^2 + C * (A + B^2 + a2 * C). */
			fb_add(r->x, r->x, t1);

			/* t3 = D + x3. */
			fb_add(t3, t3, r->x);
			/* t2 = A * B. */
			fb_mul(t2, t0, t2);
			/* y3 = (D + x3) * (A * B + z3). */
			fb_add(r->y, t2, r->z);
			fb_mul(r->y, r->y, t3);
			/* t0 = z3^2. */
			fb_sqr(t0, r->z);
			/* t0 = (y2 + x2) * z3^2. */
			fb_mul(t0, t0, t4);
			/* y3 = (D + x3) * (A * B + z3) + (y2 + x2) * z3^2. */
			fb_add(r->y, r->y, t0);
		}

		r->norm = 0;
	}
	CATCH_ANY {
		THROW(ERR_CAUGHT);
	}
	FINALLY {
		fb_free(t0);
		fb_free(t1);
		fb_free(t2);
		fb_free(t3);
		fb_free(t4);
		fb_free(t5);
	}
}