void eb_norm_sim(eb_t *r, const eb_t *t, int n) {
int i;
fb_t a[n];
if (n == 1) {
eb_norm(r[0], t[0]);
return;
}
for (i = 0; i < n; i++) {
fb_null(a[i]);
}
TRY {
for (i = 0; i < n; i++) {
fb_new(a[i]);
if (!eb_is_infty(t[i])) {
fb_copy(a[i], t[i]->z);
} else {
fb_set_dig(a[i], 1);
}
}
fb_inv_sim(a, (const fb_t *)a, n);
for (i = 0; i < n; i++) {
fb_copy(r[i]->x, t[i]->x);
fb_copy(r[i]->y, t[i]->y);
if (!eb_is_infty(t[i])) {
fb_copy(r[i]->z, a[i]);
}
}
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
for (i = 0; i < n; i++) {
fb_free(a[i]);
}
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
for (i = 0; i < n; i++) {
eb_norm_super(r[i], r[i], 1);
}
}
#endif
#if defined(EB_ORDIN) || defined(EB_KBLTZ)
if (!eb_curve_is_super()) {
for (i = 0; i < n; i++) {
eb_norm_ordin(r[i], r[i], 1);
}
}
#endif
}
void eb_add_projc(eb_t r, const eb_t p, const eb_t q) {
if (eb_is_infty(p)) {
eb_copy(r, q);
return;
}
if (eb_is_infty(q)) {
eb_copy(r, p);
return;
}
eb_add_projc_imp(r, p, q);
}
void eb_add_projc(eb_t r, eb_t p, eb_t q) {
if (eb_is_infty(p)) {
eb_copy(r, q);
return;
}
if (eb_is_infty(q)) {
eb_copy(r, p);
return;
}
#if defined(EB_ORDIN) || defined(EB_KBLTZ)
eb_add_projc_ordin(r, p, q);
#endif
}
int eb_size_bin(const eb_t a, int pack) {
eb_t t;
int size = 0;
eb_null(t);
if (eb_is_infty(a)) {
return 1;
}
TRY {
eb_new(t);
eb_norm(t, a);
size = 1 + FB_BYTES;
if (!pack) {
size += FB_BYTES;
}
} CATCH_ANY {
THROW(ERR_CAUGHT);
} FINALLY {
eb_free(t);
}
return size;
}
int eb_is_valid(const eb_t p) {
eb_t t;
fb_t lhs;
int r = 0;
eb_null(t);
fb_null(lhs);
TRY {
eb_new(t);
fb_new(lhs);
eb_norm(t, p);
fb_mul(lhs, t->x, t->y);
eb_rhs(t->x, t);
fb_sqr(t->y, t->y);
fb_add(lhs, lhs, t->y);
r = (fb_cmp(lhs, t->x) == CMP_EQ) || eb_is_infty(p);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
eb_free(t);
fb_free(lhs);
}
return r;
}
void eb_norm(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (p->norm == 1) {
/* If the point is represented in affine coordinates, we just copy it. */
eb_copy(r, p);
return;
}
if (p->norm == 2) {
eb_norm_halve(r, p);
return;
}
#if EB_ADD == PROJC || !defined(STRIP)
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
eb_norm_super(r, p, 0);
return;
}
#endif /* EB_SUPER */
#if defined(EB_ORDIN) || defined(EB_KBLTZ)
eb_norm_ordin(r, p, 0);
#endif /* EB_ORDIN || EB_KBLTZ */
#endif /* EB_ADD == PROJC */
}
void eb_dbl_basic(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
eb_dbl_basic_imp(r, p);
}
void eb_mul_sim_gen(eb_t r, const bn_t k, const eb_t q, const bn_t m) {
eb_t g;
eb_null(g);
if (bn_is_zero(k)) {
eb_mul(r, q, m);
return;
}
if (bn_is_zero(m) || eb_is_infty(q)) {
eb_mul_gen(r, k);
return;
}
TRY {
eb_new(g);
eb_curve_get_gen(g);
#if defined(EB_KBLTZ)
#if EB_SIM == INTER && EB_FIX == LWNAF && defined(EB_PRECO)
if (eb_curve_is_kbltz()) {
eb_mul_sim_kbltz(r, g, k, q, m, eb_curve_get_tab());
}
#else
if (eb_curve_is_kbltz()) {
eb_mul_sim(r, g, k, q, m);
}
#endif
#endif
#if defined(EB_PLAIN)
#if EB_SIM == INTER && EB_FIX == LWNAF && defined(EB_PRECO)
if (!eb_curve_is_kbltz()) {
eb_mul_sim_plain(r, g, k, q, m, eb_curve_get_tab());
}
#else
if (!eb_curve_is_kbltz()) {
eb_mul_sim(r, g, k, q, m);
}
#endif
#endif
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
eb_free(g);
}
}
void eb_mul_sim_inter(eb_t r, const eb_t p, const bn_t k, const eb_t q,
const bn_t m) {
if (bn_is_zero(k) || eb_is_infty(p)) {
eb_mul(r, q, m);
return;
}
if (bn_is_zero(m) || eb_is_infty(q)) {
eb_mul(r, p, k);
return;
}
#if defined(EB_KBLTZ)
if (eb_curve_is_kbltz()) {
eb_mul_sim_kbltz(r, p, k, q, m, NULL);
return;
}
#endif
#if defined(EB_PLAIN)
eb_mul_sim_plain(r, p, k, q, m, NULL);
#endif
}
void eb_neg_basic(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
fb_add(r->y, p->x, p->y);
r->norm = 1;
}
void eb_write_bin(uint8_t *bin, int len, const eb_t a, int pack) {
eb_t t;
eb_null(t);
if (eb_is_infty(a)) {
if (len != 1) {
THROW(ERR_NO_BUFFER);
} else {
bin[0] = 0;
return;
}
}
TRY {
eb_new(t);
eb_norm(t, a);
if (pack) {
if (len != FB_BYTES + 1) {
THROW(ERR_NO_BUFFER);
} else {
eb_pck(t, t);
bin[0] = 2 | fb_get_bit(t->y, 0);
fb_write_bin(bin + 1, FB_BYTES, t->x);
}
} else {
if (len != 2 * FB_BYTES + 1) {
THROW(ERR_NO_BUFFER);
} else {
bin[0] = 4;
fb_write_bin(bin + 1, FB_BYTES, t->x);
fb_write_bin(bin + FB_BYTES + 1, FB_BYTES, t->y);
}
}
} CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
eb_free(t);
}
}
void eb_neg_projc(eb_t r, const eb_t p) {
fb_t t;
fb_null(t);
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (p->norm) {
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
fb_add(r->y, p->x, p->y);
r->norm = 1;
return;
}
TRY {
fb_new(t);
fb_mul(t, p->x, p->z);
fb_add(r->y, p->y, t);
if (r != p) {
fb_copy(r->z, p->z);
fb_copy(r->x, p->x);
}
r->norm = 0;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t);
}
}
void eb_neg_basic(eb_t r, const eb_t p) {
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
switch (eb_curve_opt_c()) {
case OPT_ZERO:
fb_copy(r->y, p->y);
break;
case OPT_ONE:
fb_add_dig(r->y, p->y, (dig_t)1);
break;
case OPT_DIGIT:
fb_add_dig(r->y, p->y, eb_curve_get_c()[0]);
break;
default:
fb_add(r->y, p->y, eb_curve_get_c());
break;
}
r->norm = 1;
return;
}
#endif
fb_add(r->y, p->x, p->y);
r->norm = 1;
}
void eb_mul_sim_joint(eb_t r, const eb_t p, const bn_t k, const eb_t q,
const bn_t m) {
eb_t t[5];
int i, u_i, len, offset;
int8_t jsf[2 * (RLC_FB_BITS + 1)];
if (bn_is_zero(k) || eb_is_infty(p)) {
eb_mul(r, q, m);
return;
}
if (bn_is_zero(m) || eb_is_infty(q)) {
eb_mul(r, p, k);
return;
}
TRY {
for (i = 0; i < 5; i++) {
eb_null(t[i]);
eb_new(t[i]);
}
eb_set_infty(t[0]);
eb_copy(t[1], q);
if (bn_sign(m) == RLC_NEG) {
eb_neg(t[1], t[1]);
}
eb_copy(t[2], p);
if (bn_sign(k) == RLC_NEG) {
eb_neg(t[2], t[2]);
}
eb_add(t[3], t[2], t[1]);
eb_sub(t[4], t[2], t[1]);
#if defined(EB_MIXED)
eb_norm_sim(t + 3, (const eb_t*)(t + 3), 2);
#endif
len = 2 * (RLC_FB_BITS + 1);
bn_rec_jsf(jsf, &len, k, m);
eb_set_infty(r);
offset = RLC_MAX(bn_bits(k), bn_bits(m)) + 1;
for (i = len - 1; i >= 0; i--) {
eb_dbl(r, r);
if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) {
u_i = jsf[i] * 2 + jsf[i + offset];
if (u_i < 0) {
eb_sub(r, r, t[4]);
} else {
eb_add(r, r, t[4]);
}
} else {
u_i = jsf[i] * 2 + jsf[i + offset];
if (u_i < 0) {
eb_sub(r, r, t[-u_i]);
} else {
eb_add(r, r, t[u_i]);
}
}
}
eb_norm(r, r);
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
for (i = 0; i < 5; i++) {
eb_free(t[i]);
}
}
}
void eb_mul_sim_trick(eb_t r, const eb_t p, const bn_t k, const eb_t q,
const bn_t m) {
eb_t t0[1 << (EB_WIDTH / 2)], t1[1 << (EB_WIDTH / 2)], t[1 << EB_WIDTH];
int l0, l1, w = EB_WIDTH / 2;
uint8_t *w0 = RLC_ALLOCA(uint8_t, RLC_CEIL(RLC_FB_BITS, w));
uint8_t *w1 = RLC_ALLOCA(uint8_t, RLC_CEIL(RLC_FB_BITS, w));
bn_t n;
bn_null(n);
if (bn_is_zero(k) || eb_is_infty(p)) {
eb_mul(r, q, m);
return;
}
if (bn_is_zero(m) || eb_is_infty(q)) {
eb_mul(r, p, k);
return;
}
TRY {
bn_new(n);
eb_curve_get_ord(n);
for (int i = 0; i < (1 << w); i++) {
eb_null(t0[i]);
eb_null(t1[i]);
eb_new(t0[i]);
eb_new(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_null(t[i]);
eb_new(t[i]);
}
eb_set_infty(t0[0]);
eb_copy(t0[1], p);
if (bn_sign(k) == RLC_NEG) {
eb_neg(t0[1], t0[1]);
}
for (int i = 2; i < (1 << w); i++) {
eb_add(t0[i], t0[i - 1], t0[1]);
}
eb_set_infty(t1[0]);
eb_copy(t1[1], q);
if (bn_sign(m) == RLC_NEG) {
eb_neg(t1[1], t1[1]);
}
for (int i = 2; i < (1 << w); i++) {
eb_add(t1[i], t1[i - 1], t1[1]);
}
for (int i = 0; i < (1 << w); i++) {
for (int j = 0; j < (1 << w); j++) {
eb_add(t[(i << w) + j], t0[i], t1[j]);
}
}
#if EB_WIDTH > 2 && defined(EB_MIXED)
eb_norm_sim(t + 1, (const eb_t *)(t + 1), (1 << EB_WIDTH) - 1);
#endif
l0 = l1 = RLC_CEIL(RLC_FB_BITS + 1, w);
bn_rec_win(w0, &l0, k, w);
bn_rec_win(w1, &l1, m, w);
for (int i = l0; i < l1; i++) {
w0[i] = 0;
}
for (int i = l1; i < l0; i++) {
w1[i] = 0;
}
eb_set_infty(r);
for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) {
for (int j = 0; j < w; j++) {
eb_dbl(r, r);
}
eb_add(r, r, t[(w0[i] << w) + w1[i]]);
}
eb_norm(r, r);
} CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
bn_free(n);
for (int i = 0; i < (1 << w); i++) {
eb_free(t0[i]);
eb_free(t1[i]);
}
for (int i = 0; i < (1 << EB_WIDTH); i++) {
eb_free(t[i]);
}
}
}
void eb_neg_projc(eb_t r, const eb_t p) {
fb_t t;
fb_null(t);
if (eb_is_infty(p)) {
eb_set_infty(r);
return;
}
if (p->norm) {
if (r != p) {
fb_copy(r->x, p->x);
fb_copy(r->z, p->z);
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
switch (eb_curve_opt_c()) {
case OPT_ZERO:
fb_copy(r->y, p->y);
break;
case OPT_ONE:
fb_add_dig(r->y, p->y, (dig_t)1);
break;
case OPT_DIGIT:
fb_add_dig(r->y, p->y, eb_curve_get_c()[0]);
break;
default:
fb_add(r->y, p->y, eb_curve_get_c());
break;
}
r->norm = 1;
return;
}
#endif
fb_add(r->y, p->x, p->y);
r->norm = 1;
return;
}
#if defined(EB_SUPER)
if (eb_curve_is_super()) {
fb_add(r->y, p->y, p->z);
fb_copy(r->z, p->z);
fb_copy(r->x, p->x);
r->norm = 0;
return;
}
#endif
TRY {
fb_new(t);
fb_mul(t, p->x, p->z);
fb_add(r->y, p->y, t);
if (r != p) {
fb_copy(r->z, p->z);
fb_copy(r->x, p->x);
}
r->norm = 0;
}
CATCH_ANY {
THROW(ERR_CAUGHT);
}
FINALLY {
fb_free(t);
}
}
