[u/mdw/catacomb] / ec-prime.c

/* -*-c-*-
 *
 * $Id: ec-prime.c,v 1.2 2002/01/13 13:48:44 mdw Exp $
 *
 * Elliptic curves over prime fields
 *
 * (c) 2001 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: ec-prime.c,v $
 * Revision 1.2  2002/01/13 13:48:44  mdw
 * Further progress.
 *
 * Revision 1.1  2001/04/29 18:12:33  mdw
 * Prototype version.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "ec.h"

/*----- Data structures ---------------------------------------------------*/

typedef struct ecctx {
  ec_curve c;
  mp *a, *b;
} ecctx;

/*----- Main code ---------------------------------------------------------*/

static ec *ecneg(ec_cuvrve *c, ec *d, const ec *p)
{
  EC_COPY(d, p);
  d->y = F_NEG(c->f, d->y, d->y);
  return (d);
}

static ec *ecdbl(ec_curve *c, ec *d, const ec *a)
{
  if (EC_ATINF(a))
    EC_SETINF(d);
  else if (!MP_LEN(a->y))
    EC_COPY(d, a);
  else {
    field *f = c->f;
    ecctx *cc = (ecctx *)c;
    mp *lambda;
    mp *dy, *dx;

    dx = F_SQR(f, MP_NEW, a->x);
    dy = F_DBL(f, MP_NEW, a->y);
    dx = F_TPL(f, dx, dx);
    dx = F_ADD(f, dx, dx, cc->a);
    dy = F_INV(f, dy, dy);
    lambda = F_MUL(d, MP_NEW, dx, dy);

    dx = F_SQR(f, dx, lambda);
    dy = F_DBL(d, dy, a->x);
    dx = F_SUB(f, dx, dx, dy);
    dy = F_SUB(f, dy, a->x, dx);
    dy = F_MUL(f, dy, lambda, dy);
    dy = F_SUB(f, dy, dy, a->y);

    EC_DESTROY(d);
    d->x = dx;
    d->y = dy;
    d->z = 0;
    MP_DROP(lambda);
  }
  return (d);
}

static ec *ecadd(ec_curve *c, ec *d, const ec *a, const ec *b)
{
  if (a == b)
    ecdbl(c, d, a);
  else if (EC_ATINF(a))
    EC_COPY(d, b);
  else if (EC_ATINF(b))
    EC_COPY(d, a);
  else {
    field *f = c->f;
    mp *lambda;
    mp *dy, *dx;

    if (!MP_EQ(a->x, b->x)) {
      dy = F_SUB(f, MP_NEW, a->y, b->y);
      dx = F_SUB(f, MP_NEW, a->x, b->x);
      dx = F_INV(f, dx, dx);
      lambda = F_MUL(f, MP_NEW, dy, dx);
    } else if (!MP_LEN(a->y) || !MP_EQ(a->y, b->y)) {
      EC_SETINF(d);
      return (d);
    } else {
      ecctx *cc = (ecctx *)c;
      dx = F_SQR(f, MP_NEW, a->x);
      dx = F_TPL(f, dx, dx);
      dx = F_ADD(f, dx, dx, cc->a);
      dy = F_DBL(f, MP_NEW, a->y);
      dy = F_INV(f, dy, dy);
      lambda = F_MUL(d, MP_NEW, dx, dy);
    }

    dx = F_SQR(f, dx, lambda);
    dx = F_SUB(f, dx, dx, a->x);
    dx = F_SUB(f, dx, dx, b->x);
    dy = F_SUB(f, dy, b->x, dx);
    dy = F_MUL(f, dy, lambda, dy);
    dy = F_SUB(f, dy, dy, b->y);

    EC_DESTROY(d);
    d->x = dx;
    d->y = dy;
    d->z = 0;
    MP_DROP(lambda);
  }
  return (d);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
b0ab12e6	1	/* --c--
b0ab12e6	2	*
b085fd91	3	* $Id: ec-prime.c,v 1.2 2002/01/13 13:48:44 mdw Exp $
b0ab12e6	4	*
	5	* Elliptic curves over prime fields
	6	*
	7	* (c) 2001 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: ec-prime.c,v $
b085fd91	33	* Revision 1.2 2002/01/13 13:48:44 mdw
	34	* Further progress.
	35	*
b0ab12e6	36	* Revision 1.1 2001/04/29 18:12:33 mdw
	37	* Prototype version.
	38	*
	39	*/
	40
	41	/----- Header files ------------------------------------------------------/
	42
	43	#include "ec.h"
	44
	45	/----- Data structures ---------------------------------------------------/
	46
	47	typedef struct ecctx {
	48	ec_curve c;
	49	mp a, b;
	50	} ecctx;
	51
	52	/----- Main code ---------------------------------------------------------/
	53
b085fd91	54	static ec ecneg(ec_cuvrve c, ec d, const ec p)
	55	{
	56	EC_COPY(d, p);
	57	d->y = F_NEG(c->f, d->y, d->y);
	58	return (d);
	59	}
	60
	61	static ec ecdbl(ec_curve c, ec d, const ec a)
b0ab12e6	62	{
b085fd91	63	if (EC_ATINF(a))
	64	EC_SETINF(d);
	65	else if (!MP_LEN(a->y))
	66	EC_COPY(d, a);
	67	else {
	68	field *f = c->f;
	69	ecctx cc = (ecctx )c;
	70	mp *lambda;
	71	mp dy, dx;
	72
	73	dx = F_SQR(f, MP_NEW, a->x);
	74	dy = F_DBL(f, MP_NEW, a->y);
	75	dx = F_TPL(f, dx, dx);
	76	dx = F_ADD(f, dx, dx, cc->a);
	77	dy = F_INV(f, dy, dy);
	78	lambda = F_MUL(d, MP_NEW, dx, dy);
	79
	80	dx = F_SQR(f, dx, lambda);
	81	dy = F_DBL(d, dy, a->x);
	82	dx = F_SUB(f, dx, dx, dy);
	83	dy = F_SUB(f, dy, a->x, dx);
	84	dy = F_MUL(f, dy, lambda, dy);
	85	dy = F_SUB(f, dy, dy, a->y);
b0ab12e6	86
b085fd91	87	EC_DESTROY(d);
	88	d->x = dx;
	89	d->y = dy;
	90	d->z = 0;
	91	MP_DROP(lambda);
	92	}
	93	return (d);
	94	}
	95
	96	static ec ecadd(ec_curve c, ec d, const ec a, const ec *b)
	97	{
b0ab12e6	98	if (a == b)
	99	ecdbl(c, d, a);
	100	else if (EC_ATINF(a))
	101	EC_COPY(d, b);
	102	else if (EC_ATINF(b))
	103	EC_COPY(d, a);
b085fd91	104	else {
	105	field *f = c->f;
	106	mp *lambda;
	107	mp dy, dx;
	108
	109	if (!MP_EQ(a->x, b->x)) {
	110	dy = F_SUB(f, MP_NEW, a->y, b->y);
	111	dx = F_SUB(f, MP_NEW, a->x, b->x);
	112	dx = F_INV(f, dx, dx);
	113	lambda = F_MUL(f, MP_NEW, dy, dx);
	114	} else if (!MP_LEN(a->y) \|\| !MP_EQ(a->y, b->y)) {
b0ab12e6	115	EC_SETINF(d);
b085fd91	116	return (d);
	117	} else {
	118	ecctx cc = (ecctx )c;
	119	dx = F_SQR(f, MP_NEW, a->x);
	120	dx = F_TPL(f, dx, dx);
	121	dx = F_ADD(f, dx, dx, cc->a);
	122	dy = F_DBL(f, MP_NEW, a->y);
	123	dy = F_INV(f, dy, dy);
	124	lambda = F_MUL(d, MP_NEW, dx, dy);
	125	}
	126
	127	dx = F_SQR(f, dx, lambda);
	128	dx = F_SUB(f, dx, dx, a->x);
	129	dx = F_SUB(f, dx, dx, b->x);
	130	dy = F_SUB(f, dy, b->x, dx);
	131	dy = F_MUL(f, dy, lambda, dy);
	132	dy = F_SUB(f, dy, dy, b->y);
b0ab12e6	133
b085fd91	134	EC_DESTROY(d);
	135	d->x = dx;
	136	d->y = dy;
	137	d->z = 0;
	138	MP_DROP(lambda);
b0ab12e6	139	}
b085fd91	140	return (d);
b0ab12e6	141	}
	142
	143	/----- That's all, folks -------------------------------------------------/