/* -*-c-*-
*
- * $Id: ec-prime.c,v 1.10 2004/04/03 03:32:05 mdw Exp $
+ * $Id$
*
* Elliptic curves over prime fields
*
* (c) 2001 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-prime.c,v $
- * Revision 1.10 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.7 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.6 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.5 2004/03/22 02:19:10 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.4 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.3.4.3 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.3.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.3.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.3 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.2 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
static ec *ecdbl(ec_curve *c, ec *d, const ec *a)
{
- if (EC_ATINF(a))
+ if (EC_ATINF(a) || F_ZEROP(c->f, a->y))
EC_SETINF(d);
- else if (F_ZEROP(c->f, a->y))
- EC_COPY(d, a);
else {
field *f = c->f;
mp *lambda;
static ec *ecprojdbl(ec_curve *c, ec *d, const ec *a)
{
- if (EC_ATINF(a))
+ if (EC_ATINF(a) || F_ZEROP(c->f, a->y))
EC_SETINF(d);
- else if (F_ZEROP(c->f, a->y))
- EC_COPY(d, a);
else {
field *f = c->f;
mp *p, *q, *m, *s, *dx, *dy, *dz;
static ec *ecprojxdbl(ec_curve *c, ec *d, const ec *a)
{
- if (EC_ATINF(a))
+ if (EC_ATINF(a) || F_ZEROP(c->f, a->y))
EC_SETINF(d);
- else if (F_ZEROP(c->f, a->y))
- EC_COPY(d, a);
else {
field *f = c->f;
mp *p, *q, *m, *s, *dx, *dy, *dz;
q = F_MUL(f, MP_NEW, p, u); /* %$t w^2$% */
u = F_MUL(f, u, p, w); /* %$w^3$% */
p = F_MUL(f, p, u, s); /* %$m w^3$% */
-
+
dx = F_SQR(f, u, r); /* %$r^2$% */
dx = F_SUB(f, dx, dx, q); /* %$x' = r^2 - t w^2$% */
{
ec t = EC_INIT;
int rc;
-
+
c->ops->fix(c, &t, p);
rc = eccheck(c, &t);
EC_DESTROY(&t);
}
static const ec_ops ec_primeops = {
+ "prime",
ecdestroy, ec_stdsamep, ec_idin, ec_idout, ec_idfix,
ecfind, ecneg, ecadd, ec_stdsub, ecdbl, eccheck
};
static const ec_ops ec_primeprojops = {
+ "primeproj",
ecdestroy, ec_stdsamep, ec_projin, ec_projout, ec_projfix,
ecfind, ecneg, ecprojadd, ec_stdsub, ecprojdbl, ecprojcheck
};
static const ec_ops ec_primeprojxops = {
+ "primeproj",
ecdestroy, ec_stdsamep, ec_projin, ec_projout, ec_projfix,
ecfind, ecneg, ecprojadd, ec_stdsub, ecprojxdbl, ecprojcheck
};
f = field_niceprime(p);
c = ec_primeproj(f, a, b);
-
+
g.x = MP(0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7);
g.y = MP(0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f);
- for (i = 0; i < n; i++) {
+ for (i = 0; i < n; i++) {
ec_mul(c, &d, &g, r);
if (EC_ATINF(&d)) {
fprintf(stderr, "zero too early\n");
projects / u / mdw / catacomb / blobdiff