< Summary

Information

Class:	Renci.SshNet.Security.Org.BouncyCastle.Math.EC.Abc.Tnaf
Assembly:	Renci.SshNet
File(s):	\home\appveyor\projects\ssh-net\src\Renci.SshNet\Security\BouncyCastle\math\ec\abc\Tnaf.cs

Line coverage

Covered lines:	0
Uncovered lines:	424
Coverable lines:	424
Total lines:	845
Line coverage:	0%

Branch coverage

Covered branches:	0
Total branches:	118
Branch coverage:	0%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Metrics

Method	Branch coverage	Cyclomatic complexity	Line coverage
.cctor()	100%	1	0%
Norm(...)	0%	4	0%
Norm(...)	0%	4	0%
Round(...)	0%	22	0%
ApproximateDivisionByN(...)	0%	2	0%
TauAdicNaf(...)	0%	16	0%
Tau(...)	100%	1	0%
GetMu(...)	0%	4	0%
GetMu(...)	0%	2	0%
GetMu(...)	0%	2	0%
GetLucas(...)	0%	10	0%
GetTw(...)	0%	4	0%
GetSi(...)	0%	4	0%
GetSi(...)	0%	2	0%
GetShiftsForCofactor(...)	0%	8	0%
PartModReduction(...)	0%	2	0%
MultiplyRTnaf(...)	100%	1	0%
MultiplyTnaf(...)	100%	1	0%
MultiplyFromTnaf(...)	0%	8	0%
TauAdicWNaf(...)	0%	20	0%
GetPreComp(...)	0%	4	0%

File(s)

\home\appveyor\projects\ssh-net\src\Renci.SshNet\Security\BouncyCastle\math\ec\abc\Tnaf.cs

#	Line	Line coverage
	`1`	`using System;`
	`2`
	`3`	`namespace Renci.SshNet.Security.Org.BouncyCastle.Math.EC.Abc`
	`4`	`{`
	`5`	`/**`
	`6`	`* Class holding methods for point multiplication based on the window`
	`7`	`* τ-adic nonadjacent form (WTNAF). The algorithms are based on the`
	`8`	`* paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"`
	`9`	`* by Jerome A. Solinas. The paper first appeared in the Proceedings of`
	`10`	`* Crypto 1997.`
	`11`	`*/`
	`12`	`internal class Tnaf`
	`13`	`{`
0	`14`	`private static readonly BigInteger MinusOne = BigInteger.One.Negate();`
0	`15`	`private static readonly BigInteger MinusTwo = BigInteger.Two.Negate();`
0	`16`	`private static readonly BigInteger MinusThree = BigInteger.Three.Negate();`
0	`17`	`private static readonly BigInteger Four = BigInteger.ValueOf(4);`
	`18`
	`19`	`/**`
	`20`	`* The window width of WTNAF. The standard value of 4 is slightly less`
	`21`	`* than optimal for running time, but keeps space requirements for`
	`22`	`* precomputation low. For typical curves, a value of 5 or 6 results in`
	`23`	`* a better running time. When changing this value, the`
	`24`	`* <code>α<sub>u</sub></code>'s must be computed differently, see`
	`25`	`* e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,`
	`26`	`* Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,`
	`27`	`* p. 121-122`
	`28`	`*/`
	`29`	`public const sbyte Width = 4;`
	`30`
	`31`	`/**`
	`32`	`* 2<sup>4</sup>`
	`33`	`*/`
	`34`	`public const sbyte Pow2Width = 16;`
	`35`
	`36`	`/**`
	`37`	`* The <code>α<sub>u</sub></code>'s for <code>a=0</code> as an array`
	`38`	`* of <code>ZTauElement</code>s.`
	`39`	`*/`
0	`40`	`public static readonly ZTauElement[] Alpha0 =`
0	`41`	`{`
0	`42`	`null,`
0	`43`	`new ZTauElement(BigInteger.One, BigInteger.Zero), null,`
0	`44`	`new ZTauElement(MinusThree, MinusOne), null,`
0	`45`	`new ZTauElement(MinusOne, MinusOne), null,`
0	`46`	`new ZTauElement(BigInteger.One, MinusOne), null`
0	`47`	`};`
	`48`
	`49`	`/**`
	`50`	`* The <code>α<sub>u</sub></code>'s for <code>a=0</code> as an array`
	`51`	`* of TNAFs.`
	`52`	`*/`
0	`53`	`public static readonly sbyte[][] Alpha0Tnaf =`
0	`54`	`{`
0	`55`	`null, new sbyte[]{1}, null, new sbyte[]{-1, 0, 1}, null, new sbyte[]{1, 0, 1}, null, new sbyte[]{-1, 0, 0, 1`
0	`56`	`};`
	`57`
	`58`	`/**`
	`59`	`* The <code>α<sub>u</sub></code>'s for <code>a=1</code> as an array`
	`60`	`* of <code>ZTauElement</code>s.`
	`61`	`*/`
0	`62`	`public static readonly ZTauElement[] Alpha1 =`
0	`63`	`{`
0	`64`	`null,`
0	`65`	`new ZTauElement(BigInteger.One, BigInteger.Zero), null,`
0	`66`	`new ZTauElement(MinusThree, BigInteger.One), null,`
0	`67`	`new ZTauElement(MinusOne, BigInteger.One), null,`
0	`68`	`new ZTauElement(BigInteger.One, BigInteger.One), null`
0	`69`	`};`
	`70`
	`71`	`/**`
	`72`	`* The <code>α<sub>u</sub></code>'s for <code>a=1</code> as an array`
	`73`	`* of TNAFs.`
	`74`	`*/`
0	`75`	`public static readonly sbyte[][] Alpha1Tnaf =`
0	`76`	`{`
0	`77`	`null, new sbyte[]{1}, null, new sbyte[]{-1, 0, 1}, null, new sbyte[]{1, 0, 1}, null, new sbyte[]{-1, 0, 0, -`
0	`78`	`};`
	`79`
	`80`	`/**`
	`81`	`* Computes the norm of an element <code>λ</code> of`
	`82`	`* <code><b>Z</b>[τ]</code>.`
	`83`	`* @param mu The parameter <code>μ</code> of the elliptic curve.`
	`84`	`* @param lambda The element <code>λ</code> of`
	`85`	`* <code><b>Z</b>[τ]</code>.`
	`86`	`* @return The norm of <code>λ</code>.`
	`87`	`*/`
	`88`	`public static BigInteger Norm(sbyte mu, ZTauElement lambda)`
0	`89`	`{`
	`90`	`BigInteger norm;`
	`91`
	`92`	`// s1 = u^2`
0	`93`	`BigInteger s1 = lambda.u.Multiply(lambda.u);`
	`94`
	`95`	`// s2 = u * v`
0	`96`	`BigInteger s2 = lambda.u.Multiply(lambda.v);`
	`97`
	`98`	`// s3 = 2 * v^2`
0	`99`	`BigInteger s3 = lambda.v.Multiply(lambda.v).ShiftLeft(1);`
	`100`
0	`101`	`if (mu == 1)`
0	`102`	`{`
0	`103`	`norm = s1.Add(s2).Add(s3);`
0	`104`	`}`
0	`105`	`else if (mu == -1)`
0	`106`	`{`
0	`107`	`norm = s1.Subtract(s2).Add(s3);`
0	`108`	`}`
	`109`	`else`
0	`110`	`{`
0	`111`	`throw new ArgumentException("mu must be 1 or -1");`
	`112`	`}`
	`113`
0	`114`	`return norm;`
0	`115`	`}`
	`116`
	`117`	`/**`
	`118`	`* Computes the norm of an element <code>λ</code> of`
	`119`	`* <code><b>R</b>[τ]</code>, where <code>λ = u + vτ</code>`
	`120`	`* and <code>u</code> and <code>u</code> are real numbers (elements of`
	`121`	`* <code><b>R</b></code>).`
	`122`	`* @param mu The parameter <code>μ</code> of the elliptic curve.`
	`123`	`* @param u The real part of the element <code>λ</code> of`
	`124`	`* <code><b>R</b>[τ]</code>.`
	`125`	`* @param v The <code>τ</code>-adic part of the element`
	`126`	`* <code>λ</code> of <code><b>R</b>[τ]</code>.`
	`127`	`* @return The norm of <code>λ</code>.`
	`128`	`*/`
	`129`	`public static SimpleBigDecimal Norm(sbyte mu, SimpleBigDecimal u, SimpleBigDecimal v)`
0	`130`	`{`
	`131`	`SimpleBigDecimal norm;`
	`132`
	`133`	`// s1 = u^2`
0	`134`	`SimpleBigDecimal s1 = u.Multiply(u);`
	`135`
	`136`	`// s2 = u * v`
0	`137`	`SimpleBigDecimal s2 = u.Multiply(v);`
	`138`
	`139`	`// s3 = 2 * v^2`
0	`140`	`SimpleBigDecimal s3 = v.Multiply(v).ShiftLeft(1);`
	`141`
0	`142`	`if (mu == 1)`
0	`143`	`{`
0	`144`	`norm = s1.Add(s2).Add(s3);`
0	`145`	`}`
0	`146`	`else if (mu == -1)`
0	`147`	`{`
0	`148`	`norm = s1.Subtract(s2).Add(s3);`
0	`149`	`}`
	`150`	`else`
0	`151`	`{`
0	`152`	`throw new ArgumentException("mu must be 1 or -1");`
	`153`	`}`
	`154`
0	`155`	`return norm;`
0	`156`	`}`
	`157`
	`158`	`/**`
	`159`	`* Rounds an element <code>λ</code> of <code><b>R</b>[τ]</code>`
	`160`	`* to an element of <code><b>Z</b>[τ]</code>, such that their difference`
	`161`	`* has minimal norm. <code>λ</code> is given as`
	`162`	`* <code>λ = λ<sub>0</sub> + λ<sub>1</sub>τ</code>.`
	`163`	`* @param lambda0 The component <code>λ<sub>0</sub></code>.`
	`164`	`* @param lambda1 The component <code>λ<sub>1</sub></code>.`
	`165`	`* @param mu The parameter <code>μ</code> of the elliptic curve. Must`
	`166`	`* equal 1 or -1.`
	`167`	`* @return The rounded element of <code><b>Z</b>[τ]</code>.`
	`168`	`* @throws ArgumentException if <code>lambda0</code> and`
	`169`	`* <code>lambda1</code> do not have same scale.`
	`170`	`*/`
	`171`	`public static ZTauElement Round(SimpleBigDecimal lambda0,`
	`172`	`SimpleBigDecimal lambda1, sbyte mu)`
0	`173`	`{`
0	`174`	`int scale = lambda0.Scale;`
0	`175`	`if (lambda1.Scale != scale)`
0	`176`	`throw new ArgumentException("lambda0 and lambda1 do not have same scale");`
	`177`
0	`178`	`if (!((mu == 1) \|\| (mu == -1)))`
0	`179`	`throw new ArgumentException("mu must be 1 or -1");`
	`180`
0	`181`	`BigInteger f0 = lambda0.Round();`
0	`182`	`BigInteger f1 = lambda1.Round();`
	`183`
0	`184`	`SimpleBigDecimal eta0 = lambda0.Subtract(f0);`
0	`185`	`SimpleBigDecimal eta1 = lambda1.Subtract(f1);`
	`186`
	`187`	`// eta = 2eta0 + mueta1`
0	`188`	`SimpleBigDecimal eta = eta0.Add(eta0);`
0	`189`	`if (mu == 1)`
0	`190`	`{`
0	`191`	`eta = eta.Add(eta1);`
0	`192`	`}`
	`193`	`else`
0	`194`	`{`
	`195`	`// mu == -1`
0	`196`	`eta = eta.Subtract(eta1);`
0	`197`	`}`
	`198`
	`199`	`// check1 = eta0 - 3mueta1`
	`200`	`// check2 = eta0 + 4mueta1`
0	`201`	`SimpleBigDecimal threeEta1 = eta1.Add(eta1).Add(eta1);`
0	`202`	`SimpleBigDecimal fourEta1 = threeEta1.Add(eta1);`
	`203`	`SimpleBigDecimal check1;`
	`204`	`SimpleBigDecimal check2;`
0	`205`	`if (mu == 1)`
0	`206`	`{`
0	`207`	`check1 = eta0.Subtract(threeEta1);`
0	`208`	`check2 = eta0.Add(fourEta1);`
0	`209`	`}`
	`210`	`else`
0	`211`	`{`
	`212`	`// mu == -1`
0	`213`	`check1 = eta0.Add(threeEta1);`
0	`214`	`check2 = eta0.Subtract(fourEta1);`
0	`215`	`}`
	`216`
0	`217`	`sbyte h0 = 0;`
0	`218`	`sbyte h1 = 0;`
	`219`
	`220`	`// if eta >= 1`
0	`221`	`if (eta.CompareTo(BigInteger.One) >= 0)`
0	`222`	`{`
0	`223`	`if (check1.CompareTo(MinusOne) < 0)`
0	`224`	`{`
0	`225`	`h1 = mu;`
0	`226`	`}`
	`227`	`else`
0	`228`	`{`
0	`229`	`h0 = 1;`
0	`230`	`}`
0	`231`	`}`
	`232`	`else`
0	`233`	`{`
	`234`	`// eta < 1`
0	`235`	`if (check2.CompareTo(BigInteger.Two) >= 0)`
0	`236`	`{`
0	`237`	`h1 = mu;`
0	`238`	`}`
0	`239`	`}`
	`240`
	`241`	`// if eta < -1`
0	`242`	`if (eta.CompareTo(MinusOne) < 0)`
0	`243`	`{`
0	`244`	`if (check1.CompareTo(BigInteger.One) >= 0)`
0	`245`	`{`
0	`246`	`h1 = (sbyte)-mu;`
0	`247`	`}`
	`248`	`else`
0	`249`	`{`
0	`250`	`h0 = -1;`
0	`251`	`}`
0	`252`	`}`
	`253`	`else`
0	`254`	`{`
	`255`	`// eta >= -1`
0	`256`	`if (check2.CompareTo(MinusTwo) < 0)`
0	`257`	`{`
0	`258`	`h1 = (sbyte)-mu;`
0	`259`	`}`
0	`260`	`}`
	`261`
0	`262`	`BigInteger q0 = f0.Add(BigInteger.ValueOf(h0));`
0	`263`	`BigInteger q1 = f1.Add(BigInteger.ValueOf(h1));`
0	`264`	`return new ZTauElement(q0, q1);`
0	`265`	`}`
	`266`
	`267`	`/**`
	`268`	`* Approximate division by <code>n</code>. For an integer`
	`269`	`* <code>k</code>, the value <code>λ = s k / n</code> is`
	`270`	`* computed to <code>c</code> bits of accuracy.`
	`271`	`* @param k The parameter <code>k</code>.`
	`272`	`* @param s The curve parameter <code>s<sub>0</sub></code> or`
	`273`	`* <code>s<sub>1</sub></code>.`
	`274`	`* @param vm The Lucas Sequence element <code>V<sub>m</sub></code>.`
	`275`	`* @param a The parameter <code>a</code> of the elliptic curve.`
	`276`	`* @param m The bit length of the finite field`
	`277`	`* <code><b>F</b><sub>m</sub></code>.`
	`278`	`* @param c The number of bits of accuracy, i.e. the scale of the returned`
	`279`	`* <code>SimpleBigDecimal</code>.`
	`280`	`* @return The value <code>λ = s k / n</code> computed to`
	`281`	`* <code>c</code> bits of accuracy.`
	`282`	`*/`
	`283`	`public static SimpleBigDecimal ApproximateDivisionByN(BigInteger k,`
	`284`	`BigInteger s, BigInteger vm, sbyte a, int m, int c)`
0	`285`	`{`
0	`286`	`int _k = (m + 5)/2 + c;`
0	`287`	`BigInteger ns = k.ShiftRight(m - _k - 2 + a);`
	`288`
0	`289`	`BigInteger gs = s.Multiply(ns);`
	`290`
0	`291`	`BigInteger hs = gs.ShiftRight(m);`
	`292`
0	`293`	`BigInteger js = vm.Multiply(hs);`
	`294`
0	`295`	`BigInteger gsPlusJs = gs.Add(js);`
0	`296`	`BigInteger ls = gsPlusJs.ShiftRight(_k-c);`
0	`297`	`if (gsPlusJs.TestBit(_k-c-1))`
0	`298`	`{`
	`299`	`// round up`
0	`300`	`ls = ls.Add(BigInteger.One);`
0	`301`	`}`
	`302`
0	`303`	`return new SimpleBigDecimal(ls, c);`
0	`304`	`}`
	`305`
	`306`	`/**`
	`307`	`* Computes the <code>τ</code>-adic NAF (non-adjacent form) of an`
	`308`	`* element <code>λ</code> of <code><b>Z</b>[τ]</code>.`
	`309`	`* @param mu The parameter <code>μ</code> of the elliptic curve.`
	`310`	`* @param lambda The element <code>λ</code> of`
	`311`	`* <code><b>Z</b>[τ]</code>.`
	`312`	`* @return The <code>τ</code>-adic NAF of <code>λ</code>.`
	`313`	`*/`
	`314`	`public static sbyte[] TauAdicNaf(sbyte mu, ZTauElement lambda)`
0	`315`	`{`
0	`316`	`if (!((mu == 1) \|\| (mu == -1)))`
0	`317`	`throw new ArgumentException("mu must be 1 or -1");`
	`318`
0	`319`	`BigInteger norm = Norm(mu, lambda);`
	`320`
	`321`	`// Ceiling of log2 of the norm`
0	`322`	`int log2Norm = norm.BitLength;`
	`323`
	`324`	`// If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52`
0	`325`	`int maxLength = log2Norm > 30 ? log2Norm + 4 : 34;`
	`326`
	`327`	`// The array holding the TNAF`
0	`328`	`sbyte[] u = new sbyte[maxLength];`
0	`329`	`int i = 0;`
	`330`
	`331`	`// The actual length of the TNAF`
0	`332`	`int length = 0;`
	`333`
0	`334`	`BigInteger r0 = lambda.u;`
0	`335`	`BigInteger r1 = lambda.v;`
	`336`
0	`337`	`while(!((r0.Equals(BigInteger.Zero)) && (r1.Equals(BigInteger.Zero))))`
0	`338`	`{`
	`339`	`// If r0 is odd`
0	`340`	`if (r0.TestBit(0))`
0	`341`	`{`
0	`342`	`u[i] = (sbyte) BigInteger.Two.Subtract((r0.Subtract(r1.ShiftLeft(1))).Mod(Four)).IntValue;`
	`343`
	`344`	`// r0 = r0 - u[i]`
0	`345`	`if (u[i] == 1)`
0	`346`	`{`
0	`347`	`r0 = r0.ClearBit(0);`
0	`348`	`}`
	`349`	`else`
0	`350`	`{`
	`351`	`// u[i] == -1`
0	`352`	`r0 = r0.Add(BigInteger.One);`
0	`353`	`}`
0	`354`	`length = i;`
0	`355`	`}`
	`356`	`else`
0	`357`	`{`
0	`358`	`u[i] = 0;`
0	`359`	`}`
	`360`
0	`361`	`BigInteger t = r0;`
0	`362`	`BigInteger s = r0.ShiftRight(1);`
0	`363`	`if (mu == 1)`
0	`364`	`{`
0	`365`	`r0 = r1.Add(s);`
0	`366`	`}`
	`367`	`else`
0	`368`	`{`
	`369`	`// mu == -1`
0	`370`	`r0 = r1.Subtract(s);`
0	`371`	`}`
	`372`
0	`373`	`r1 = t.ShiftRight(1).Negate();`
0	`374`	`i++;`
0	`375`	`}`
	`376`
0	`377`	`length++;`
	`378`
	`379`	`// Reduce the TNAF array to its actual length`
0	`380`	`sbyte[] tnaf = new sbyte[length];`
0	`381`	`Array.Copy(u, 0, tnaf, 0, length);`
0	`382`	`return tnaf;`
0	`383`	`}`
	`384`
	`385`	`/**`
	`386`	`* Applies the operation <code>τ()</code> to an`
	`387`	`* <code>AbstractF2mPoint</code>.`
	`388`	`* @param p The AbstractF2mPoint to which <code>τ()</code> is applied.`
	`389`	`* @return <code>τ(p)</code>`
	`390`	`*/`
	`391`	`public static AbstractF2mPoint Tau(AbstractF2mPoint p)`
0	`392`	`{`
0	`393`	`return p.Tau();`
0	`394`	`}`
	`395`
	`396`	`/**`
	`397`	`* Returns the parameter <code>μ</code> of the elliptic curve.`
	`398`	`* @param curve The elliptic curve from which to obtain <code>μ</code>.`
	`399`	`* The curve must be a Koblitz curve, i.e. <code>a</code> Equals`
	`400`	`* <code>0</code> or <code>1</code> and <code>b</code> Equals`
	`401`	`* <code>1</code>.`
	`402`	`* @return <code>μ</code> of the elliptic curve.`
	`403`	`* @throws ArgumentException if the given ECCurve is not a Koblitz`
	`404`	`* curve.`
	`405`	`*/`
	`406`	`public static sbyte GetMu(AbstractF2mCurve curve)`
0	`407`	`{`
0	`408`	`BigInteger a = curve.A.ToBigInteger();`
	`409`
	`410`	`sbyte mu;`
0	`411`	`if (a.SignValue == 0)`
0	`412`	`{`
0	`413`	`mu = -1;`
0	`414`	`}`
0	`415`	`else if (a.Equals(BigInteger.One))`
0	`416`	`{`
0	`417`	`mu = 1;`
0	`418`	`}`
	`419`	`else`
0	`420`	`{`
0	`421`	`throw new ArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible");`
	`422`	`}`
0	`423`	`return mu;`
0	`424`	`}`
	`425`
	`426`	`public static sbyte GetMu(ECFieldElement curveA)`
0	`427`	`{`
0	`428`	`return (sbyte)(curveA.IsZero ? -1 : 1);`
0	`429`	`}`
	`430`
	`431`	`public static sbyte GetMu(int curveA)`
0	`432`	`{`
0	`433`	`return (sbyte)(curveA == 0 ? -1 : 1);`
0	`434`	`}`
	`435`
	`436`	`/**`
	`437`	`* Calculates the Lucas Sequence elements <code>U<sub>k-1</sub></code> and`
	`438`	`* <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code> and`
	`439`	`* <code>V<sub>k</sub></code>.`
	`440`	`* @param mu The parameter <code>μ</code> of the elliptic curve.`
	`441`	`* @param k The index of the second element of the Lucas Sequence to be`
	`442`	`* returned.`
	`443`	`* @param doV If set to true, computes <code>V<sub>k-1</sub></code> and`
	`444`	`* <code>V<sub>k</sub></code>, otherwise <code>U<sub>k-1</sub></code> and`
	`445`	`* <code>U<sub>k</sub></code>.`
	`446`	`* @return An array with 2 elements, containing <code>U<sub>k-1</sub></code>`
	`447`	`* and <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code>`
	`448`	`* and <code>V<sub>k</sub></code>.`
	`449`	`*/`
	`450`	`public static BigInteger[] GetLucas(sbyte mu, int k, bool doV)`
0	`451`	`{`
0	`452`	`if (!(mu == 1 \|\| mu == -1))`
0	`453`	`throw new ArgumentException("mu must be 1 or -1");`
	`454`
	`455`	`BigInteger u0;`
	`456`	`BigInteger u1;`
	`457`	`BigInteger u2;`
	`458`
0	`459`	`if (doV)`
0	`460`	`{`
0	`461`	`u0 = BigInteger.Two;`
0	`462`	`u1 = BigInteger.ValueOf(mu);`
0	`463`	`}`
	`464`	`else`
0	`465`	`{`
0	`466`	`u0 = BigInteger.Zero;`
0	`467`	`u1 = BigInteger.One;`
0	`468`	`}`
	`469`
0	`470`	`for (int i = 1; i < k; i++)`
0	`471`	`{`
	`472`	`// u2 = muu1 - 2u0;`
0	`473`	`BigInteger s = null;`
0	`474`	`if (mu == 1)`
0	`475`	`{`
0	`476`	`s = u1;`
0	`477`	`}`
	`478`	`else`
0	`479`	`{`
	`480`	`// mu == -1`
0	`481`	`s = u1.Negate();`
0	`482`	`}`
	`483`
0	`484`	`u2 = s.Subtract(u0.ShiftLeft(1));`
0	`485`	`u0 = u1;`
0	`486`	`u1 = u2;`
	`487`	`// System.out.println(i + ": " + u2);`
	`488`	`// System.out.println();`
0	`489`	`}`
	`490`
0	`491`	`BigInteger[] retVal = {u0, u1};`
0	`492`	`return retVal;`
0	`493`	`}`
	`494`
	`495`	`/**`
	`496`	`* Computes the auxiliary value <code>t<sub>w</sub></code>. If the width is`
	`497`	`* 4, then for <code>mu = 1</code>, <code>t<sub>w</sub> = 6</code> and for`
	`498`	`* <code>mu = -1</code>, <code>t<sub>w</sub> = 10</code>`
	`499`	`* @param mu The parameter <code>μ</code> of the elliptic curve.`
	`500`	`* @param w The window width of the WTNAF.`
	`501`	`* @return the auxiliary value <code>t<sub>w</sub></code>`
	`502`	`*/`
	`503`	`public static BigInteger GetTw(sbyte mu, int w)`
0	`504`	`{`
0	`505`	`if (w == 4)`
0	`506`	`{`
0	`507`	`if (mu == 1)`
0	`508`	`{`
0	`509`	`return BigInteger.ValueOf(6);`
	`510`	`}`
	`511`	`else`
0	`512`	`{`
	`513`	`// mu == -1`
0	`514`	`return BigInteger.ValueOf(10);`
	`515`	`}`
	`516`	`}`
	`517`	`else`
0	`518`	`{`
	`519`	`// For w <> 4, the values must be computed`
0	`520`	`BigInteger[] us = GetLucas(mu, w, false);`
0	`521`	`BigInteger twoToW = BigInteger.Zero.SetBit(w);`
0	`522`	`BigInteger u1invert = us[1].ModInverse(twoToW);`
	`523`	`BigInteger tw;`
0	`524`	`tw = BigInteger.Two.Multiply(us[0]).Multiply(u1invert).Mod(twoToW);`
	`525`	`//System.out.println("mu = " + mu);`
	`526`	`//System.out.println("tw = " + tw);`
0	`527`	`return tw;`
	`528`	`}`
0	`529`	`}`
	`530`
	`531`	`/**`
	`532`	`* Computes the auxiliary values <code>s<sub>0</sub></code> and`
	`533`	`* <code>s<sub>1</sub></code> used for partial modular reduction.`
	`534`	`* @param curve The elliptic curve for which to compute`
	`535`	`* <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.`
	`536`	`* @throws ArgumentException if <code>curve</code> is not a`
	`537`	`* Koblitz curve (Anomalous Binary Curve, ABC).`
	`538`	`*/`
	`539`	`public static BigInteger[] GetSi(AbstractF2mCurve curve)`
0	`540`	`{`
0	`541`	`if (!curve.IsKoblitz)`
0	`542`	`throw new ArgumentException("si is defined for Koblitz curves only");`
	`543`
0	`544`	`int m = curve.FieldSize;`
0	`545`	`int a = curve.A.ToBigInteger().IntValue;`
0	`546`	`sbyte mu = GetMu(a);`
0	`547`	`int shifts = GetShiftsForCofactor(curve.Cofactor);`
0	`548`	`int index = m + 3 - a;`
0	`549`	`BigInteger[] ui = GetLucas(mu, index, false);`
	`550`
0	`551`	`if (mu == 1)`
0	`552`	`{`
0	`553`	`ui[0] = ui[0].Negate();`
0	`554`	`ui[1] = ui[1].Negate();`
0	`555`	`}`
	`556`
0	`557`	`BigInteger dividend0 = BigInteger.One.Add(ui[1]).ShiftRight(shifts);`
0	`558`	`BigInteger dividend1 = BigInteger.One.Add(ui[0]).ShiftRight(shifts).Negate();`
	`559`
0	`560`	`return new BigInteger[] { dividend0, dividend1 };`
0	`561`	`}`
	`562`
	`563`	`public static BigInteger[] GetSi(int fieldSize, int curveA, BigInteger cofactor)`
0	`564`	`{`
0	`565`	`sbyte mu = GetMu(curveA);`
0	`566`	`int shifts = GetShiftsForCofactor(cofactor);`
0	`567`	`int index = fieldSize + 3 - curveA;`
0	`568`	`BigInteger[] ui = GetLucas(mu, index, false);`
0	`569`	`if (mu == 1)`
0	`570`	`{`
0	`571`	`ui[0] = ui[0].Negate();`
0	`572`	`ui[1] = ui[1].Negate();`
0	`573`	`}`
	`574`
0	`575`	`BigInteger dividend0 = BigInteger.One.Add(ui[1]).ShiftRight(shifts);`
0	`576`	`BigInteger dividend1 = BigInteger.One.Add(ui[0]).ShiftRight(shifts).Negate();`
	`577`
0	`578`	`return new BigInteger[] { dividend0, dividend1 };`
0	`579`	`}`
	`580`
	`581`	`protected static int GetShiftsForCofactor(BigInteger h)`
0	`582`	`{`
0	`583`	`if (h != null && h.BitLength < 4)`
0	`584`	`{`
0	`585`	`int hi = h.IntValue;`
0	`586`	`if (hi == 2)`
0	`587`	`return 1;`
0	`588`	`if (hi == 4)`
0	`589`	`return 2;`
0	`590`	`}`
	`591`
0	`592`	`throw new ArgumentException("h (Cofactor) must be 2 or 4");`
0	`593`	`}`
	`594`
	`595`	`/**`
	`596`	`* Partial modular reduction modulo`
	`597`	`* <code>(τ<sup>m</sup> - 1)/(τ - 1)</code>.`
	`598`	`* @param k The integer to be reduced.`
	`599`	`* @param m The bitlength of the underlying finite field.`
	`600`	`* @param a The parameter <code>a</code> of the elliptic curve.`
	`601`	`* @param s The auxiliary values <code>s<sub>0</sub></code> and`
	`602`	`* <code>s<sub>1</sub></code>.`
	`603`	`* @param mu The parameter μ of the elliptic curve.`
	`604`	`* @param c The precision (number of bits of accuracy) of the partial`
	`605`	`* modular reduction.`
	`606`	`* @return <code>ρ := k partmod (τ<sup>m</sup> - 1)/(τ - 1)</code>`
	`607`	`*/`
	`608`	`public static ZTauElement PartModReduction(BigInteger k, int m, sbyte a,`
	`609`	`BigInteger[] s, sbyte mu, sbyte c)`
0	`610`	`{`
	`611`	`// d0 = s[0] + mu*s[1]; mu is either 1 or -1`
	`612`	`BigInteger d0;`
0	`613`	`if (mu == 1)`
0	`614`	`{`
0	`615`	`d0 = s[0].Add(s[1]);`
0	`616`	`}`
	`617`	`else`
0	`618`	`{`
0	`619`	`d0 = s[0].Subtract(s[1]);`
0	`620`	`}`
	`621`
0	`622`	`BigInteger[] v = GetLucas(mu, m, true);`
0	`623`	`BigInteger vm = v[1];`
	`624`
0	`625`	`SimpleBigDecimal lambda0 = ApproximateDivisionByN(`
0	`626`	`k, s[0], vm, a, m, c);`
	`627`
0	`628`	`SimpleBigDecimal lambda1 = ApproximateDivisionByN(`
0	`629`	`k, s[1], vm, a, m, c);`
	`630`
0	`631`	`ZTauElement q = Round(lambda0, lambda1, mu);`
	`632`
	`633`	`// r0 = n - d0q0 - 2s1*q1`
0	`634`	`BigInteger r0 = k.Subtract(d0.Multiply(q.u)).Subtract(`
0	`635`	`BigInteger.ValueOf(2).Multiply(s[1]).Multiply(q.v));`
	`636`
	`637`	`// r1 = s1q0 - s0q1`
0	`638`	`BigInteger r1 = s[1].Multiply(q.u).Subtract(s[0].Multiply(q.v));`
	`639`
0	`640`	`return new ZTauElement(r0, r1);`
0	`641`	`}`
	`642`
	`643`	`/**`
	`644`	`* Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}`
	`645`	`* by a <code>BigInteger</code> using the reduced <code>τ</code>-adic`
	`646`	`* NAF (RTNAF) method.`
	`647`	`* @param p The AbstractF2mPoint to Multiply.`
	`648`	`* @param k The <code>BigInteger</code> by which to Multiply <code>p</code>.`
	`649`	`* @return <code>k * p</code>`
	`650`	`*/`
	`651`	`public static AbstractF2mPoint MultiplyRTnaf(AbstractF2mPoint p, BigInteger k)`
0	`652`	`{`
0	`653`	`AbstractF2mCurve curve = (AbstractF2mCurve)p.Curve;`
0	`654`	`int m = curve.FieldSize;`
0	`655`	`int a = curve.A.ToBigInteger().IntValue;`
0	`656`	`sbyte mu = GetMu(a);`
0	`657`	`BigInteger[] s = curve.GetSi();`
0	`658`	`ZTauElement rho = PartModReduction(k, m, (sbyte)a, s, mu, (sbyte)10);`
	`659`
0	`660`	`return MultiplyTnaf(p, rho);`
0	`661`	`}`
	`662`
	`663`	`/**`
	`664`	`* Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}`
	`665`	`* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>`
	`666`	`* using the <code>τ</code>-adic NAF (TNAF) method.`
	`667`	`* @param p The AbstractF2mPoint to Multiply.`
	`668`	`* @param lambda The element <code>λ</code> of`
	`669`	`* <code><b>Z</b>[τ]</code>.`
	`670`	`* @return <code>λ * p</code>`
	`671`	`*/`
	`672`	`public static AbstractF2mPoint MultiplyTnaf(AbstractF2mPoint p, ZTauElement lambda)`
0	`673`	`{`
0	`674`	`AbstractF2mCurve curve = (AbstractF2mCurve)p.Curve;`
0	`675`	`sbyte mu = GetMu(curve.A);`
0	`676`	`sbyte[] u = TauAdicNaf(mu, lambda);`
	`677`
0	`678`	`AbstractF2mPoint q = MultiplyFromTnaf(p, u);`
	`679`
0	`680`	`return q;`
0	`681`	`}`
	`682`
	`683`	`/**`
	`684`	`* Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint}`
	`685`	`* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>`
	`686`	`* using the <code>τ</code>-adic NAF (TNAF) method, given the TNAF`
	`687`	`* of <code>λ</code>.`
	`688`	`* @param p The AbstractF2mPoint to Multiply.`
	`689`	`* @param u The the TNAF of <code>λ</code>..`
	`690`	`* @return <code>λ * p</code>`
	`691`	`*/`
	`692`	`public static AbstractF2mPoint MultiplyFromTnaf(AbstractF2mPoint p, sbyte[] u)`
0	`693`	`{`
0	`694`	`ECCurve curve = p.Curve;`
0	`695`	`AbstractF2mPoint q = (AbstractF2mPoint)curve.Infinity;`
0	`696`	`AbstractF2mPoint pNeg = (AbstractF2mPoint)p.Negate();`
0	`697`	`int tauCount = 0;`
0	`698`	`for (int i = u.Length - 1; i >= 0; i--)`
0	`699`	`{`
0	`700`	`++tauCount;`
0	`701`	`sbyte ui = u[i];`
0	`702`	`if (ui != 0)`
0	`703`	`{`
0	`704`	`q = q.TauPow(tauCount);`
0	`705`	`tauCount = 0;`
	`706`
0	`707`	`ECPoint x = ui > 0 ? p : pNeg;`
0	`708`	`q = (AbstractF2mPoint)q.Add(x);`
0	`709`	`}`
0	`710`	`}`
0	`711`	`if (tauCount > 0)`
0	`712`	`{`
0	`713`	`q = q.TauPow(tauCount);`
0	`714`	`}`
0	`715`	`return q;`
0	`716`	`}`
	`717`
	`718`	`/**`
	`719`	`* Computes the <code>[τ]</code>-adic window NAF of an element`
	`720`	`* <code>λ</code> of <code><b>Z</b>[τ]</code>.`
	`721`	`* @param mu The parameter μ of the elliptic curve.`
	`722`	`* @param lambda The element <code>λ</code> of`
	`723`	`* <code><b>Z</b>[τ]</code> of which to compute the`
	`724`	`* <code>[τ]</code>-adic NAF.`
	`725`	`* @param width The window width of the resulting WNAF.`
	`726`	`* @param pow2w 2<sup>width</sup>.`
	`727`	`* @param tw The auxiliary value <code>t<sub>w</sub></code>.`
	`728`	`* @param alpha The <code>α<sub>u</sub></code>'s for the window width.`
	`729`	`* @return The <code>[τ]</code>-adic window NAF of`
	`730`	`* <code>λ</code>.`
	`731`	`*/`
	`732`	`public static sbyte[] TauAdicWNaf(sbyte mu, ZTauElement lambda,`
	`733`	`sbyte width, BigInteger pow2w, BigInteger tw, ZTauElement[] alpha)`
0	`734`	`{`
0	`735`	`if (!((mu == 1) \|\| (mu == -1)))`
0	`736`	`throw new ArgumentException("mu must be 1 or -1");`
	`737`
0	`738`	`BigInteger norm = Norm(mu, lambda);`
	`739`
	`740`	`// Ceiling of log2 of the norm`
0	`741`	`int log2Norm = norm.BitLength;`
	`742`
	`743`	`// If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52`
0	`744`	`int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width;`
	`745`
	`746`	`// The array holding the TNAF`
0	`747`	`sbyte[] u = new sbyte[maxLength];`
	`748`
	`749`	`// 2^(width - 1)`
0	`750`	`BigInteger pow2wMin1 = pow2w.ShiftRight(1);`
	`751`
	`752`	`// Split lambda into two BigIntegers to simplify calculations`
0	`753`	`BigInteger r0 = lambda.u;`
0	`754`	`BigInteger r1 = lambda.v;`
0	`755`	`int i = 0;`
	`756`
	`757`	`// while lambda <> (0, 0)`
0	`758`	`while (!((r0.Equals(BigInteger.Zero))&&(r1.Equals(BigInteger.Zero))))`
0	`759`	`{`
	`760`	`// if r0 is odd`
0	`761`	`if (r0.TestBit(0))`
0	`762`	`{`
	`763`	`// uUnMod = r0 + r1*tw Mod 2^width`
0	`764`	`BigInteger uUnMod`
0	`765`	`= r0.Add(r1.Multiply(tw)).Mod(pow2w);`
	`766`
	`767`	`sbyte uLocal;`
	`768`	`// if uUnMod >= 2^(width - 1)`
0	`769`	`if (uUnMod.CompareTo(pow2wMin1) >= 0)`
0	`770`	`{`
0	`771`	`uLocal = (sbyte) uUnMod.Subtract(pow2w).IntValue;`
0	`772`	`}`
	`773`	`else`
0	`774`	`{`
0	`775`	`uLocal = (sbyte) uUnMod.IntValue;`
0	`776`	`}`
	`777`	`// uLocal is now in [-2^(width-1), 2^(width-1)-1]`
	`778`
0	`779`	`u[i] = uLocal;`
0	`780`	`bool s = true;`
0	`781`	`if (uLocal < 0)`
0	`782`	`{`
0	`783`	`s = false;`
0	`784`	`uLocal = (sbyte)-uLocal;`
0	`785`	`}`
	`786`	`// uLocal is now >= 0`
	`787`
0	`788`	`if (s)`
0	`789`	`{`
0	`790`	`r0 = r0.Subtract(alpha[uLocal].u);`
0	`791`	`r1 = r1.Subtract(alpha[uLocal].v);`
0	`792`	`}`
	`793`	`else`
0	`794`	`{`
0	`795`	`r0 = r0.Add(alpha[uLocal].u);`
0	`796`	`r1 = r1.Add(alpha[uLocal].v);`
0	`797`	`}`
0	`798`	`}`
	`799`	`else`
0	`800`	`{`
0	`801`	`u[i] = 0;`
0	`802`	`}`
	`803`
0	`804`	`BigInteger t = r0;`
	`805`
0	`806`	`if (mu == 1)`
0	`807`	`{`
0	`808`	`r0 = r1.Add(r0.ShiftRight(1));`
0	`809`	`}`
	`810`	`else`
0	`811`	`{`
	`812`	`// mu == -1`
0	`813`	`r0 = r1.Subtract(r0.ShiftRight(1));`
0	`814`	`}`
0	`815`	`r1 = t.ShiftRight(1).Negate();`
0	`816`	`i++;`
0	`817`	`}`
0	`818`	`return u;`
0	`819`	`}`
	`820`
	`821`	`/**`
	`822`	`* Does the precomputation for WTNAF multiplication.`
	`823`	`* @param p The <code>ECPoint</code> for which to do the precomputation.`
	`824`	`* @param a The parameter <code>a</code> of the elliptic curve.`
	`825`	`* @return The precomputation array for <code>p</code>.`
	`826`	`*/`
	`827`	`public static AbstractF2mPoint[] GetPreComp(AbstractF2mPoint p, sbyte a)`
0	`828`	`{`
0	`829`	`sbyte[][] alphaTnaf = (a == 0) ? Tnaf.Alpha0Tnaf : Tnaf.Alpha1Tnaf;`
	`830`
0	`831`	`AbstractF2mPoint[] pu = new AbstractF2mPoint[(uint)(alphaTnaf.Length + 1) >> 1];`
0	`832`	`pu[0] = p;`
	`833`
0	`834`	`uint precompLen = (uint)alphaTnaf.Length;`
0	`835`	`for (uint i = 3; i < precompLen; i += 2)`
0	`836`	`{`
0	`837`	`pu[i >> 1] = Tnaf.MultiplyFromTnaf(p, alphaTnaf[i]);`
0	`838`	`}`
	`839`
0	`840`	`p.Curve.NormalizeAll(pu);`
	`841`
0	`842`	`return pu;`
0	`843`	`}`
	`844`	`}`
	`845`	`}`

< Summary

Metrics

File(s)

\home\appveyor\projects\ssh-net\src\Renci.SshNet\Security\BouncyCastle\math\ec\abc\Tnaf.cs

Methods/Properties