1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
|
package org.bouncycastle.math.ec;
import java.math.BigInteger;
/**
* base class for points on elliptic curves.
*/
public abstract class ECPoint
{
ECCurve curve;
ECFieldElement x;
ECFieldElement y;
protected boolean withCompression;
protected ECMultiplier multiplier = null;
protected PreCompInfo preCompInfo = null;
// private static X9IntegerConverter converter = new X9IntegerConverter();
protected ECPoint(ECCurve curve, ECFieldElement x, ECFieldElement y)
{
this.curve = curve;
this.x = x;
this.y = y;
}
public ECCurve getCurve()
{
return curve;
}
public ECFieldElement getX()
{
return x;
}
public ECFieldElement getY()
{
return y;
}
public boolean isInfinity()
{
return x == null && y == null;
}
public boolean isCompressed()
{
return withCompression;
}
@Override
public boolean equals(
Object other)
{
if (other == this)
{
return true;
}
if (!(other instanceof ECPoint))
{
return false;
}
ECPoint o = (ECPoint)other;
if (this.isInfinity())
{
return o.isInfinity();
}
return x.equals(o.x) && y.equals(o.y);
}
@Override
public int hashCode()
{
if (this.isInfinity())
{
return 0;
}
return x.hashCode() ^ y.hashCode();
}
// /**
// * Mainly for testing. Explicitly set the <code>ECMultiplier</code>.
// * @param multiplier The <code>ECMultiplier</code> to be used to multiply
// * this <code>ECPoint</code>.
// */
// public void setECMultiplier(ECMultiplier multiplier)
// {
// this.multiplier = multiplier;
// }
/**
* Sets the <code>PreCompInfo</code>. Used by <code>ECMultiplier</code>s
* to save the precomputation for this <code>ECPoint</code> to store the
* precomputation result for use by subsequent multiplication.
* @param preCompInfo The values precomputed by the
* <code>ECMultiplier</code>.
*/
void setPreCompInfo(PreCompInfo preCompInfo)
{
this.preCompInfo = preCompInfo;
}
public abstract byte[] getEncoded();
public abstract ECPoint add(ECPoint b);
public abstract ECPoint subtract(ECPoint b);
public abstract ECPoint negate();
public abstract ECPoint twice();
/**
* Sets the default <code>ECMultiplier</code>, unless already set.
*/
synchronized void assertECMultiplier()
{
if (this.multiplier == null)
{
this.multiplier = new FpNafMultiplier();
}
}
/**
* Multiplies this <code>ECPoint</code> by the given number.
* @param k The multiplicator.
* @return <code>k * this</code>.
*/
public ECPoint multiply(BigInteger k)
{
if (k.signum() < 0)
{
throw new IllegalArgumentException("The multiplicator cannot be negative");
}
if (this.isInfinity())
{
return this;
}
if (k.signum() == 0)
{
return this.curve.getInfinity();
}
assertECMultiplier();
return this.multiplier.multiply(this, k, preCompInfo);
}
/**
* Elliptic curve points over Fp
*/
public static class Fp extends ECPoint
{
/**
* Create a point which encodes with point compression.
*
* @param curve the curve to use
* @param x affine x co-ordinate
* @param y affine y co-ordinate
*/
public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y)
{
this(curve, x, y, false);
}
/**
* Create a point that encodes with or without point compresion.
*
* @param curve the curve to use
* @param x affine x co-ordinate
* @param y affine y co-ordinate
* @param withCompression if true encode with point compression
*/
public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
{
super(curve, x, y);
if ((x != null && y == null) || (x == null && y != null))
{
throw new IllegalArgumentException("Exactly one of the field elements is null");
}
this.withCompression = withCompression;
}
/**
* return the field element encoded with point compression. (S 4.3.6)
*/
public byte[] getEncoded()
{
return null;
// BEGIN connectbot-removed
// if (this.isInfinity())
// {
// return new byte[1];
// }
//
// int qLength = converter.getByteLength(x);
//
// if (withCompression)
// {
// byte PC;
//
// if (this.getY().toBigInteger().testBit(0))
// {
// PC = 0x03;
// }
// else
// {
// PC = 0x02;
// }
//
// byte[] X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
// byte[] PO = new byte[X.length + 1];
//
// PO[0] = PC;
// System.arraycopy(X, 0, PO, 1, X.length);
//
// return PO;
// }
// else
// {
// byte[] X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
// byte[] Y = converter.integerToBytes(this.getY().toBigInteger(), qLength);
// byte[] PO = new byte[X.length + Y.length + 1];
//
// PO[0] = 0x04;
// System.arraycopy(X, 0, PO, 1, X.length);
// System.arraycopy(Y, 0, PO, X.length + 1, Y.length);
//
// return PO;
// }
}
// B.3 pg 62
@Override
public ECPoint add(ECPoint b)
{
if (this.isInfinity())
{
return b;
}
if (b.isInfinity())
{
return this;
}
// Check if b = this or b = -this
if (this.x.equals(b.x))
{
if (this.y.equals(b.y))
{
// this = b, i.e. this must be doubled
return this.twice();
}
// this = -b, i.e. the result is the point at infinity
return this.curve.getInfinity();
}
ECFieldElement gamma = b.y.subtract(this.y).divide(b.x.subtract(this.x));
ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x);
ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
return new ECPoint.Fp(curve, x3, y3);
}
// B.3 pg 62
@Override
public ECPoint twice()
{
if (this.isInfinity())
{
// Twice identity element (point at infinity) is identity
return this;
}
if (this.y.toBigInteger().signum() == 0)
{
// if y1 == 0, then (x1, y1) == (x1, -y1)
// and hence this = -this and thus 2(x1, y1) == infinity
return this.curve.getInfinity();
}
ECFieldElement TWO = this.curve.fromBigInteger(BigInteger.valueOf(2));
ECFieldElement THREE = this.curve.fromBigInteger(BigInteger.valueOf(3));
ECFieldElement gamma = this.x.square().multiply(THREE).add(curve.a).divide(y.multiply(TWO));
ECFieldElement x3 = gamma.square().subtract(this.x.multiply(TWO));
ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
return new ECPoint.Fp(curve, x3, y3, this.withCompression);
}
// D.3.2 pg 102 (see Note:)
@Override
public ECPoint subtract(ECPoint b)
{
if (b.isInfinity())
{
return this;
}
// Add -b
return add(b.negate());
}
@Override
public ECPoint negate()
{
return new ECPoint.Fp(curve, this.x, this.y.negate(), this.withCompression);
}
/**
* Sets the default <code>ECMultiplier</code>, unless already set.
*/
@Override
synchronized void assertECMultiplier()
{
if (this.multiplier == null)
{
this.multiplier = new WNafMultiplier();
}
}
}
}
|
