/** * Computes the auxiliary values <code>s<sub>0</sub></code> and * <code>s<sub>1</sub></code> used for partial modular reduction. * @param curve The elliptic curve for which to compute * <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>. * @throws IllegalArgumentException if <code>curve</code> is not a * Koblitz curve (Anomalous Binary Curve, ABC). */ public static BigInteger[] getSi(ECCurve.F2m curve) { if (!curve.isKoblitz()) { throw new IllegalArgumentException("si is defined for Koblitz curves only"); } int m = curve.getM(); int a = curve.getA().toBigInteger().intValue(); byte mu = curve.getMu(); int shifts = getShiftsForCofactor(curve.getCofactor()); int index = m + 3 - a; BigInteger[] ui = getLucas(mu, index, false); if (mu == 1) { ui[0] = ui[0].negate(); ui[1] = ui[1].negate(); } BigInteger dividend0 = ECConstants.ONE.add(ui[1]).shiftRight(shifts); BigInteger dividend1 = ECConstants.ONE.add(ui[0]).shiftRight(shifts).negate(); return new BigInteger[] { dividend0, dividend1 }; }
/** * Returns the parameter <code>μ</code> of the elliptic curve. * @param curve The elliptic curve from which to obtain <code>μ</code>. * The curve must be a Koblitz curve, i.e. <code>a</code> equals * <code>0</code> or <code>1</code> and <code>b</code> equals * <code>1</code>. * @return <code>μ</code> of the elliptic curve. * @throws IllegalArgumentException if the given ECCurve is not a Koblitz * curve. */ public static byte getMu(ECCurve.F2m curve) { if (!curve.isKoblitz()) { throw new IllegalArgumentException("No Koblitz curve (ABC), TNAF multiplication not possible"); } if (curve.getA().isZero()) { return -1; } return 1; }
/** * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m} * by a <code>BigInteger</code> using the reduced <code>τ</code>-adic * NAF (RTNAF) method. * @param p The ECPoint.F2m to multiply. * @param k The <code>BigInteger</code> by which to multiply <code>p</code>. * @return <code>k * p</code> */ public static ECPoint.F2m multiplyRTnaf(ECPoint.F2m p, BigInteger k) { ECCurve.F2m curve = (ECCurve.F2m) p.getCurve(); int m = curve.getM(); byte a = (byte) curve.getA().toBigInteger().intValue(); byte mu = curve.getMu(); BigInteger[] s = curve.getSi(); ZTauElement rho = partModReduction(k, m, a, s, mu, (byte)10); return multiplyTnaf(p, rho); }
byte a = curve.getA().toBigInteger().byteValue();
/** * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m} * by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF) * method. * @param p The ECPoint.F2m to multiply. * @param k The integer by which to multiply <code>k</code>. * @return <code>p</code> multiplied by <code>k</code>. */ protected ECPoint multiplyPositive(ECPoint point, BigInteger k) { if (!(point instanceof ECPoint.F2m)) { throw new IllegalArgumentException("Only ECPoint.F2m can be " + "used in WTauNafMultiplier"); } ECPoint.F2m p = (ECPoint.F2m)point; ECCurve.F2m curve = (ECCurve.F2m)p.getCurve(); int m = curve.getM(); byte a = curve.getA().toBigInteger().byteValue(); byte mu = curve.getMu(); BigInteger[] s = curve.getSi(); ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10); return multiplyWTnaf(p, rho, curve.getPreCompInfo(p, PRECOMP_NAME), a, mu); }