📄 mrecn2_opt.c
字号:
#endif
if (mr_mip->ERNUM) return;
twist=mr_mip->TWIST;
MR_IN(202)
A.a=mr_mip->w10;
A.b=mr_mip->w11;
B.a=mr_mip->w12;
B.b=mr_mip->w13;
if (mr_abs(mr_mip->Asize)<MR_TOOBIG) zzn2_from_int(_MIPP_ mr_mip->Asize,&A);
else zzn2_from_zzn(mr_mip->A,&A);
if (mr_abs(mr_mip->Bsize)<MR_TOOBIG) zzn2_from_int(_MIPP_ mr_mip->Bsize,&B);
else zzn2_from_zzn(mr_mip->B,&B);
if (twist)
{
if (mr_mip->Asize==0 || mr_mip->Bsize==0)
{
if (mr_mip->Asize==0)
{
zzn2_txd(_MIPP_ &B);
}
if (mr_mip->Bsize==0)
{
zzn2_mul_i( &A,x,&B);
zzn2_txd(_MIPP_ &B);
}
zzn2_negate(_MIPP_ &B,&B);
}
else
{
zzn2_txx_i(&B);
zzn2_txx_i(&B);
zzn2_txx_i(&B);
zzn2_mul_i( &A,x,&A);
zzn2_txx_i(&A);
zzn2_txx_i(&A);
zzn2_add_i(&B,&A,&B);
}
}
else
{
zzn2_mul_i( &A,x,&A);
zzn2_add_i(&B,&A,&B);
}
zzn2_sqr_i( x,&A);
zzn2_mul_i( &A,x,&A);
zzn2_add_i(&B,&A,rhs);
MR_OUT
}
BOOL ecn2_set(_MIPD_ zzn2 *x,zzn2 *y,ecn2 *e)
{
zzn2 lhs,rhs;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
MR_IN(195)
lhs.a=mr_mip->w10;
lhs.b=mr_mip->w11;
rhs.a=mr_mip->w12;
rhs.b=mr_mip->w13;
ecn2_rhs(_MIPP_ x,&rhs);
zzn2_sqr_i( y,&lhs);
if (!zzn2_compare(&lhs,&rhs))
{
MR_OUT
return FALSE;
}
zzn2_copy_i(x,&(e->x));
zzn2_copy_i(y,&(e->y));
e->marker=MR_EPOINT_NORMALIZED;
MR_OUT
return TRUE;
}
#ifndef MR_NOSUPPORT_COMPRESSION
BOOL ecn2_setx(_MIPD_ zzn2 *x,ecn2 *e)
{
zzn2 rhs;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
MR_IN(201)
rhs.a=mr_mip->w12;
rhs.b=mr_mip->w13;
ecn2_rhs(_MIPP_ x,&rhs);
if (!zzn2_iszero(&rhs))
{
if (!zzn2_sqrt(_MIPP_ &rhs,&rhs))
{
MR_OUT
return FALSE;
}
}
zzn2_copy_i(x,&(e->x));
zzn2_copy_i(&rhs,&(e->y));
e->marker=MR_EPOINT_NORMALIZED;
MR_OUT
return TRUE;
}
#endif
#ifndef MR_AFFINE_ONLY
void ecn2_setxyz(zzn2 *x,zzn2 *y,zzn2 *z,ecn2 *e)
{
zzn2_copy_i(x,&(e->x));
zzn2_copy_i(y,&(e->y));
zzn2_copy_i(z,&(e->z));
e->marker=MR_EPOINT_GENERAL;
}
#endif
void ecn2_negate(_MIPD_ ecn2 *u,ecn2 *w)
{
ecn2_copy(u,w);
if (!w->marker!=MR_EPOINT_INFINITY)
zzn2_negate(_MIPP_ &(w->y),&(w->y));
}
/*
BOOL ecn2_add2(_MIPD_ ecn2 *Q,ecn2 *P,zzn2 *lam,zzn2 *ex1)
{
BOOL Doubling;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
Doubling=ecn2_add3(_MIPP_ Q,P,lam,ex1,NULL);
return Doubling;
}
BOOL ecn2_add1(_MIPD_ ecn2 *Q,ecn2 *P,zzn2 *lam)
{
BOOL Doubling;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
Doubling=ecn2_add3(_MIPP_ Q,P,lam,NULL,NULL);
return Doubling;
}
*/
BOOL ecn2_sub(_MIPD_ ecn2 *Q,ecn2 *P)
{
BOOL Doubling;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
ecn2_negate(_MIPP_ Q,Q);
Doubling=ecn2_add(_MIPP_ Q,P);
ecn2_negate(_MIPP_ Q,Q);
return Doubling;
}
/*
static void zzn2_print(_MIPD_ char *label, zzn2 *x)
{
char s1[1024], s2[1024];
big a, b;
#ifdef MR_STATIC
char mem_big[MR_BIG_RESERVE(2)];
memset(mem_big, 0, MR_BIG_RESERVE(2));
a=mirvar_mem(_MIPP_ mem_big,0);
b=mirvar_mem(_MIPP_ mem_big,1);
#else
a = mirvar(_MIPP_ 0);
b = mirvar(_MIPP_ 0);
#endif
redc(_MIPP_ x->a, a); otstr(_MIPP_ a, s1);
redc(_MIPP_ x->b, b); otstr(_MIPP_ b, s2);
printf("%s: [%s,%s]\n", label, s1, s2);
#ifndef MR_STATIC
mr_free(a); mr_free(b);
#endif
}
static void nres_print(_MIPD_ char *label, big x)
{
char s[1024];
big a;
a = mirvar(_MIPP_ 0);
redc(_MIPP_ x, a);
otstr(_MIPP_ a, s);
printf("%s: %s\n", label, s);
mr_free(a);
}
*/
BOOL ecn2_add_sub(_MIPD_ ecn2 *P,ecn2 *Q,ecn2 *PP,ecn2 *PM)
{ /* PP=P+Q, PM=P-Q. Assumes P and Q are both normalized, and P!=Q */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
zzn2 t1,t2,lam;
if (mr_mip->ERNUM) return FALSE;
MR_IN(211)
if (P->marker==MR_EPOINT_GENERAL || P->marker==MR_EPOINT_GENERAL)
{ /* Sorry, some restrictions.. */
mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS);
MR_OUT
return FALSE;
}
if (zzn2_compare(&(P->x),&(Q->x)))
{ /* P=Q or P=-Q - shouldn't happen */
ecn2_copy(P,PP);
ecn2_add(_MIPP_ Q,PP);
ecn2_copy(P,PM);
ecn2_sub(_MIPP_ Q,PM);
MR_OUT
return TRUE;
}
t1.a = mr_mip->w8;
t1.b = mr_mip->w9;
t2.a = mr_mip->w10;
t2.b = mr_mip->w11;
lam.a = mr_mip->w12;
lam.b = mr_mip->w13;
zzn2_copy_i(&(P->x),&t2);
zzn2_sub_i(&t2,&(Q->x),&t2);
zzn2_inv_i(_MIPP_ &t2); /* only one inverse required */
zzn2_add_i(&(P->x),&(Q->x),&(PP->x));
zzn2_copy_i(&(PP->x),&(PM->x));
zzn2_copy_i(&(P->y),&t1);
zzn2_sub_i(&t1,&(Q->y),&t1);
zzn2_copy_i(&t1,&lam);
zzn2_mul_i( &lam,&t2,&lam);
zzn2_copy_i(&lam,&t1);
zzn2_sqr_i( &t1,&t1);
zzn2_sub_i(&t1,&(PP->x),&(PP->x));
zzn2_copy_i(&(Q->x),&(PP->y));
zzn2_sub_i(&(PP->y),&(PP->x),&(PP->y));
zzn2_mul_i( &(PP->y),&lam,&(PP->y));
zzn2_sub_i(&(PP->y),&(Q->y),&(PP->y));
zzn2_copy_i(&(P->y),&t1);
zzn2_add_i(&t1,&(Q->y),&t1);
zzn2_copy_i(&t1,&lam);
zzn2_mul_i( &lam,&t2,&lam);
zzn2_copy_i(&lam,&t1);
zzn2_sqr_i( &t1,&t1);
zzn2_sub_i(&t1,&(PM->x),&(PM->x));
zzn2_copy_i(&(Q->x),&(PM->y));
zzn2_sub_i(&(PM->y),&(PM->x),&(PM->y));
zzn2_mul_i( &(PM->y),&lam,&(PM->y));
zzn2_add_i(&(PM->y),&(Q->y),&(PM->y));
PP->marker=MR_EPOINT_NORMALIZED;
PM->marker=MR_EPOINT_NORMALIZED;
MR_OUT
return TRUE;
}
BOOL ecn2_add(_MIPD_ ecn2 *Q,ecn2 *P)
{ /* P+=Q */
BOOL Doubling=FALSE;
BOOL twist;
int iA;
zzn2 t1,t2,t3,lam;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
t1.a = mr_mip->w8;
t1.b = mr_mip->w9;
t2.a = mr_mip->w10;
t2.b = mr_mip->w11;
t3.a = mr_mip->w12;
t3.b = mr_mip->w13;
lam.a = mr_mip->w14;
lam.b = mr_mip->w15;
twist=mr_mip->TWIST;
if (mr_mip->ERNUM) return FALSE;
if (P->marker==MR_EPOINT_INFINITY)
{
ecn2_copy(Q,P);
return Doubling;
}
if (Q->marker==MR_EPOINT_INFINITY) return Doubling;
MR_IN(205)
if (Q!=P && Q->marker==MR_EPOINT_GENERAL)
{ /* Sorry, this code is optimized for mixed addition only */
mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS);
MR_OUT
return Doubling;
}
#ifndef MR_AFFINE_ONLY
if (mr_mip->coord==MR_AFFINE)
{
#endif
if (!zzn2_compare(&(P->x),&(Q->x)))
{
zzn2_copy_i(&(P->y),&t1);
zzn2_sub_i(&t1,&(Q->y),&t1);
zzn2_copy_i(&(P->x),&t2);
zzn2_sub_i(&t2,&(Q->x),&t2);
zzn2_copy_i(&t1,&lam);
zzn2_inv_i(_MIPP_ &t2);
zzn2_mul_i( &lam,&t2,&lam);
zzn2_add_i(&(P->x),&(Q->x),&(P->x));
zzn2_copy_i(&lam,&t1);
zzn2_sqr_i( &t1,&t1);
zzn2_sub_i(&t1,&(P->x),&(P->x));
zzn2_copy_i(&(Q->x),&(P->y));
zzn2_sub_i(&(P->y),&(P->x),&(P->y));
zzn2_mul_i( &(P->y),&lam,&(P->y));
zzn2_sub_i(&(P->y),&(Q->y),&(P->y));
}
else
{
if (!zzn2_compare(&(P->y),&(Q->y)) || zzn2_iszero(&(P->y)))
{
ecn2_zero(P);
zzn2_from_int(_MIPP_ 1,&lam);
MR_OUT
return Doubling;
}
zzn2_copy_i(&(P->x),&t1);
zzn2_copy_i(&(P->x),&t2);
zzn2_copy_i(&(P->x),&lam);
zzn2_sqr_i( &lam,&lam);
zzn2_copy_i(&lam,&t3);
zzn2_tim2_i(&t3);
zzn2_add_i(&lam,&t3,&lam);
if (mr_abs(mr_mip->Asize)<MR_TOOBIG) zzn2_from_int(_MIPP_ mr_mip->Asize,&t3);
else zzn2_from_zzn(mr_mip->A,&t3);
if (twist)
{
zzn2_txx_i(&t3);
zzn2_txx_i(&t3);
}
zzn2_add_i(&lam,&t3,&lam);
zzn2_copy_i(&(P->y),&t3);
zzn2_tim2_i(&t3);
zzn2_inv_i(_MIPP_ &t3);
zzn2_mul_i( &lam,&t3,&lam);
zzn2_add_i(&t2,&(P->x),&t2);
zzn2_copy_i(&lam,&(P->x));
zzn2_sqr_i( &(P->x),&(P->x));
zzn2_sub_i(&(P->x),&t2,&(P->x));
zzn2_sub_i(&t1,&(P->x),&t1);
zzn2_mul_i( &t1,&lam,&t1);
zzn2_sub_i(&t1,&(P->y),&(P->y));
}
#ifndef MR_AFFINE_ONLY
zzn2_from_int(_MIPP_ 1,&(P->z));
#endif
P->marker=MR_EPOINT_NORMALIZED;
MR_OUT
return Doubling;
#ifndef MR_AFFINE_ONLY
}
if (Q==P) Doubling=TRUE;
if (!Doubling)
{
if (P->marker!=MR_EPOINT_NORMALIZED)
{
zzn2_sqr_i(&(P->z),&t1);
zzn2_mul_i(&t1,&(P->z),&t2);
zzn2_mul_i(&t1,&(Q->x),&t1);
zzn2_mul_i(&t2,&(Q->y),&t2);
// zzn2_sqr_i( &(P->z),&t1); /* 1S */
// zzn2_mul_i( &t3,&t1,&t3); /* 1M */
// zzn2_mul_i( &t1,&(P->z),&t1); /* 1M */
// zzn2_mul_i( &Yzzz,&t1,&Yzzz); /* 1M */
}
else
{
zzn2_copy(&(Q->x),&t1);
zzn2_copy(&(Q->y),&t2);
}
if (zzn2_compare(&t1,&(P->x))) /*?*/
{
if (!zzn2_compare(&t2,&(P->y)) || zzn2_iszero(&(P->y)))
{
ecn2_zero(P);
zzn2_from_int(_MIPP_ 1,&lam);
MR_OUT
return Doubling;
}
else Doubling=TRUE;
}
}
if (!Doubling)
{ /* Addition */
zzn2_sub_i(&t1,&(P->x),&t1);
zzn2_sub_i(&t2,&(P->y),&t2);
if (P->marker==MR_EPOINT_NORMALIZED) zzn2_copy_i(&t1,&(P->z));
else zzn2_mul_i(&(P->z),&t1,&(P->z));
zzn2_sqr_i(&t1,&t3);
zzn2_mul_i(&t3,&t1,&lam);
zzn2_mul_i(&t3,&(P->x),&t3);
zzn2_copy_i(&t3,&t1);
zzn2_tim2_i(&t1);
zzn2_sqr_i(&t2,&(P->x));
zzn2_dblsub_i(&t1,&lam,&(P->x));
zzn2_sub_i(&t3,&(P->x),&t3);
zzn2_mul_i(&t3,&t2,&t3);
zzn2_mul_i(&lam,&(P->y),&lam);
zzn2_sub_i(&t3,&lam,&(P->y));
}
else
{ /* doubling */
if (P->marker==MR_EPOINT_NORMALIZED) zzn2_from_int(_MIPP_ 1,&t1);
else zzn2_sqr_i(&(P->z),&t1);
if (twist) zzn2_txx_i(&t1);
zzn2_sub_i(&(P->x),&t1,&t2);
zzn2_add_i(&t1,&(P->x),&t1);
zzn2_mul_i(&t2,&t1,&t2);
zzn2_tim3_i(&t2);
zzn2_tim2_i(&(P->y));
if (P->marker==MR_EPOINT_NORMALIZED) zzn2_copy_i(&(P->y),&(P->z));
else zzn2_mul_i(&(P->z),&(P->y),&(P->z));
zzn2_sqr_i(&(P->y),&(P->y));
zzn2_mul_i(&(P->y),&(P->x),&t3);
zzn2_sqr_i(&(P->y),&(P->y));
zzn2_div2_i(&(P->y));
zzn2_sqr_i(&t2,&(P->x));
zzn2_copy_i(&t3,&t1);
zzn2_tim2_i(&t1);
zzn2_sub_i(&(P->x),&t1,&(P->x));
zzn2_sub_i(&t3,&(P->x),&t1);
zzn2_mul_i(&t1,&t2,&t1);
zzn2_sub_i(&t1,&(P->y),&(P->y));
}
P->marker=MR_EPOINT_GENERAL;
MR_OUT
return Doubling;
#endif
}
static int calc_n(int w)
{ /* number of precomputed values needed for given window size */
if (w==3) return 3;
if (w==4) return 5;
if (w==5) return 11;
if (w==6) return 41;
return 0;
}
/* Dahmen, Okeya and Schepers "Affine Precomputation with Sole Inversion in Elliptic Curve Cryptography" */
/* Precomputes table into T. Assumes first P has been copied to P[0], then calculates 3P, 5P, 7P etc. into T */
#define MR_DOS_2 (14+4*MR_STR_SZ_2P)
static void ecn2_dos(_MIPD_ int win,ecn2 *PT)
{
BOOL twist;
int i,j,sz;
zzn2 A,B,C,D,E,T,W,d[MR_STR_SZ_2P],e[MR_STR_SZ_2P];
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -