2using System.Security.Cryptography;
47 protected abstract BigInteger
A
85 throw new NotSupportedException(
"Scalar multiplication is performed using a Montgomery ladder.");
128 public static BigInteger
XFunction(
byte[] N, BigInteger U,
129 BigInteger A24, BigInteger
p,
int Bits)
132 BigInteger x2 = BigInteger.One;
133 BigInteger z2 = BigInteger.Zero;
135 BigInteger z3 = BigInteger.One;
136 BigInteger
A, AA, B, BB, E, C, D, DA, CB;
140 kt = (Bits + 7) >> 3;
142 Array.Resize(ref N, kt);
146 kt = (N[Bits >> 3] >> (Bits & 7)) & 1;
148 ConditionalSwap(swap, ref x2, ref x3);
149 ConditionalSwap(swap, ref z2, ref z3);
152 A = BigInteger.Remainder(x2 + z2,
p);
153 AA = BigInteger.Remainder(
A *
A,
p);
154 B = BigInteger.Remainder(x2 - z2,
p);
155 BB = BigInteger.Remainder(B * B,
p);
156 E = BigInteger.Remainder(AA - BB,
p);
157 C = BigInteger.Remainder(x3 + z3,
p);
158 D = BigInteger.Remainder(x3 - z3,
p);
159 DA = BigInteger.Remainder(D *
A,
p);
160 CB = BigInteger.Remainder(C * B,
p);
163 x3 = BigInteger.Remainder(x3 * x3,
p);
165 z3 = BigInteger.Remainder(x1 * BigInteger.Remainder(z3 * z3,
p),
p);
166 x2 = BigInteger.Remainder(AA * BB,
p);
167 z2 = BigInteger.Remainder(E * (AA + BigInteger.Remainder(A24 * E,
p)),
p);
170 ConditionalSwap(swap, ref x2, ref x3);
171 ConditionalSwap(swap, ref z2, ref z3);
173 BigInteger Result = BigInteger.Remainder(x2 * BigInteger.ModPow(z2,
p -
Two,
p),
p);
189 private static void ConditionalSwap(
int swap, ref BigInteger I2, ref BigInteger I3)
191 byte[] x2 = I2.ToByteArray();
192 byte[] x3 = I3.ToByteArray();
193 int i, c = x2.Length, d = x3.Length;
200 Sign = (x2[c - 1] & 0x80) != 0;
201 Array.Resize(ref x2, d);
213 Sign = (x3[d - 1] & 0x80) != 0;
214 Array.Resize(ref x3, c);
225 Mask = (byte)(0xff * swap);
227 for (i = 0; i < c; i++)
229 Dummy = (byte)(Mask & (x2[i] ^ x3[i]));
234 I2 =
new BigInteger(x2);
235 I3 =
new BigInteger(x3);
245 if (this.pair is
null)
269 PublicKey.Y = this.
CalcV(PublicKey.
X);
282 public BigInteger
CalcV(BigInteger U)
286 BigInteger V2 = BigInteger.Remainder(U3 + this.
modP.
Multiply(
this.A, U2) + U,
this.Prime);
292 BigInteger V = this.Prime - V1;
306 byte[] Bin = Point.
X.ToByteArray();
310 Array.Resize(ref Bin, c);
322 BigInteger U =
ToInt(Point);
334 base.SetPrivateKey(Secret);
Base class of different types of Edwards curves over a prime field.
BigInteger Order
Order of curve.
readonly int orderBytes
Number of bytes used for the order of the curve.
int Cofactor
Cofactor of curve.
abstract byte[] Sign(byte[] Data)
Creates a signature of Data using the ECDSA algorithm.
static BigInteger ToInt(byte[] Binary)
Converts a little-endian binary representation of a big integer to a BigInteger.
virtual byte[] PublicKey
Encoded public key
static readonly BigInteger Two
2
PointOnCurve BasePoint
Base-point of curve.
BigInteger Sqrt(BigInteger N)
Computes sqrt(N) mod p.
BigInteger Multiply(BigInteger a, BigInteger b)
Multiplies two numbers, modulus p
Base class of Montgomery curves (y²=x³+Ax²+x), with biratinal Edwards equivalent over a prime field.
static BigInteger XFunction(byte[] N, BigInteger U, BigInteger A24, BigInteger p, int Bits)
Performs the scalar multiplication of N *U .
override void SetPrivateKey(byte[] Secret)
Sets the private key (and therefore also the public key) of the curve.
abstract PointOnCurve ToUV(PointOnCurve XY)
Converts a pair of (X,Y) coordinates for the birational Edwards curve to a pair of (U,...
MontgomeryCurve(BigInteger Prime, PointOnCurve BasePoint, BigInteger Order, int Cofactor, byte[] Secret)
Base class of Montgomery curves, with biratinal Edwards equivalent over a prime field.
override PointOnCurve ScalarMultiplication(byte[] N, PointOnCurve P, bool Normalize)
Performs the scalar multiplication of N *P .
override void Double(ref PointOnCurve P)
Doubles a point on the curve.
override void AddTo(ref PointOnCurve P, PointOnCurve Q)
Adds Q to P .
MontgomeryCurve(BigInteger Prime, PointOnCurve BasePoint, BigInteger Order, int Cofactor)
Base class of Montgomery curves (y²=x³+Ax²+x), with biratinal Edwards equivalent over a prime field.
BigInteger ScalarMultiplication(BigInteger N, BigInteger U)
Performs the scalar multiplication of N *U .
abstract EdwardsCurveBase CreatePair()
Creates the Edwards Curve pair.
abstract BigInteger A
a Coefficient in the definition of the curve E: v²=u³+A*u²+u
override byte[] Encode(PointOnCurve Point)
Encodes a point on the curve.
abstract PointOnCurve ToXY(PointOnCurve UV)
Converts a pair of (U,V) coordinates to a pair of (X,Y) coordinates in the birational Edwards curve.
BigInteger CalcV(BigInteger U)
Calculates the V-coordinate, given the corresponding U-coordinate.
abstract BigInteger ScalarMultiplication(byte[] N, BigInteger U)
Performs the scalar multiplication of N *U .
override PointOnCurve PublicKeyPoint
Public key.
EdwardsCurveBase Pair
Edwards Curve pair.
override PointOnCurve Decode(byte[] Point)
Decodes an encoded point on the curve.
Base class of Elliptic curves over a prime field.
readonly ModulusP modP
Arithmetic modulus p
BigInteger Prime
Prime of curve.
readonly BigInteger p
Prime p
Represents a point on a curve.
1.9.5