1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
package org.bouncycastle.math.ec;
import java.math.BigInteger;
/**
* Class implementing the WTNAF (Window
* <code>τ</code>-adic Non-Adjacent Form) algorithm.
*/
public class WTauNafMultiplier extends AbstractECMultiplier
{
// TODO Create WTauNafUtil class and move various functionality into it
static final String PRECOMP_NAME = "bc_wtnaf";
/**
* Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
* by <code>k</code> using the reduced <code>τ</code>-adic NAF (RTNAF)
* method.
* @param p The ECPoint.F2m to multiply.
* @param k The integer by which to multiply <code>k</code>.
* @return <code>p</code> multiplied by <code>k</code>.
*/
protected ECPoint multiplyPositive(ECPoint point, BigInteger k)
{
if (!(point instanceof ECPoint.F2m))
{
throw new IllegalArgumentException("Only ECPoint.F2m can be " +
"used in WTauNafMultiplier");
}
ECPoint.F2m p = (ECPoint.F2m)point;
ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
int m = curve.getM();
byte a = curve.getA().toBigInteger().byteValue();
byte mu = curve.getMu();
BigInteger[] s = curve.getSi();
ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10);
return multiplyWTnaf(p, rho, curve.getPreCompInfo(p, PRECOMP_NAME), a, mu);
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code> using
* the <code>τ</code>-adic NAF (TNAF) method.
* @param p The ECPoint.F2m to multiply.
* @param lambda The element <code>λ</code> of
* <code><b>Z</b>[τ]</code> of which to compute the
* <code>[τ]</code>-adic NAF.
* @return <code>p</code> multiplied by <code>λ</code>.
*/
private ECPoint.F2m multiplyWTnaf(ECPoint.F2m p, ZTauElement lambda,
PreCompInfo preCompInfo, byte a, byte mu)
{
ZTauElement[] alpha = (a == 0) ? Tnaf.alpha0 : Tnaf.alpha1;
BigInteger tw = Tnaf.getTw(mu, Tnaf.WIDTH);
byte[]u = Tnaf.tauAdicWNaf(mu, lambda, Tnaf.WIDTH,
BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
return multiplyFromWTnaf(p, u, preCompInfo);
}
/**
* Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
* by an element <code>λ</code> of <code><b>Z</b>[τ]</code>
* using the window <code>τ</code>-adic NAF (TNAF) method, given the
* WTNAF of <code>λ</code>.
* @param p The ECPoint.F2m to multiply.
* @param u The the WTNAF of <code>λ</code>..
* @return <code>λ * p</code>
*/
private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u, PreCompInfo preCompInfo)
{
ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
byte a = curve.getA().toBigInteger().byteValue();
ECPoint.F2m[] pu;
if ((preCompInfo == null) || !(preCompInfo instanceof WTauNafPreCompInfo))
{
pu = Tnaf.getPreComp(p, a);
WTauNafPreCompInfo pre = new WTauNafPreCompInfo();
pre.setPreComp(pu);
curve.setPreCompInfo(p, PRECOMP_NAME, pre);
}
else
{
pu = ((WTauNafPreCompInfo)preCompInfo).getPreComp();
}
// q = infinity
ECPoint.F2m q = (ECPoint.F2m) p.getCurve().getInfinity();
for (int i = u.length - 1; i >= 0; i--)
{
q = Tnaf.tau(q);
byte ui = u[i];
if (ui != 0)
{
if (ui > 0)
{
q = q.addSimple(pu[ui]);
}
else
{
q = q.subtractSimple(pu[-ui]);
}
}
}
return q;
}
}
|
