summary refs log tree commit diff
path: root/crypto/src/math/ec
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2017-06-16 09:53:56 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2017-06-16 09:53:56 +0700
commit76e3e8a975c97f959abd6b45e9b9b94c0087f93e (patch)
treeef45e916d12005ed0822c19685457b79f291fff7 /crypto/src/math/ec
parentImprove TLS exception handling (diff)
downloadBouncyCastle.NET-ed25519-76e3e8a975c97f959abd6b45e9b9b94c0087f93e.tar.xz
Use slightly improved addition chain for sm2p256v1 field sqrt
Diffstat (limited to 'crypto/src/math/ec')
-rw-r--r--crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs42


1 files changed, 20 insertions, 22 deletions
diff --git a/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs b/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs

index 669c73bd2..4f6428f9e 100644
--- a/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs
+++ b/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs
@@ -143,13 +143,13 @@ namespace Org.BouncyCastle.Math.EC.Custom.GM
             uint[] x2 = Nat256.Create();
             SM2P256V1Field.Square(x1, x2);
             SM2P256V1Field.Multiply(x2, x1, x2);
-            uint[] x3 = x2;
-            SM2P256V1Field.Square(x2, x3);
-            SM2P256V1Field.Multiply(x3, x1, x3);
+            uint[] x4 = Nat256.Create();
+            SM2P256V1Field.SquareN(x2, 2, x4);
+            SM2P256V1Field.Multiply(x4, x2, x4);
             uint[] x6 = Nat256.Create();
-            SM2P256V1Field.SquareN(x3, 3, x6);
-            SM2P256V1Field.Multiply(x6, x3, x6);
-            uint[] x12 = x3;
+            SM2P256V1Field.SquareN(x4, 2, x6);
+            SM2P256V1Field.Multiply(x6, x2, x6);
+            uint[] x12 = x2;
             SM2P256V1Field.SquareN(x6, 6, x12);
             SM2P256V1Field.Multiply(x12, x6, x12);
             uint[] x24 = Nat256.Create();
@@ -162,25 +162,23 @@ namespace Org.BouncyCastle.Math.EC.Custom.GM
             SM2P256V1Field.Square(x30, x31);
             SM2P256V1Field.Multiply(x31, x1, x31);
 
-            uint[] t1 = x31;
-            SM2P256V1Field.Square(x31, t1);
+            uint[] t1 = x24;
+            SM2P256V1Field.SquareN(x31, 31, t1);
 
-            uint[] x32 = x12;
-            SM2P256V1Field.Multiply(t1, x1, x32);
+            uint[] x62 = x30;
+            SM2P256V1Field.Multiply(t1, x31, x62);
 
             SM2P256V1Field.SquareN(t1, 32, t1);
-            SM2P256V1Field.Multiply(t1, x32, t1);
-
-            uint[] t2 = x24;
-            SM2P256V1Field.SquareN(t1, 32, t2);
-            SM2P256V1Field.Multiply(t2, x1, t2);
-            SM2P256V1Field.SquareN(t2, 32, t2);
-            SM2P256V1Field.Multiply(t2, t1, t2);
-            SM2P256V1Field.SquareN(t2, 32, t2);
-            SM2P256V1Field.Multiply(t2, x32, t2);
-            SM2P256V1Field.SquareN(t2, 32, t2);
-            SM2P256V1Field.Multiply(t2, x1, t2);
-            SM2P256V1Field.SquareN(t2, 62, t1);
+            SM2P256V1Field.Multiply(t1, x62, t1);
+            SM2P256V1Field.SquareN(t1, 62, t1);
+            SM2P256V1Field.Multiply(t1, x62, t1);
+            SM2P256V1Field.SquareN(t1, 4, t1);
+            SM2P256V1Field.Multiply(t1, x4, t1);
+            SM2P256V1Field.SquareN(t1, 32, t1);
+            SM2P256V1Field.Multiply(t1, x1, t1);
+            SM2P256V1Field.SquareN(t1, 62, t1);
+
+            uint[] t2 = x4;
             SM2P256V1Field.Square(t1, t2);
 
             return Nat256.Eq(x1, t2) ? new SM2P256V1FieldElement(t1) : null;

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-15 05:42:26 +0000