Track carries for a, b to avoid unnecessary add/sub of prime modulus

author: Peter Dettman <peter.dettman@bouncycastle.org> 2014-01-24 15:07:59 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2014-01-24 15:07:59 +0700
commit: 4c690460459e4aef32982893bb6394c6d9ecd5f0 (patch)
tree: 42b5f4eb5f85a022af9240c4f2ed620da45febd4 /crypto/src
parent: Fix return type in SubFromExt (diff)
download: BouncyCastle.NET-ed25519-4c690460459e4aef32982893bb6394c6d9ecd5f0.tar.xz
1 files changed, 42 insertions, 17 deletions
diff --git a/crypto/src/math/ec/Mod.cs b/crypto/src/math/ec/Mod.cs
index 465aa5e41..bfb2faea4 100644
--- a/crypto/src/math/ec/Mod.cs
+++ b/crypto/src/math/ec/Mod.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics;
 
 using Org.BouncyCastle.Utilities;
 
@@ -9,6 +10,8 @@ namespace Org.BouncyCastle.Math.EC
         public static void Invert(uint[] p, uint[] x, uint[] z)
         {
             int len = p.Length;
+            if (Nat.IsZero(len, x))
+                throw new ArgumentException("cannot be 0", "x");
             if (Nat.IsOne(len, x))
             {
                 Array.Copy(x, 0, z, 0, len);
@@ -18,19 +21,21 @@ namespace Org.BouncyCastle.Math.EC
             uint[] u = Nat.Copy(len, x);
             uint[] a = Nat.Create(len);
             a[0] = 1;
+            int ac = 0;
 
             if ((u[0] & 1) == 0)
             {
-                InversionStep(p, u, len, a);
+                InversionStep(p, u, len, a, ref ac);
             }
             if (Nat.IsOne(len, u))
             {
-                Array.Copy(a, 0, z, 0, len);
+                InversionResult(p, ac, a, z);
                 return;
             }
 
             uint[] v = Nat.Copy(len, p);
             uint[] b = Nat.Create(len);
+            int bc = 0;
 
             int uvLen = len;
 
@@ -43,29 +48,25 @@ namespace Org.BouncyCastle.Math.EC
 
                 if (Nat.Gte(len, u, v))
                 {
-                    Subtract(p, a, b, a);
                     Nat.Sub(len, u, v, u);
-                    if ((u[0] & 1) == 0)
-                    {
-                        InversionStep(p, u, uvLen, a);
-                    }
+                    Debug.Assert((u[0] & 1) == 0);
+                    ac += Nat.Sub(len, a, b, a) - bc;
+                    InversionStep(p, u, uvLen, a, ref ac);
                     if (Nat.IsOne(len, u))
                     {
-                        Array.Copy(a, 0, z, 0, len);
+                        InversionResult(p, ac, a, z);
                         return;
                     }
                 }
                 else
                 {
-                    Subtract(p, b, a, b);
                     Nat.Sub(len, v, u, v);
-                    if ((v[0] & 1) == 0)
-                    {
-                        InversionStep(p, v, uvLen, b);
-                    }
+                    Debug.Assert((v[0] & 1) == 0);
+                    bc += Nat.Sub(len, b, a, b) - ac;
+                    InversionStep(p, v, uvLen, b, ref bc);
                     if (Nat.IsOne(len, v))
                     {
-                        Array.Copy(b, 0, z, 0, len);
+                        InversionResult(p, bc, b, z);
                         return;
                     }
                 }
@@ -82,7 +83,19 @@ namespace Org.BouncyCastle.Math.EC
             }
         }
 
-        private static void InversionStep(uint[] p, uint[] u, int uLen, uint[] x)
+        private static void InversionResult(uint[] p, int ac, uint[] a, uint[] z)
+        {
+            if (ac < 0)
+            {
+                Nat.Add(p.Length, a, p, z);
+            }
+            else
+            {
+                Array.Copy(a, 0, z, 0, p.Length);
+            }
+        }
+
+        private static void InversionStep(uint[] p, uint[] u, int uLen, uint[] x, ref int xc)
         {
             int len = p.Length;
             int count = 0;
@@ -103,8 +116,20 @@ namespace Org.BouncyCastle.Math.EC
 
             for (int i = 0; i < count; ++i)
             {
-                uint c = (x[0] & 1) == 0 ? 0 : Nat.Add(len, x, p, x);
-                Nat.ShiftDownBit(x, len, c);
+                if ((x[0] & 1) != 0)
+                {
+                    if (xc < 0)
+                    {
+                        xc += (int)Nat.Add(len, x, p, x);
+                    }
+                    else
+                    {
+                        xc += Nat.Sub(len, x, p, x);
+                    }
+                }
+
+                Debug.Assert(xc == 0 || xc == -1);
+                Nat.ShiftDownBit(x, len, (uint)xc);
             }
         }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2014-01-24 15:07:59 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2014-01-24 15:07:59 +0700
commit	4c690460459e4aef32982893bb6394c6d9ecd5f0 (patch)
tree	42b5f4eb5f85a022af9240c4f2ed620da45febd4 /crypto/src
parent	Fix return type in SubFromExt (diff)
download	BouncyCastle.NET-ed25519-4c690460459e4aef32982893bb6394c6d9ecd5f0.tar.xz