summary refs log tree commit diff
path: root/crypto/src/math/ec/ECPoint.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/math/ec/ECPoint.cs')
-rw-r--r--crypto/src/math/ec/ECPoint.cs66
1 files changed, 32 insertions, 34 deletions
diff --git a/crypto/src/math/ec/ECPoint.cs b/crypto/src/math/ec/ECPoint.cs
index f2b0cdc27..257e0fd5d 100644
--- a/crypto/src/math/ec/ECPoint.cs
+++ b/crypto/src/math/ec/ECPoint.cs
@@ -617,7 +617,7 @@ namespace Org.BouncyCastle.Math.EC
                     ECFieldElement A = u.Square().Multiply(w).Subtract(vCubed).Subtract(Two(vSquaredV2));
 
                     ECFieldElement X3 = v.Multiply(A);
-                    ECFieldElement Y3 = vSquaredV2.Subtract(A).Multiply(u).Subtract(vCubed.Multiply(u2));
+                    ECFieldElement Y3 = vSquaredV2.Subtract(A).MultiplyMinusProduct(u, u2, vCubed);
                     ECFieldElement Z3 = vCubed.Multiply(w);
 
                     return new FpPoint(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
@@ -714,7 +714,7 @@ namespace Org.BouncyCastle.Math.EC
                         ECFieldElement V = HSquared.Multiply(U1);
 
                         X3 = R.Square().Add(G).Subtract(Two(V));
-                        Y3 = V.Subtract(X3).Multiply(R).Subtract(S1.Multiply(G));
+                        Y3 = V.Subtract(X3).MultiplyMinusProduct(R, G, S1);
 
                         Z3 = H;
                         if (!Z1IsOne)
@@ -1038,7 +1038,6 @@ namespace Org.BouncyCastle.Math.EC
             return a.Add(b).Square().Subtract(aSquared).Subtract(bSquared);
         }
 
-        // D.3.2 pg 102 (see Note:)
         public override ECPoint Subtract(
             ECPoint b)
         {
@@ -1068,7 +1067,7 @@ namespace Org.BouncyCastle.Math.EC
         protected virtual ECFieldElement CalculateJacobianModifiedW(ECFieldElement Z, ECFieldElement ZSquared)
         {
             ECFieldElement a4 = this.Curve.A;
-            if (a4.IsZero)
+            if (a4.IsZero || Z.IsOne)
                 return a4;
 
             if (ZSquared == null)
@@ -1334,13 +1333,23 @@ namespace Org.BouncyCastle.Math.EC
                     ECFieldElement Y1 = this.RawYCoord, Z1 = this.RawZCoords[0];
                     ECFieldElement Y2 = b.RawYCoord, Z2 = b.RawZCoords[0];
 
+                    bool Z1IsOne = Z1.IsOne;
+                    ECFieldElement U1 = Y2, V1 = X2;
+                    if (!Z1IsOne)
+                    {
+                        U1 = U1.Multiply(Z1);
+                        V1 = V1.Multiply(Z1);
+                    }
+
                     bool Z2IsOne = Z2.IsOne;
+                    ECFieldElement U2 = Y1, V2 = X1;
+                    if (!Z2IsOne)
+                    {
+                        U2 = U2.Multiply(Z2);
+                        V2 = V2.Multiply(Z2);
+                    }
 
-                    ECFieldElement U1 = Z1.Multiply(Y2);
-                    ECFieldElement U2 = Z2IsOne ? Y1 : Y1.Multiply(Z2);
                     ECFieldElement U = U1.Add(U2);
-                    ECFieldElement V1 = Z1.Multiply(X2);
-                    ECFieldElement V2 = Z2IsOne ? X1 : X1.Multiply(Z2);
                     ECFieldElement V = V1.Add(V2);
 
                     if (V.IsZero)
@@ -1355,15 +1364,13 @@ namespace Org.BouncyCastle.Math.EC
 
                     ECFieldElement VSq = V.Square();
                     ECFieldElement VCu = VSq.Multiply(V);
-                    ECFieldElement W = Z2IsOne ? Z1 : Z1.Multiply(Z2);
+                    ECFieldElement W = Z1IsOne ? Z2 : Z2IsOne ? Z1 : Z1.Multiply(Z2);
                     ECFieldElement uv = U.Add(V);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement A = uv.Multiply(U).Add(VSq.Multiply(curve.A)).Multiply(W).Add(VCu);
+                    ECFieldElement A = uv.MultiplyPlusProduct(U, VSq, curve.A).Multiply(W).Add(VCu);
 
                     ECFieldElement X3 = V.Multiply(A);
                     ECFieldElement VSqZ2 = Z2IsOne ? VSq : VSq.Multiply(Z2);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement Y3 = U.Multiply(X1).Add(Y1.Multiply(V)).Multiply(VSqZ2).Add(A.Multiply(uv));
+                    ECFieldElement Y3 = U.MultiplyPlusProduct(X1, V, Y1).MultiplyPlusProduct(VSqZ2, uv, A);
                     ECFieldElement Z3 = VCu.Multiply(W);
 
                     return new F2mPoint(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
@@ -1450,8 +1457,7 @@ namespace Org.BouncyCastle.Math.EC
                             ABZ2 = ABZ2.Multiply(Z2);
                         }
 
-                        // TODO Delayed modular reduction for sum of products
-                        L3 = AU2.Add(B).Square().Add(ABZ2.Multiply(L1.Add(Z1)));
+                        L3 = AU2.Add(B).SquarePlusProduct(ABZ2, L1.Add(Z1));
 
                         Z3 = ABZ2;
                         if (!Z1IsOne)
@@ -1559,8 +1565,7 @@ namespace Org.BouncyCastle.Math.EC
                     ECFieldElement L1 = Y1.Divide(X1).Add(X1);
 
                     ECFieldElement X3 = L1.Square().Add(L1).Add(curve.A);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement Y3 = X1.Square().Add(X3.Multiply(L1.AddOne()));
+                    ECFieldElement Y3 = X1.SquarePlusProduct(X3, L1.AddOne());
 
                     return new F2mPoint(curve, X3, Y3, IsCompressed);
                 }
@@ -1577,12 +1582,10 @@ namespace Org.BouncyCastle.Math.EC
                     ECFieldElement V = X1Z1;
                     ECFieldElement vSquared = V.Square();
                     ECFieldElement sv = S.Add(V);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement h = sv.Multiply(S).Add(curve.A.Multiply(vSquared));
+                    ECFieldElement h = sv.MultiplyPlusProduct(S, vSquared, curve.A);
 
                     ECFieldElement X3 = V.Multiply(h);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement Y3 = h.Multiply(sv).Add(X1Sq.Square().Multiply(V));
+                    ECFieldElement Y3 = X1Sq.Square().MultiplyPlusProduct(V, h, sv);
                     ECFieldElement Z3 = V.Multiply(vSquared);
 
                     return new F2mPoint(curve, X3, Y3, new ECFieldElement[] { Z3 }, IsCompressed);
@@ -1610,19 +1613,17 @@ namespace Org.BouncyCastle.Math.EC
                     if (b.BitLength < (curve.FieldSize >> 1))
                     {
                         ECFieldElement t1 = L1.Add(X1).Square();
-                        ECFieldElement t4;
+                        ECFieldElement t2;
                         if (b.IsOne)
                         {
-                            t4 = aZ1Sq.Add(Z1Sq).Square();
+                            t2 = aZ1Sq.Add(Z1Sq).Square();
                         }
                         else
                         {
-                            // TODO t2/t3 can be calculated with one square if we pre-compute sqrt(b)
-                            ECFieldElement t2 = aZ1Sq.Square();
-                            ECFieldElement t3 = b.Multiply(Z1Sq.Square());
-                            t4 = t2.Add(t3);
+                            // TODO Can be calculated with one square if we pre-compute sqrt(b)
+                            t2 = aZ1Sq.SquarePlusProduct(b, Z1Sq.Square());
                         }
-                        L3 = t1.Add(T).Add(Z1Sq).Multiply(t1).Add(t4).Add(X3);
+                        L3 = t1.Add(T).Add(Z1Sq).Multiply(t1).Add(t2).Add(X3);
                         if (a.IsZero)
                         {
                             L3 = L3.Add(Z3);
@@ -1635,8 +1636,7 @@ namespace Org.BouncyCastle.Math.EC
                     else
                     {
                         ECFieldElement X1Z1 = Z1IsOne ? X1 : X1.Multiply(Z1);
-                        // TODO Delayed modular reduction for sum of products
-                        L3 = X1Z1.Square().Add(T.Multiply(L1Z1)).Add(X3).Add(Z3);
+                        L3 = X1Z1.SquarePlusProduct(T, L1Z1).Add(X3).Add(Z3);
                     }
 
                     return new F2mPoint(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
@@ -1687,8 +1687,7 @@ namespace Org.BouncyCastle.Math.EC
 
                     ECFieldElement T = curve.A.Multiply(Z1Sq).Add(L1Sq).Add(L1Z1);
                     ECFieldElement L2plus1 = L2.AddOne();
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).Multiply(T).Add(X1Sq.Multiply(Z1Sq));
+                    ECFieldElement A = curve.A.Add(L2plus1).Multiply(Z1Sq).Add(L1Sq).MultiplyPlusProduct(T, X1Sq, Z1Sq);
                     ECFieldElement X2Z1Sq = X2.Multiply(Z1Sq);
                     ECFieldElement B = X2Z1Sq.Add(T).Square();
 
@@ -1709,8 +1708,7 @@ namespace Org.BouncyCastle.Math.EC
 
                     ECFieldElement X3 = A.Square().Multiply(X2Z1Sq);
                     ECFieldElement Z3 = A.Multiply(B).Multiply(Z1Sq);
-                    // TODO Delayed modular reduction for sum of products
-                    ECFieldElement L3 = A.Add(B).Square().Multiply(T).Add(L2plus1.Multiply(Z3));
+                    ECFieldElement L3 = A.Add(B).Square().MultiplyPlusProduct(T, L2plus1, Z3);
 
                     return new F2mPoint(curve, X3, L3, new ECFieldElement[] { Z3 }, IsCompressed);
                 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 04:25:28 +0000