using System; using Org.BouncyCastle.Math.EC.Abc; namespace Org.BouncyCastle.Math.EC.Multiplier { /** * Class implementing the WTNAF (Window * τ-adic Non-Adjacent Form) algorithm. */ public class WTauNafMultiplier : AbstractECMultiplier { // TODO Create WTauNafUtilities class and move various functionality into it internal static readonly string PRECOMP_NAME = "bc_wtnaf"; /** * Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} * by k using the reduced τ-adic NAF (RTNAF) * method. * @param p The AbstractF2mPoint to multiply. * @param k The integer by which to multiply k. * @return p multiplied by k. */ protected override ECPoint MultiplyPositive(ECPoint point, BigInteger k) { if (!(point is AbstractF2mPoint p)) throw new ArgumentException("Only AbstractF2mPoint can be used in WTauNafMultiplier"); AbstractF2mCurve curve = (AbstractF2mCurve)p.Curve; sbyte a = (sbyte)curve.A.ToBigInteger().IntValue; sbyte mu = Tnaf.GetMu(a); ZTauElement rho = Tnaf.PartModReduction(curve, k, a, mu, (sbyte)10); return MultiplyWTnaf(p, rho, a, mu); } /** * Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} * by an element λ of Z[τ] using * the τ-adic NAF (TNAF) method. * @param p The AbstractF2mPoint to multiply. * @param lambda The element λ of * Z[τ] of which to compute the * [τ]-adic NAF. * @return p multiplied by λ. */ private AbstractF2mPoint MultiplyWTnaf(AbstractF2mPoint p, ZTauElement lambda, sbyte a, sbyte mu) { ZTauElement[] alpha = (a == 0) ? Tnaf.Alpha0 : Tnaf.Alpha1; BigInteger tw = Tnaf.GetTw(mu, Tnaf.Width); sbyte[] u = Tnaf.TauAdicWNaf(mu, lambda, Tnaf.Width, tw.IntValue, alpha); return MultiplyFromWTnaf(p, u); } /** * Multiplies a {@link org.bouncycastle.math.ec.AbstractF2mPoint AbstractF2mPoint} * by an element λ of Z[τ] * using the window τ-adic NAF (TNAF) method, given the * WTNAF of λ. * @param p The AbstractF2mPoint to multiply. * @param u The the WTNAF of λ.. * @return λ * p */ private static AbstractF2mPoint MultiplyFromWTnaf(AbstractF2mPoint p, sbyte[] u) { AbstractF2mCurve curve = (AbstractF2mCurve)p.Curve; sbyte a = (sbyte)curve.A.ToBigInteger().IntValue; WTauNafCallback callback = new WTauNafCallback(p, a); WTauNafPreCompInfo preCompInfo = (WTauNafPreCompInfo)curve.Precompute(p, PRECOMP_NAME, callback); AbstractF2mPoint[] pu = preCompInfo.PreComp; // TODO Include negations in precomp (optionally) and use from here AbstractF2mPoint[] puNeg = new AbstractF2mPoint[pu.Length]; for (int i = 0; i < pu.Length; ++i) { puNeg[i] = (AbstractF2mPoint)pu[i].Negate(); } // q = infinity AbstractF2mPoint q = (AbstractF2mPoint) p.Curve.Infinity; int tauCount = 0; for (int i = u.Length - 1; i >= 0; i--) { ++tauCount; int ui = u[i]; if (ui != 0) { q = q.TauPow(tauCount); tauCount = 0; ECPoint x = ui > 0 ? pu[ui >> 1] : puNeg[(-ui) >> 1]; q = (AbstractF2mPoint)q.Add(x); } } if (tauCount > 0) { q = q.TauPow(tauCount); } return q; } private class WTauNafCallback : IPreCompCallback { private readonly AbstractF2mPoint m_p; private readonly sbyte m_a; internal WTauNafCallback(AbstractF2mPoint p, sbyte a) { this.m_p = p; this.m_a = a; } public PreCompInfo Precompute(PreCompInfo existing) { if (existing is WTauNafPreCompInfo) return existing; WTauNafPreCompInfo result = new WTauNafPreCompInfo(); result.PreComp = Tnaf.GetPreComp(m_p, m_a); return result; } } } }