Exemplo n.º 1
0
def tau_dual(P):
    (X1, Y1, Z1) = P
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.add(A, B)
    Ta2 = GFp2.sub(B, A)
    D = GFp2.sub(GFp2.mul(GFp2.two, GFp2.sqr(Z1)), Ta2)
    Tb2 = GFp2.mul(GFp2.mul(ctaudual, X1), Y1)
    X2 = GFp2.mul(Tb2, C)
    Y2 = GFp2.mul(Ta2, D)
    Z2 = GFp2.mul(C, D)
    return (X2, Y2, Z2, Ta2, Tb2)
Exemplo n.º 2
0
def tau_dual(P):
    (X1, Y1, Z1) = P
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.add(A, B)
    Ta2 = GFp2.sub(B, A)
    D = GFp2.sub(GFp2.mul(GFp2.two, GFp2.sqr(Z1)), Ta2)
    Tb2 = GFp2.mul(GFp2.mul(ctaudual, X1), Y1)
    X2 = GFp2.mul(Tb2, C)
    Y2 = GFp2.mul(Ta2, D)
    Z2 = GFp2.mul(C, D)
    return (X2, Y2, Z2, Ta2, Tb2)
Exemplo n.º 3
0
def DBL(P):
    (X1, Y1, Z1) = P[:3]
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.mul(GFp2.two, GFp2.sqr(Z1))
    D = GFp2.add(A, B)
    E = GFp2.sub(GFp2.sqr(GFp2.add(X1, Y1)), D)
    F = GFp2.sub(B, A)
    G = GFp2.sub(C, F)
    X3 = GFp2.mul(E, G)
    Y3 = GFp2.mul(D, F)
    Z3 = GFp2.mul(F, G)
    Ta3 = E
    Tb3 = D
    return (X3, Y3, Z3, Ta3, Tb3)
Exemplo n.º 4
0
def DBL(P):
    (X1, Y1, Z1) = P[:3]
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.mul(GFp2.two, GFp2.sqr(Z1))
    D = GFp2.add(A, B)
    E = GFp2.sub(GFp2.sqr(GFp2.add(X1, Y1)), D)
    F = GFp2.sub(B, A)
    G = GFp2.sub(C, F)
    X3 = GFp2.mul(E, G)
    Y3 = GFp2.mul(D, F)
    Z3 = GFp2. mul(F, G)
    Ta3 = E
    Tb3 = D
    return (X3, Y3, Z3, Ta3, Tb3)
Exemplo n.º 5
0
def PointOnCurve(P):
    (X, Y) = P
    X2 = GFp2.sqr(X)
    Y2 = GFp2.sqr(Y)
    LHS = GFp2.sub(Y2, X2)
    RHS = GFp2.add(GFp2.one, GFp2.mul(GFp2.mul(d, X2), Y2))
    return LHS == RHS
Exemplo n.º 6
0
def PointOnCurve(P):
    (X, Y) = P
    X2 = GFp2.sqr(X)
    Y2 = GFp2.sqr(Y)
    LHS = GFp2.sub(Y2, X2)
    RHS = GFp2.add(GFp2.one, GFp2.mul(GFp2.mul(d, X2), Y2))
    return LHS == RHS
Exemplo n.º 7
0
def R2toR4(P):
    (N, D, E, F) = P
    return (
        GFp2.sub(N, D),
        GFp2.add(D, N),
        E
    )
Exemplo n.º 8
0
def ADD_core(P, Q):
    (N1, D1, E1, F1) = P
    (N2, D2, Z2, T2) = Q
    A = GFp2.mul(D1, D2)
    B = GFp2.mul(N1, N2)
    C = GFp2.mul(T2, F1)
    D = GFp2.mul(Z2, E1)
    E = GFp2.sub(B, A)
    F = GFp2.sub(D, C)
    G = GFp2.add(D, C)
    H = GFp2.add(B, A)
    X3 = GFp2.mul(E, F)
    Y3 = GFp2.mul(G, H)
    Z3 = GFp2.mul(F, G)
    Ta3 = E
    Tb3 = H
    return (X3, Y3, Z3, Ta3, Tb3)
Exemplo n.º 9
0
def R1toR3(P):
    (X, Y, Z, Ta, Tb) = P
    return(
        GFp2.add(X, Y),
        GFp2.sub(Y, X),
        Z,
        GFp2.mul(Ta, Tb)
    )
Exemplo n.º 10
0
def ADD_core(P, Q):
    (N1, D1, E1, F1) = P
    (N2, D2, Z2, T2) = Q
    A = GFp2.mul(D1, D2)
    B = GFp2.mul(N1, N2)
    C = GFp2.mul(T2, F1)
    D = GFp2.mul(Z2, E1)
    E = GFp2.sub(B, A)
    F = GFp2.sub(D, C)
    G = GFp2.add(D, C)
    H = GFp2.add(B, A)
    X3 = GFp2.mul(E, F)
    Y3 = GFp2.mul(G, H)
    Z3 = GFp2.mul(F, G)
    Ta3 = E
    Tb3 = H
    return (X3, Y3, Z3, Ta3, Tb3)
Exemplo n.º 11
0
def R1toR2(P):
    (X, Y, Z, Ta, Tb) = P
    return (
        GFp2.add(X, Y),
        GFp2.sub(Y, X),
        GFp2.add(Z, Z),
        GFp2.mul(GFp2.mul(GFp2.two, d), GFp2.mul(Ta, Tb))
    )
Exemplo n.º 12
0
def tau(P):
    (X1, Y1, Z1) = P
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.add(A, B)
    D = GFp2.sub(A, B)
    X2 = GFp2.mul(GFp2.mul(GFp2.mul(ctau, X1), Y1), D)
    Y2 = GFp2.neg(GFp2.mul(GFp2.add(GFp2.mul(GFp2.two, GFp2.sqr(Z1)), D), C))
    Z2 = GFp2.mul(C, D)
    return (X2, Y2, Z2)
Exemplo n.º 13
0
def tau(P):
    (X1, Y1, Z1) = P
    A = GFp2.sqr(X1)
    B = GFp2.sqr(Y1)
    C = GFp2.add(A, B)
    D = GFp2.sub(A, B)
    X2 = GFp2.mul(GFp2.mul(GFp2.mul(ctau, X1), Y1), D)
    Y2 = GFp2.neg(GFp2.mul(GFp2.add(GFp2.mul(GFp2.two, GFp2.sqr(Z1)), D), C))
    Z2 = GFp2.mul(C, D)
    return (X2, Y2, Z2)
Exemplo n.º 14
0
def upsilon(P):
    (X1, Y1, Z1) = P
    A = GFp2.mul(GFp2.mul(cphi0, X1), Y1)
    B = GFp2.mul(Y1, Z1)
    C = GFp2.sqr(Y1)
    D = GFp2.sqr(Z1)
    F = GFp2.sqr(D)
    G = GFp2.sqr(B)
    H = GFp2.sqr(C)
    I = GFp2.mul(cphi1, B)
    J = GFp2.add(C, GFp2.mul(cphi2, D))
    K = GFp2.add(GFp2.add(GFp2.mul(cphi8, G), H), GFp2.mul(cphi9, F))
    X2 = GFp2.mul(GFp2.add(I, J), GFp2.sub(I, J))
    X2 = GFp2.conj(GFp2.mul(GFp2.mul(A, K), X2))
    L = GFp2.add(C, GFp2.mul(cphi4, D))
    M = GFp2.mul(cphi3, B)
    N = GFp2.mul(GFp2.add(L, M), GFp2.sub(L, M))
    Y2 = GFp2.add(GFp2.add(H, GFp2.mul(cphi6, G)), GFp2.mul(cphi7, F))
    Y2 = GFp2.conj(GFp2.mul(GFp2.mul(GFp2.mul(cphi5, D), N), Y2))
    Z2 = GFp2.conj(GFp2.mul(GFp2.mul(B, K), N))
    return (X2, Y2, Z2)
Exemplo n.º 15
0
def upsilon(P):
    (X1, Y1, Z1) = P
    A = GFp2.mul(GFp2.mul(cphi0, X1), Y1)
    B = GFp2.mul(Y1, Z1)
    C = GFp2.sqr(Y1)
    D = GFp2.sqr(Z1)
    F = GFp2.sqr(D)
    G = GFp2.sqr(B)
    H = GFp2.sqr(C)
    I = GFp2.mul(cphi1, B)
    J = GFp2.add(C, GFp2.mul(cphi2, D))
    K = GFp2.add(GFp2.add(GFp2.mul(cphi8, G), H), GFp2.mul(cphi9, F))
    X2 = GFp2.mul(GFp2.add(I, J), GFp2.sub(I, J))
    X2 = GFp2.conj(GFp2.mul(GFp2.mul(A, K), X2))
    L = GFp2.add(C, GFp2.mul(cphi4, D))
    M = GFp2.mul(cphi3, B)
    N = GFp2.mul(GFp2.add(L, M), GFp2.sub(L, M))
    Y2 = GFp2.add(GFp2.add(H, GFp2.mul(cphi6, G)), GFp2.mul(cphi7, F))
    Y2 = GFp2.conj(GFp2.mul(GFp2.mul(GFp2.mul(cphi5, D), N), Y2))
    Z2 = GFp2.conj(GFp2.mul(GFp2.mul(B, K), N))
    return (X2, Y2, Z2)
Exemplo n.º 16
0
def decode(B):
    if len(B) != 32:
        raise Exception("Malformed point: length {} != 32".format(len(B)))
    if B[15] & 0x80 != 0x00:
        raise Exception("Malformed point: reserved bit is not zero")

    s = B[31] >> 7
    B[31] &= 0x7F

    y0 = GFp.fromLittleEndian(B[:16])
    y1 = GFp.fromLittleEndian(B[16:])

    if y0 >= p1271 or y1 >= p1271:
        raise Exception("Malformed point: reserved bit is not zero")

    y = (y0, y1)
    y2 = GFp2.sqr(y)
    (u0, u1) = GFp2.sub(y2, GFp2.one)
    (v0, v1) = GFp2.add(GFp2.mul(d, y2), GFp2.one)

    t0 = GFp.add(GFp.mul(u0, v0), GFp.mul(u1, v1))
    t1 = GFp.sub(GFp.mul(u1, v0), GFp.mul(u0, v1))
    t2 = GFp.add(GFp.sqr(v0), GFp.sqr(v1))
    t3 = GFp.add(GFp.sqr(t0), GFp.sqr(t1))
    t3 = GFp.mul(GFp.invsqrt(t3), t3)

    t = GFp.mul(2, GFp.add(t0, t3))
    if t == 0:
        t = GFp.mul(GFp.two, GFp.sub(t0, t3))

    a = GFp.invsqrt(GFp.mul(t, GFp.mul(t2, GFp.sqr(t2))))
    b = GFp.mul(GFp.mul(a, t2), t)

    x0 = GFp.mul(b, GFp.half)
    x1 = GFp.mul(GFp.mul(a, t2), t1)
    if t != GFp.mul(t2, GFp.sqr(b)):
        x0, x1 = x1, x0

    x = (x0, x1)
    if sign(x) != s:
        x = GFp2.neg(x)

    if not PointOnCurve((x, y)):
        x = GFp2.conj(x)
    if not PointOnCurve((x, y)):
        raise Exception("Point not on curve")

    return (x, y)
Exemplo n.º 17
0
def decode(B):
    if len(B) != 32:
        raise Exception("Malformed point: length {} != 32".format(len(B)))
    if B[15] & 0x80 != 0x00:
        raise Exception("Malformed point: reserved bit is not zero")

    s = B[31] >> 7
    B[31] &= 0x7F

    y0 = GFp.fromLittleEndian(B[:16])
    y1 = GFp.fromLittleEndian(B[16:])

    if y0 >= p1271 or y1 >= p1271:
        raise Exception("Malformed point: reserved bit is not zero")

    y = (y0, y1)
    y2 = GFp2.sqr(y)
    (u0, u1) = GFp2.sub(y2, GFp2.one)
    (v0, v1) = GFp2.add(GFp2.mul(d, y2), GFp2.one)

    t0 = GFp.add(GFp.mul(u0, v0), GFp.mul(u1, v1))
    t1 = GFp.sub(GFp.mul(u1, v0), GFp.mul(u0, v1))
    t2 = GFp.add(GFp.sqr(v0), GFp.sqr(v1))
    t3 = GFp.add(GFp.sqr(t0), GFp.sqr(t1))
    t3 = GFp.mul(GFp.invsqrt(t3), t3)

    t = GFp.mul(2, GFp.add(t0, t3))
    if t == 0:
        t = GFp.mul(GFp.two, GFp.sub(t0, t3))

    a = GFp.invsqrt(GFp.mul(t, GFp.mul(t2, GFp.sqr(t2))))
    b = GFp.mul(GFp.mul(a, t2), t)

    x0 = GFp.mul(b, GFp.half)
    x1 = GFp.mul(GFp.mul(a, t2), t1)
    if t != GFp.mul(t2, GFp.sqr(b)):
        x0, x1 = x1, x0

    x = (x0, x1)
    if sign(x) != s:
        x = GFp2.neg(x)

    if not PointOnCurve((x, y)):
        x = GFp2.conj(x)
    if not PointOnCurve((x, y)):
        raise Exception("Point not on curve")

    return (x, y)
Exemplo n.º 18
0
def R1toR3(P):
    (X, Y, Z, Ta, Tb) = P
    return (GFp2.add(X, Y), GFp2.sub(Y, X), Z, GFp2.mul(Ta, Tb))
Exemplo n.º 19
0
def R1toR2(P):
    (X, Y, Z, Ta, Tb) = P
    return (GFp2.add(X, Y), GFp2.sub(Y, X), GFp2.add(Z, Z),
            GFp2.mul(GFp2.mul(GFp2.two, d), GFp2.mul(Ta, Tb)))
Exemplo n.º 20
0
def R2toR4(P):
    (N, D, E, F) = P
    return (GFp2.sub(N, D), GFp2.add(D, N), E)