def scalarmult_affine_to_extended(pt, n): # affine->extended
assert len(pt) == 2 # affine
n = n % L
if n == 0:
return xform_affine_to_extended((0, 1))
xpt = xform_affine_to_extended(pt) # so Z=1
return _scalarmult_affine_to_extended_inner(xpt, n)
def test_orders(self):
# the point (0,1) is the identity, and has order 1
p0 = xform_affine_to_extended((0, 1))
# p0+p0=p0
# p0+anything=anything
# The point (0,-1) has order 2
p2 = xform_affine_to_extended((0, -1))
p3 = add_elements(p2, p2) # p3=p2+p2=p0
p4 = add_elements(p3, p2) # p4=p3+p2=p2
p5 = add_elements(p4, p2) # p5=p4+p2=p0
self.assertBytesEqual(
encodepoint(xform_extended_to_affine(p3)),
encodepoint(xform_extended_to_affine(p0)),
)
self.assertBytesEqual(
encodepoint(xform_extended_to_affine(p4)),
encodepoint(xform_extended_to_affine(p2)),
)
self.assertBytesEqual(
encodepoint(xform_extended_to_affine(p5)),
encodepoint(xform_extended_to_affine(p0)),
)
# now same thing, but with Element
p0 = ElementOfUnknownGroup(xform_affine_to_extended((0, 1)))
self.assertElementsEqual(p0, Zero)
p2 = ElementOfUnknownGroup(xform_affine_to_extended((0, -1)))
p3 = p2.add(p2)
p4 = p3.add(p2)
p5 = p4.add(p2)
self.assertElementsEqual(p3, p0)
self.assertElementsEqual(p4, p2)
self.assertElementsEqual(p5, p0)
self.assertFalse(isinstance(p3, Element))
self.assertFalse(isinstance(p4, Element))
self.assertFalse(isinstance(p5, Element))
# and again, with .scalarmult instead of .add
p3 = p2.scalarmult(2) # p3=2*p2=p0
p4 = p2.scalarmult(3) # p4=3*p2=p2
p5 = p2.scalarmult(4) # p5=4*p2=p0
self.assertElementsEqual(p3, p0) # TODO: failing
self.assertElementsEqual(p4, p2)
self.assertElementsEqual(p5, p0)
self.assertFalse(isinstance(p3, Element))
self.assertFalse(isinstance(p4, Element))
self.assertFalse(isinstance(p5, Element))
def test_orders(self):
# the point (0,1) is the identity, and has order 1
p0 = xform_affine_to_extended((0,1))
# p0+p0=p0
# p0+anything=anything
# The point (0,-1) has order 2
p2 = xform_affine_to_extended((0,-1))
p3 = add_elements(p2, p2) # p3=p2+p2=p0
p4 = add_elements(p3, p2) # p4=p3+p2=p2
p5 = add_elements(p4, p2) # p5=p4+p2=p0
self.assertBytesEqual(encodepoint(xform_extended_to_affine(p3)),
encodepoint(xform_extended_to_affine(p0)))
self.assertBytesEqual(encodepoint(xform_extended_to_affine(p4)),
encodepoint(xform_extended_to_affine(p2)))
self.assertBytesEqual(encodepoint(xform_extended_to_affine(p5)),
encodepoint(xform_extended_to_affine(p0)))
# now same thing, but with Element
p0 = ElementOfUnknownGroup(xform_affine_to_extended((0,1)))
self.assertElementsEqual(p0, Zero)
p2 = ElementOfUnknownGroup(xform_affine_to_extended((0,-1)))
p3 = p2.add(p2)
p4 = p3.add(p2)
p5 = p4.add(p2)
self.assertElementsEqual(p3, p0)
self.assertElementsEqual(p4, p2)
self.assertElementsEqual(p5, p0)
self.assertFalse(isinstance(p3, Element))
self.assertFalse(isinstance(p4, Element))
self.assertFalse(isinstance(p5, Element))
# and again, with .scalarmult instead of .add
p3 = p2.scalarmult(2) # p3=2*p2=p0
p4 = p2.scalarmult(3) # p4=3*p2=p2
p5 = p2.scalarmult(4) # p5=4*p2=p0
self.assertElementsEqual(p3, p0) # TODO: failing
self.assertElementsEqual(p4, p2)
self.assertElementsEqual(p5, p0)
self.assertFalse(isinstance(p3, Element))
self.assertFalse(isinstance(p4, Element))
self.assertFalse(isinstance(p5, Element))
def test_scalarmult(self):
Bsm = Base.scalarmult
e0 = Bsm(0)
e1 = Bsm(1)
e2 = Bsm(2)
e5 = Bsm(5)
e10 = Bsm(10)
e15 = Bsm(15)
em5 = Bsm(-5)
self.assertElementsEqual(e0.add(e0), e0)
self.assertElementsEqual(e1, Base)
self.assertElementsEqual(e0.add(e1), e1)
self.assertElementsEqual(Bsm(-5), Bsm(-5 % L))
# there was a bug, due to the add inside scalarmult being
# non-unified, which caused e0.scalarmult(N) to not equal e0
self.assertElementsEqual(e0.scalarmult(5), e0)
self.assertElementsEqual(e2.scalarmult(0), e0)
self.assertElementsEqual(e1.add(e1), e2)
self.assertElementsEqual(e5.add(e5), e10)
self.assertElementsEqual(e5.add(e10), e15)
self.assertElementsEqual(e2.scalarmult(5), e10)
self.assertElementsEqual(e15.add(em5), e10)
self.assertElementsEqual(e5.add(em5), e0)
sm2 = scalarmult_affine
e = {}
for i in range(-50, 100):
e[i] = Bsm(i)
self.assertElementsEqual(
Element(xform_affine_to_extended(sm2(B, i))), e[i])
self.assertElementsEqual(
Element(scalarmult_affine_to_extended(B, i)), e[i])
for i in range(20, 30):
for j in range(-10, 10):
x1 = e[i].add(e[j])
x2 = Bsm(i + j)
self.assertElementsEqual(x1, x2, (x1, x2, i, j))
x3 = Element(xform_affine_to_extended(sm2(B, i + j)))
self.assertElementsEqual(x1, x3, (x1, x3, i, j))
def test_scalarmult(self):
Bsm = Base.scalarmult
e0 = Bsm(0)
e1 = Bsm(1)
e2 = Bsm(2)
e5 = Bsm(5)
e10 = Bsm(10)
e15 = Bsm(15)
em5 = Bsm(-5)
self.assertElementsEqual(e0.add(e0), e0)
self.assertElementsEqual(e1, Base)
self.assertElementsEqual(e0.add(e1), e1)
self.assertElementsEqual(Bsm(-5), Bsm(-5 % L))
# there was a bug, due to the add inside scalarmult being
# non-unified, which caused e0.scalarmult(N) to not equal e0
self.assertElementsEqual(e0.scalarmult(5), e0)
self.assertElementsEqual(e2.scalarmult(0), e0)
self.assertElementsEqual(e1.add(e1), e2)
self.assertElementsEqual(e5.add(e5), e10)
self.assertElementsEqual(e5.add(e10), e15)
self.assertElementsEqual(e2.scalarmult(5), e10)
self.assertElementsEqual(e15.add(em5), e10)
self.assertElementsEqual(e5.add(em5), e0)
sm2 = scalarmult_affine
e = {}
for i in range(-50, 100):
e[i] = Bsm(i)
self.assertElementsEqual(Element(xform_affine_to_extended(sm2(B, i))), e[i])
self.assertElementsEqual(Element(scalarmult_affine_to_extended(B, i)),
e[i])
for i in range(20,30):
for j in range(-10,10):
x1 = e[i].add(e[j])
x2 = Bsm(i+j)
self.assertElementsEqual(x1, x2, (x1,x2,i,j))
x3 = Element(xform_affine_to_extended(sm2(B, i+j)))
self.assertElementsEqual(x1, x3, (x1,x3,i,j))
def test_orders(self):
# all points should have an order that's listed in ORDERS. Test some
# specific points. For low-order points, actually find the complete
# subgroup and measure its size.
p = Zero
values = self.collect(p)
self.assertEqual(len(values), 1)
self.assertEqual(values, set([Zero.to_bytes()]))
self.assertEqual(get_order(p), 1)
# (0,-1) should be order 2
p = ElementOfUnknownGroup(xform_affine_to_extended((0,-1)))
values = self.collect(p)
self.assertEqual(len(values), 2)
self.assertEqual(values, set([Zero.to_bytes(), p.to_bytes()]))
self.assertEqual(get_order(p), 2)
# (..,26) is in the right group (order L)
b = b"\x1a" + b"\x00"*31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), L)
# (..,35) is maybe order 2*L
b = b"\x23" + b"\x00"*31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 2*L)
# (..,48) is maybe order 4*L
b = b"\x30" + b"\x00"*31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 4*L)
# (..,55) is maybe order 8*L
b = b"\x37" + b"\x00"*31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 8*L)
def test_orders(self):
# all points should have an order that's listed in ORDERS. Test some
# specific points. For low-order points, actually find the complete
# subgroup and measure its size.
p = Zero
values = self.collect(p)
self.assertEqual(len(values), 1)
self.assertEqual(values, set([Zero.to_bytes()]))
self.assertEqual(get_order(p), 1)
# (0,-1) should be order 2
p = ElementOfUnknownGroup(xform_affine_to_extended((0, -1)))
values = self.collect(p)
self.assertEqual(len(values), 2)
self.assertEqual(values, set([Zero.to_bytes(), p.to_bytes()]))
self.assertEqual(get_order(p), 2)
# (..,26) is in the right group (order L)
b = b"\x1a" + b"\x00" * 31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), L)
# (..,35) is maybe order 2*L
b = b"\x23" + b"\x00" * 31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 2 * L)
# (..,48) is maybe order 4*L
b = b"\x30" + b"\x00" * 31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 4 * L)
# (..,55) is maybe order 8*L
b = b"\x37" + b"\x00" * 31
p = bytes_to_unknown_group_element(b)
self.assertEqual(get_order(p), 8 * L)
def element_from_affine(P):
return Element(xform_affine_to_extended(P))
def _scalarmult_affine_to_extended_inner(xpt, n):
if n == 0:
return xform_affine_to_extended((0, 1))
_ = double_element(_scalarmult_affine_to_extended_inner(xpt, n >> 1))
return _add_elements_nonunfied(_, xpt) if n & 1 else _
def scalarmult_affine(pt, e): # affine->affine
e = e % L
return xform_extended_to_affine(scalarmult_element(xform_affine_to_extended(pt), e))
def element_from_affine(P):
return Element(xform_affine_to_extended(P))
def _scalarmult_affine_to_extended_inner(xpt, n):
if n==0: return xform_affine_to_extended((0,1))
_ = double_element(_scalarmult_affine_to_extended_inner(xpt, n>>1))
return _add_elements_nonunfied(_, xpt) if n&1 else _
def scalarmult_affine_to_extended(pt, n): # affine->extended
assert len(pt) == 2 # affine
n = n % L
if n==0: return xform_affine_to_extended((0,1))
xpt = xform_affine_to_extended(pt) # so Z=1
return _scalarmult_affine_to_extended_inner(xpt, n)
def scalarmult_affine(pt, e): # affine->affine
e = e % L
return xform_extended_to_affine(
scalarmult_element(
xform_affine_to_extended(pt),
e))
