def scalarmult_affine_to_extended(pt, n): # affine->extended assert len(pt) == 2 # affine n = n % L if n == 0: return xform_affine_to_extended((0, 1)) xpt = xform_affine_to_extended(pt) # so Z=1 return _scalarmult_affine_to_extended_inner(xpt, n)
def test_orders(self): # the point (0,1) is the identity, and has order 1 p0 = xform_affine_to_extended((0, 1)) # p0+p0=p0 # p0+anything=anything # The point (0,-1) has order 2 p2 = xform_affine_to_extended((0, -1)) p3 = add_elements(p2, p2) # p3=p2+p2=p0 p4 = add_elements(p3, p2) # p4=p3+p2=p2 p5 = add_elements(p4, p2) # p5=p4+p2=p0 self.assertBytesEqual( encodepoint(xform_extended_to_affine(p3)), encodepoint(xform_extended_to_affine(p0)), ) self.assertBytesEqual( encodepoint(xform_extended_to_affine(p4)), encodepoint(xform_extended_to_affine(p2)), ) self.assertBytesEqual( encodepoint(xform_extended_to_affine(p5)), encodepoint(xform_extended_to_affine(p0)), ) # now same thing, but with Element p0 = ElementOfUnknownGroup(xform_affine_to_extended((0, 1))) self.assertElementsEqual(p0, Zero) p2 = ElementOfUnknownGroup(xform_affine_to_extended((0, -1))) p3 = p2.add(p2) p4 = p3.add(p2) p5 = p4.add(p2) self.assertElementsEqual(p3, p0) self.assertElementsEqual(p4, p2) self.assertElementsEqual(p5, p0) self.assertFalse(isinstance(p3, Element)) self.assertFalse(isinstance(p4, Element)) self.assertFalse(isinstance(p5, Element)) # and again, with .scalarmult instead of .add p3 = p2.scalarmult(2) # p3=2*p2=p0 p4 = p2.scalarmult(3) # p4=3*p2=p2 p5 = p2.scalarmult(4) # p5=4*p2=p0 self.assertElementsEqual(p3, p0) # TODO: failing self.assertElementsEqual(p4, p2) self.assertElementsEqual(p5, p0) self.assertFalse(isinstance(p3, Element)) self.assertFalse(isinstance(p4, Element)) self.assertFalse(isinstance(p5, Element))
def test_orders(self): # the point (0,1) is the identity, and has order 1 p0 = xform_affine_to_extended((0,1)) # p0+p0=p0 # p0+anything=anything # The point (0,-1) has order 2 p2 = xform_affine_to_extended((0,-1)) p3 = add_elements(p2, p2) # p3=p2+p2=p0 p4 = add_elements(p3, p2) # p4=p3+p2=p2 p5 = add_elements(p4, p2) # p5=p4+p2=p0 self.assertBytesEqual(encodepoint(xform_extended_to_affine(p3)), encodepoint(xform_extended_to_affine(p0))) self.assertBytesEqual(encodepoint(xform_extended_to_affine(p4)), encodepoint(xform_extended_to_affine(p2))) self.assertBytesEqual(encodepoint(xform_extended_to_affine(p5)), encodepoint(xform_extended_to_affine(p0))) # now same thing, but with Element p0 = ElementOfUnknownGroup(xform_affine_to_extended((0,1))) self.assertElementsEqual(p0, Zero) p2 = ElementOfUnknownGroup(xform_affine_to_extended((0,-1))) p3 = p2.add(p2) p4 = p3.add(p2) p5 = p4.add(p2) self.assertElementsEqual(p3, p0) self.assertElementsEqual(p4, p2) self.assertElementsEqual(p5, p0) self.assertFalse(isinstance(p3, Element)) self.assertFalse(isinstance(p4, Element)) self.assertFalse(isinstance(p5, Element)) # and again, with .scalarmult instead of .add p3 = p2.scalarmult(2) # p3=2*p2=p0 p4 = p2.scalarmult(3) # p4=3*p2=p2 p5 = p2.scalarmult(4) # p5=4*p2=p0 self.assertElementsEqual(p3, p0) # TODO: failing self.assertElementsEqual(p4, p2) self.assertElementsEqual(p5, p0) self.assertFalse(isinstance(p3, Element)) self.assertFalse(isinstance(p4, Element)) self.assertFalse(isinstance(p5, Element))
def test_scalarmult(self): Bsm = Base.scalarmult e0 = Bsm(0) e1 = Bsm(1) e2 = Bsm(2) e5 = Bsm(5) e10 = Bsm(10) e15 = Bsm(15) em5 = Bsm(-5) self.assertElementsEqual(e0.add(e0), e0) self.assertElementsEqual(e1, Base) self.assertElementsEqual(e0.add(e1), e1) self.assertElementsEqual(Bsm(-5), Bsm(-5 % L)) # there was a bug, due to the add inside scalarmult being # non-unified, which caused e0.scalarmult(N) to not equal e0 self.assertElementsEqual(e0.scalarmult(5), e0) self.assertElementsEqual(e2.scalarmult(0), e0) self.assertElementsEqual(e1.add(e1), e2) self.assertElementsEqual(e5.add(e5), e10) self.assertElementsEqual(e5.add(e10), e15) self.assertElementsEqual(e2.scalarmult(5), e10) self.assertElementsEqual(e15.add(em5), e10) self.assertElementsEqual(e5.add(em5), e0) sm2 = scalarmult_affine e = {} for i in range(-50, 100): e[i] = Bsm(i) self.assertElementsEqual( Element(xform_affine_to_extended(sm2(B, i))), e[i]) self.assertElementsEqual( Element(scalarmult_affine_to_extended(B, i)), e[i]) for i in range(20, 30): for j in range(-10, 10): x1 = e[i].add(e[j]) x2 = Bsm(i + j) self.assertElementsEqual(x1, x2, (x1, x2, i, j)) x3 = Element(xform_affine_to_extended(sm2(B, i + j))) self.assertElementsEqual(x1, x3, (x1, x3, i, j))
def test_scalarmult(self): Bsm = Base.scalarmult e0 = Bsm(0) e1 = Bsm(1) e2 = Bsm(2) e5 = Bsm(5) e10 = Bsm(10) e15 = Bsm(15) em5 = Bsm(-5) self.assertElementsEqual(e0.add(e0), e0) self.assertElementsEqual(e1, Base) self.assertElementsEqual(e0.add(e1), e1) self.assertElementsEqual(Bsm(-5), Bsm(-5 % L)) # there was a bug, due to the add inside scalarmult being # non-unified, which caused e0.scalarmult(N) to not equal e0 self.assertElementsEqual(e0.scalarmult(5), e0) self.assertElementsEqual(e2.scalarmult(0), e0) self.assertElementsEqual(e1.add(e1), e2) self.assertElementsEqual(e5.add(e5), e10) self.assertElementsEqual(e5.add(e10), e15) self.assertElementsEqual(e2.scalarmult(5), e10) self.assertElementsEqual(e15.add(em5), e10) self.assertElementsEqual(e5.add(em5), e0) sm2 = scalarmult_affine e = {} for i in range(-50, 100): e[i] = Bsm(i) self.assertElementsEqual(Element(xform_affine_to_extended(sm2(B, i))), e[i]) self.assertElementsEqual(Element(scalarmult_affine_to_extended(B, i)), e[i]) for i in range(20,30): for j in range(-10,10): x1 = e[i].add(e[j]) x2 = Bsm(i+j) self.assertElementsEqual(x1, x2, (x1,x2,i,j)) x3 = Element(xform_affine_to_extended(sm2(B, i+j))) self.assertElementsEqual(x1, x3, (x1,x3,i,j))
def test_orders(self): # all points should have an order that's listed in ORDERS. Test some # specific points. For low-order points, actually find the complete # subgroup and measure its size. p = Zero values = self.collect(p) self.assertEqual(len(values), 1) self.assertEqual(values, set([Zero.to_bytes()])) self.assertEqual(get_order(p), 1) # (0,-1) should be order 2 p = ElementOfUnknownGroup(xform_affine_to_extended((0,-1))) values = self.collect(p) self.assertEqual(len(values), 2) self.assertEqual(values, set([Zero.to_bytes(), p.to_bytes()])) self.assertEqual(get_order(p), 2) # (..,26) is in the right group (order L) b = b"\x1a" + b"\x00"*31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), L) # (..,35) is maybe order 2*L b = b"\x23" + b"\x00"*31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 2*L) # (..,48) is maybe order 4*L b = b"\x30" + b"\x00"*31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 4*L) # (..,55) is maybe order 8*L b = b"\x37" + b"\x00"*31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 8*L)
def test_orders(self): # all points should have an order that's listed in ORDERS. Test some # specific points. For low-order points, actually find the complete # subgroup and measure its size. p = Zero values = self.collect(p) self.assertEqual(len(values), 1) self.assertEqual(values, set([Zero.to_bytes()])) self.assertEqual(get_order(p), 1) # (0,-1) should be order 2 p = ElementOfUnknownGroup(xform_affine_to_extended((0, -1))) values = self.collect(p) self.assertEqual(len(values), 2) self.assertEqual(values, set([Zero.to_bytes(), p.to_bytes()])) self.assertEqual(get_order(p), 2) # (..,26) is in the right group (order L) b = b"\x1a" + b"\x00" * 31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), L) # (..,35) is maybe order 2*L b = b"\x23" + b"\x00" * 31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 2 * L) # (..,48) is maybe order 4*L b = b"\x30" + b"\x00" * 31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 4 * L) # (..,55) is maybe order 8*L b = b"\x37" + b"\x00" * 31 p = bytes_to_unknown_group_element(b) self.assertEqual(get_order(p), 8 * L)
def element_from_affine(P): return Element(xform_affine_to_extended(P))
def _scalarmult_affine_to_extended_inner(xpt, n): if n == 0: return xform_affine_to_extended((0, 1)) _ = double_element(_scalarmult_affine_to_extended_inner(xpt, n >> 1)) return _add_elements_nonunfied(_, xpt) if n & 1 else _
def scalarmult_affine(pt, e): # affine->affine e = e % L return xform_extended_to_affine(scalarmult_element(xform_affine_to_extended(pt), e))
def _scalarmult_affine_to_extended_inner(xpt, n): if n==0: return xform_affine_to_extended((0,1)) _ = double_element(_scalarmult_affine_to_extended_inner(xpt, n>>1)) return _add_elements_nonunfied(_, xpt) if n&1 else _
def scalarmult_affine_to_extended(pt, n): # affine->extended assert len(pt) == 2 # affine n = n % L if n==0: return xform_affine_to_extended((0,1)) xpt = xform_affine_to_extended(pt) # so Z=1 return _scalarmult_affine_to_extended_inner(xpt, n)
def scalarmult_affine(pt, e): # affine->affine e = e % L return xform_extended_to_affine( scalarmult_element( xform_affine_to_extended(pt), e))