#include <point_gfp.h>

Public Types
enum	Compression_Type { UNCOMPRESSED = 0, COMPRESSED = 1, HYBRID = 2 }
Public Member Functions
BigInt	get_affine_x () const
BigInt	get_affine_y () const
const CurveGFp &	get_curve () const
bool	is_zero () const
PointGFp &	negate ()
bool	on_the_curve () const
PointGFp &	operator*= (const BigInt &scalar)
PointGFp &	operator+= (const PointGFp &rhs)
PointGFp &	operator-= (const PointGFp &rhs)
PointGFp &	operator= (const PointGFp &)
PointGFp &	operator= (PointGFp &&other)
bool	operator== (const PointGFp &other) const
	PointGFp ()
	PointGFp (const CurveGFp &curve)
	PointGFp (const PointGFp &)
	PointGFp (PointGFp &&other)
	PointGFp (const CurveGFp &curve, const BigInt &x, const BigInt &y)
void	swap (PointGFp &other)
Friends
BOTAN_DLL PointGFp	multi_exponentiate (const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
BOTAN_DLL PointGFp	operator* (const BigInt &scalar, const PointGFp &point)

Detailed Description

This class represents one point on a curve of GF(p)

Definition at line 41 of file point_gfp.h.

Member Enumeration Documentation

enum Botan::PointGFp::Compression_Type

Enumerator:

UNCOMPRESSED
COMPRESSED
HYBRID

Definition at line 44 of file point_gfp.h.

                            {
         UNCOMPRESSED = 0,
         COMPRESSED   = 1,
         HYBRID       = 2
      };

Constructor & Destructor Documentation

Botan::PointGFp::PointGFp ( ) [inline]

Construct an uninitialized PointGFp

Definition at line 53 of file point_gfp.h.

Referenced by operator-=().

{}

Botan::PointGFp::PointGFp ( const CurveGFp & curve )

Construct the zero point

Parameters:

curve The base curve

Definition at line 15 of file point_gfp.cpp.

References Botan::CurveGFp::to_rep().

                                        :
   curve(curve),
   coord_x(0),
   coord_y(1),
   coord_z(0)
   {
   curve.to_rep(coord_x, ws);
   curve.to_rep(coord_y, ws);
   curve.to_rep(coord_z, ws);
   }

Botan::PointGFp::PointGFp ( const PointGFp & )

Copy constructor

Botan::PointGFp::PointGFp ( PointGFp && other ) [inline]

Move Constructor

Definition at line 69 of file point_gfp.h.

         {
         this->swap(other);
         }

Botan::PointGFp::PointGFp	(	const CurveGFp &	curve,
		const BigInt &	x,
		const BigInt &	y
	)

Construct a point from its affine coordinates

Parameters:

curve	the base curve
x	affine x coordinate
y	affine y coordinate

Definition at line 26 of file point_gfp.cpp.

References Botan::CurveGFp::to_rep().

                                                                          :
   curve(curve),
   coord_x(x),
   coord_y(y),
   coord_z(1)
   {
   curve.to_rep(coord_x, ws);
   curve.to_rep(coord_y, ws);
   curve.to_rep(coord_z, ws);
   }

Member Function Documentation

BigInt Botan::PointGFp::get_affine_x ( ) const

get affine x coordinate

Returns:: affine x coordinate

Definition at line 344 of file point_gfp.cpp.

References Botan::CurveGFp::from_rep(), Botan::CurveGFp::get_p(), Botan::inverse_mod(), and is_zero().

Referenced by Botan::EC2OSP(), operator==(), and Botan::GOST_3410_PublicKey::x509_subject_public_key().

   {
   if(is_zero())
      throw Illegal_Transformation("Cannot convert zero point to affine");

   BigInt z2 = curve_sqr(coord_z);
   curve.from_rep(z2, ws);
   z2 = inverse_mod(z2, curve.get_p());

   return curve_mult(z2, coord_x);
   }

BigInt Botan::PointGFp::get_affine_y ( ) const

get affine y coordinate

Returns:: affine y coordinate

Definition at line 356 of file point_gfp.cpp.

References Botan::CurveGFp::get_p(), Botan::inverse_mod(), is_zero(), and Botan::CurveGFp::to_rep().

Referenced by Botan::EC2OSP(), operator==(), and Botan::GOST_3410_PublicKey::x509_subject_public_key().

   {
   if(is_zero())
      throw Illegal_Transformation("Cannot convert zero point to affine");

   BigInt z3 = curve_mult(coord_z, curve_sqr(coord_z));
   z3 = inverse_mod(z3, curve.get_p());
   curve.to_rep(z3, ws);

   return curve_mult(z3, coord_y);
   }

const CurveGFp& Botan::PointGFp::get_curve ( ) const [inline]

Return base curve of this point

Returns:: the curve over GF(p) of this point

Definition at line 153 of file point_gfp.h.

References curve.

Referenced by Botan::EC2OSP(), Botan::operator*(), and operator==().

{ return curve; }

bool Botan::PointGFp::is_zero ( ) const [inline]

Is this the point at infinity?

Returns:: true, if this point is at infinity, false otherwise.

Definition at line 171 of file point_gfp.h.

Referenced by Botan::EC2OSP(), get_affine_x(), get_affine_y(), on_the_curve(), operator-=(), and operator==().

         { return (coord_x.is_zero() && coord_z.is_zero()); }

PointGFp& Botan::PointGFp::negate ( ) [inline]

Negate this point

Returns:: *this

Definition at line 142 of file point_gfp.h.

References curve.

Referenced by Botan::multi_exponentiate(), Botan::operator*(), and Botan::operator-().

         {
         if(!is_zero())
            coord_y = curve.get_p() - coord_y;
         return *this;
         }

bool Botan::PointGFp::on_the_curve ( ) const

Checks whether the point is to be found on the underlying curve; used to prevent fault attacks.

Returns:: if the point is on the curve

Definition at line 368 of file point_gfp.cpp.

References Botan::CurveGFp::from_rep(), Botan::CurveGFp::get_a_rep(), Botan::CurveGFp::get_b_rep(), and is_zero().

Referenced by Botan::EC_PublicKey::check_key(), Botan::EC_PrivateKey::EC_PrivateKey(), Botan::GOST_3410_PublicKey::GOST_3410_PublicKey(), and Botan::OS2ECP().

   {
   /*
   Is the point still on the curve?? (If everything is correct, the
   point is always on its curve; then the function will return true.
   If somehow the state is corrupted, which suggests a fault attack
   (or internal computational error), then return false.
   */
   if(is_zero())
      return true;

   const BigInt y2 = curve.from_rep(curve_sqr(coord_y), ws);
   const BigInt x3 = curve_mult(coord_x, curve_sqr(coord_x));
   const BigInt ax = curve_mult(coord_x, curve.get_a_rep());
   const BigInt z2 = curve_sqr(coord_z);

   if(coord_z == z2) // Is z equal to 1 (in Montgomery form)?
      {
      if(y2 != curve.from_rep(x3 + ax + curve.get_b_rep(), ws))
         return false;
      }

   const BigInt z3 = curve_mult(coord_z, z2);
   const BigInt ax_z4 = curve_mult(ax, curve_sqr(z2));
   const BigInt b_z6 = curve_mult(curve.get_b_rep(), curve_sqr(z3));

   if(y2 != curve.from_rep(x3 + ax_z4 + b_z6, ws))
      return false;

   return true;
   }

PointGFp & Botan::PointGFp::operator*= ( const BigInt & scalar )

*= Operator

Parameters:

scalar the PointGFp to multiply with *this

Returns:: resulting PointGFp

Definition at line 213 of file point_gfp.cpp.

   {
   *this = scalar * *this;
   return *this;
   }

PointGFp & Botan::PointGFp::operator+= ( const PointGFp & rhs )

+= Operator

Parameters:

rhs	the PointGFp to add to the local value

Returns:: resulting PointGFp

Definition at line 194 of file point_gfp.cpp.

   {
   std::vector<BigInt> ws(9);
   add(rhs, ws);
   return *this;
   }

PointGFp & Botan::PointGFp::operator-= ( const PointGFp & rhs )

-= Operator

Parameters:

rhs	the PointGFp to subtract from the local value

Returns:: resulting PointGFp

Definition at line 201 of file point_gfp.cpp.

References is_zero(), and PointGFp().

   {
   PointGFp minus_rhs = PointGFp(rhs).negate();

   if(is_zero())
      *this = minus_rhs;
   else
      *this += minus_rhs;

   return *this;
   }

PointGFp& Botan::PointGFp::operator= ( const PointGFp & )

Standard Assignment

PointGFp& Botan::PointGFp::operator= ( PointGFp && other ) [inline]

Move Assignment

Definition at line 82 of file point_gfp.h.

         {
         if(this != &other)
            this->swap(other);
         return (*this);
         }

bool Botan::PointGFp::operator== ( const PointGFp & other ) const

Equality operator

Definition at line 410 of file point_gfp.cpp.

References get_affine_x(), get_affine_y(), get_curve(), and is_zero().

   {
   if(get_curve() != other.get_curve())
      return false;

   // If this is zero, only equal if other is also zero
   if(is_zero())
      return other.is_zero();

   return (get_affine_x() == other.get_affine_x() &&
           get_affine_y() == other.get_affine_y());
   }

void Botan::PointGFp::swap ( PointGFp & other )

swaps the states of *this and other, does not throw!

Parameters:

other the object to swap values with

Definition at line 401 of file point_gfp.cpp.

References Botan::BigInt::swap(), and Botan::CurveGFp::swap().

Referenced by std::swap< Botan::PointGFp >().

   {
   curve.swap(other.curve);
   coord_x.swap(other.coord_x);
   coord_y.swap(other.coord_y);
   coord_z.swap(other.coord_z);
   ws.swap(other.ws);
   }

Friends And Related Function Documentation

BOTAN_DLL PointGFp multi_exponentiate	(	const PointGFp &	p1,
		const BigInt &	z1,
		const PointGFp &	p2,
		const BigInt &	z2
	)		`[friend]`

Multiexponentiation

Parameters:

p1	a point
z1	a scalar
p2	a point
z2	a scalar

Returns:: (p1 * z1 + p2 * z2)

Definition at line 219 of file point_gfp.cpp.

   {
   const PointGFp p3 = p1 + p2;

   PointGFp H(p1.curve); // create as zero
   size_t bits_left = std::max(z1.bits(), z2.bits());

   std::vector<BigInt> ws(9);

   while(bits_left)
      {
      H.mult2(ws);

      const bool z1_b = z1.get_bit(bits_left - 1);
      const bool z2_b = z2.get_bit(bits_left - 1);

      if(z1_b == true && z2_b == true)
         H.add(p3, ws);
      else if(z1_b)
         H.add(p1, ws);
      else if(z2_b)
         H.add(p2, ws);

      --bits_left;
      }

   if(z1.is_negative() != z2.is_negative())
      H.negate();

   return H;
   }

BOTAN_DLL PointGFp operator*	(	const BigInt &	scalar,
		const PointGFp &	point
	)		`[friend]`

Multiplication Operator

Parameters:

scalar	the scalar value
point	the point value

Returns:: scalar*point on the curve

Definition at line 252 of file point_gfp.cpp.

   {
   //BOTAN_ASSERT(point.on_the_curve(), "Input is valid");

   const CurveGFp& curve = point.get_curve();

   if(scalar.is_zero())
      return PointGFp(curve); // zero point

   std::vector<BigInt> ws(9);

   if(scalar.abs() <= 2) // special cases for small values
      {
      byte value = scalar.abs().byte_at(0);

      PointGFp result = point;

      if(value == 2)
         result.mult2(ws);

      if(scalar.is_negative())
         result.negate();

      return result;
      }

   const size_t scalar_bits = scalar.bits();

   PointGFp x1(curve); // zero

   size_t bits_left = scalar_bits;

#if BOTAN_CURVE_GFP_USE_MONTGOMERY_LADDER

   PointGFp x2 = point;
   while(bits_left)
      {
      if(scalar.get_bit(bits_left - 1))
         {
         x1.add(x2, ws);
         x2.mult2(ws);
         }
      else
         {
         x2.add(x1, ws);
         x1.mult2(ws);
         }

      --bits_left;
      }

#else
   const size_t window_bits = 4;

   std::vector<PointGFp> Ps(1 << window_bits);
   Ps[0] = x1;
   Ps[1] = point;

   for(size_t i = 2; i < Ps.size(); ++i)
      {
      Ps[i] = Ps[i-1];
      Ps[i].add(point, ws);
      }

   while(bits_left >= window_bits)
      {
      for(size_t i = 0; i != window_bits; ++i)
         x1.mult2(ws);

      const u32bit nibble = scalar.get_substring(bits_left - window_bits, window_bits);
      x1.add(Ps[nibble], ws);
      bits_left -= window_bits;
      }

   while(bits_left)
      {
      x1.mult2(ws);
      if(scalar.get_bit(bits_left-1))
         x1.add(point, ws);
      --bits_left;
      }

#endif

   if(scalar.is_negative())
      x1.negate();

   //BOTAN_ASSERT(x1.on_the_curve(), "Output is on the curve");

   return x1;
   }

The documentation for this class was generated from the following files:

src/lib/math/ec_gfp/point_gfp.h
src/lib/math/ec_gfp/point_gfp.cpp

Public Types

Public Member Functions

Friends

Detailed Description

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation

Friends And Related Function Documentation