Home Explore Help
Register Sign In
front
/
icssDService
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8b7b629366
Branches Tags
icssDService
/
node_modules.bak
/
elliptic
/
lib
/
elliptic
/
curve
/
mont.js

mont.js 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. 'use strict';
    2. 

  2. 

  3. var BN = require('bn.js');
    4. 

  4. var inherits = require('inherits');
    5. 

  5. var Base = require('./base');
    6. 

  6. 

  7. var utils = require('../utils');
    8. 

  8. 

  9. function MontCurve(conf) {
    10. 

  10.   Base.call(this, 'mont', conf);
    11. 

  11. 

  12.   this.a = new BN(conf.a, 16).toRed(this.red);
    13. 

  13.   this.b = new BN(conf.b, 16).toRed(this.red);
    14. 

  14.   this.i4 = new BN(4).toRed(this.red).redInvm();
    15. 

  15.   this.two = new BN(2).toRed(this.red);
    16. 

  16.   this.a24 = this.i4.redMul(this.a.redAdd(this.two));
    17. 

  17. }
    18. 

  18. inherits(MontCurve, Base);
    19. 

  19. module.exports = MontCurve;
    20. 

  20. 

  21. MontCurve.prototype.validate = function validate(point) {
    22. 

  22.   var x = point.normalize().x;
    23. 

  23.   var x2 = x.redSqr();
    24. 

  24.   var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);
    25. 

  25.   var y = rhs.redSqrt();
    26. 

  26. 

  27.   return y.redSqr().cmp(rhs) === 0;
    28. 

  28. };
    29. 

  29. 

  30. function Point(curve, x, z) {
    31. 

  31.   Base.BasePoint.call(this, curve, 'projective');
    32. 

  32.   if (x === null && z === null) {
    33. 

  33.     this.x = this.curve.one;
    34. 

  34.     this.z = this.curve.zero;
    35. 

  35.   } else {
    36. 

  36.     this.x = new BN(x, 16);
    37. 

  37.     this.z = new BN(z, 16);
    38. 

  38.     if (!this.x.red)
    39. 

  39.       this.x = this.x.toRed(this.curve.red);
    40. 

  40.     if (!this.z.red)
    41. 

  41.       this.z = this.z.toRed(this.curve.red);
    42. 

  42.   }
    43. 

  43. }
    44. 

  44. inherits(Point, Base.BasePoint);
    45. 

  45. 

  46. MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {
    47. 

  47.   return this.point(utils.toArray(bytes, enc), 1);
    48. 

  48. };
    49. 

  49. 

  50. MontCurve.prototype.point = function point(x, z) {
    51. 

  51.   return new Point(this, x, z);
    52. 

  52. };
    53. 

  53. 

  54. MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {
    55. 

  55.   return Point.fromJSON(this, obj);
    56. 

  56. };
    57. 

  57. 

  58. Point.prototype.precompute = function precompute() {
    59. 

  59.   // No-op
    60. 

  60. };
    61. 

  61. 

  62. Point.prototype._encode = function _encode() {
    63. 

  63.   return this.getX().toArray('be', this.curve.p.byteLength());
    64. 

  64. };
    65. 

  65. 

  66. Point.fromJSON = function fromJSON(curve, obj) {
    67. 

  67.   return new Point(curve, obj[0], obj[1] || curve.one);
    68. 

  68. };
    69. 

  69. 

  70. Point.prototype.inspect = function inspect() {
    71. 

  71.   if (this.isInfinity())
    72. 

  72.     return '<EC Point Infinity>';
    73. 

  73.   return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
    74. 

  74.       ' z: ' + this.z.fromRed().toString(16, 2) + '>';
    75. 

  75. };
    76. 

  76. 

  77. Point.prototype.isInfinity = function isInfinity() {
    78. 

  78.   // XXX This code assumes that zero is always zero in red
    79. 

  79.   return this.z.cmpn(0) === 0;
    80. 

  80. };
    81. 

  81. 

  82. Point.prototype.dbl = function dbl() {
    83. 

  83.   // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3
    84. 

  84.   // 2M + 2S + 4A
    85. 

  85. 

  86.   // A = X1 + Z1
    87. 

  87.   var a = this.x.redAdd(this.z);
    88. 

  88.   // AA = A^2
    89. 

  89.   var aa = a.redSqr();
    90. 

  90.   // B = X1 - Z1
    91. 

  91.   var b = this.x.redSub(this.z);
    92. 

  92.   // BB = B^2
    93. 

  93.   var bb = b.redSqr();
    94. 

  94.   // C = AA - BB
    95. 

  95.   var c = aa.redSub(bb);
    96. 

  96.   // X3 = AA * BB
    97. 

  97.   var nx = aa.redMul(bb);
    98. 

  98.   // Z3 = C * (BB + A24 * C)
    99. 

  99.   var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));
    100. 

  100.   return this.curve.point(nx, nz);
    101. 

  101. };
    102. 

  102. 

  103. Point.prototype.add = function add() {
    104. 

  104.   throw new Error('Not supported on Montgomery curve');
    105. 

  105. };
    106. 

  106. 

  107. Point.prototype.diffAdd = function diffAdd(p, diff) {
    108. 

  108.   // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3
    109. 

  109.   // 4M + 2S + 6A
    110. 

  110. 

  111.   // A = X2 + Z2
    112. 

  112.   var a = this.x.redAdd(this.z);
    113. 

  113.   // B = X2 - Z2
    114. 

  114.   var b = this.x.redSub(this.z);
    115. 

  115.   // C = X3 + Z3
    116. 

  116.   var c = p.x.redAdd(p.z);
    117. 

  117.   // D = X3 - Z3
    118. 

  118.   var d = p.x.redSub(p.z);
    119. 

  119.   // DA = D * A
    120. 

  120.   var da = d.redMul(a);
    121. 

  121.   // CB = C * B
    122. 

  122.   var cb = c.redMul(b);
    123. 

  123.   // X5 = Z1 * (DA + CB)^2
    124. 

  124.   var nx = diff.z.redMul(da.redAdd(cb).redSqr());
    125. 

  125.   // Z5 = X1 * (DA - CB)^2
    126. 

  126.   var nz = diff.x.redMul(da.redISub(cb).redSqr());
    127. 

  127.   return this.curve.point(nx, nz);
    128. 

  128. };
    129. 

  129. 

  130. Point.prototype.mul = function mul(k) {
    131. 

  131.   var t = k.clone();
    132. 

  132.   var a = this; // (N / 2) * Q + Q
    133. 

  133.   var b = this.curve.point(null, null); // (N / 2) * Q
    134. 

  134.   var c = this; // Q
    135. 

  135. 

  136.   for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))
    137. 

  137.     bits.push(t.andln(1));
    138. 

  138. 

  139.   for (var i = bits.length - 1; i >= 0; i--) {
    140. 

  140.     if (bits[i] === 0) {
    141. 

  141.       // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q
    142. 

  142.       a = a.diffAdd(b, c);
    143. 

  143.       // N * Q = 2 * ((N / 2) * Q + Q))
    144. 

  144.       b = b.dbl();
    145. 

  145.     } else {
    146. 

  146.       // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)
    147. 

  147.       b = a.diffAdd(b, c);
    148. 

  148.       // N * Q + Q = 2 * ((N / 2) * Q + Q)
    149. 

  149.       a = a.dbl();
    150. 

  150.     }
    151. 

  151.   }
    152. 

  152.   return b;
    153. 

  153. };
    154. 

  154. 

  155. Point.prototype.mulAdd = function mulAdd() {
    156. 

  156.   throw new Error('Not supported on Montgomery curve');
    157. 

  157. };
    158. 

  158. 

  159. Point.prototype.jumlAdd = function jumlAdd() {
    160. 

  160.   throw new Error('Not supported on Montgomery curve');
    161. 

  161. };
    162. 

  162. 

  163. Point.prototype.eq = function eq(other) {
    164. 

  164.   return this.getX().cmp(other.getX()) === 0;
    165. 

  165. };
    166. 

  166. 

  167. Point.prototype.normalize = function normalize() {
    168. 

  168.   this.x = this.x.redMul(this.z.redInvm());
    169. 

  169.   this.z = this.curve.one;
    170. 

  170.   return this;
    171. 

  171. };
    172. 

  172. 

  173. Point.prototype.getX = function getX() {
    174. 

  174.   // Normalize coordinates
    175. 

  175.   this.normalize();
    176. 

  176. 

  177.   return this.x.fromRed();
    178. 

  178. };
    179.