From 98e17edb2b985d176e91aa98f39e6f72ff7ce0c6 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Wed, 12 Mar 2014 19:15:35 +0700 Subject: Store 'beta' parameter in GLV Type B as just a BigInteger Support configuration of an endomorphism on ECCurve Default to GLVMultiplier when a GLV endomorphism is configured Configure known GLV endomorphisms in named curve factories --- .../org/bouncycastle/asn1/sec/SECNamedCurves.java | 67 ++++++++++++++++++++-- .../bouncycastle/crypto/ec/CustomNamedCurves.java | 50 +++++++++++++++- .../java/org/bouncycastle/math/ec/ECCurve.java | 24 +++++++- .../math/ec/custom/sec/SecP192K1Curve.java | 17 ------ .../math/ec/custom/sec/SecP224K1Curve.java | 17 ------ .../math/ec/custom/sec/SecP256K1Curve.java | 17 ------ .../math/ec/endo/GLVTypeBEndomorphism.java | 11 ++-- .../math/ec/endo/GLVTypeBParameters.java | 8 +-- 8 files changed, 142 insertions(+), 69 deletions(-) (limited to 'core/src/main/java/org/bouncycastle') diff --git a/core/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/core/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java index 1ba3dbea..450fd703 100644 --- a/core/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java +++ b/core/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java @@ -10,6 +10,8 @@ import org.bouncycastle.asn1.x9.X9ECParametersHolder; import org.bouncycastle.math.ec.ECConstants; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.math.ec.endo.GLVTypeBEndomorphism; +import org.bouncycastle.math.ec.endo.GLVTypeBParameters; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; @@ -20,6 +22,11 @@ public class SECNamedCurves return curve; } + private static ECCurve configureCurveGLV(ECCurve c, GLVTypeBParameters p) + { + return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create(); + } + private static BigInteger fromHex( String hex) { @@ -145,7 +152,20 @@ public class SECNamedCurves BigInteger n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3"); BigInteger h = BigInteger.valueOf(1); - ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h)); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16), + new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16), + new BigInteger[]{ + new BigInteger("9162fbe73984472a0a9e", 16), + new BigInteger("-96341f1138933bc2f505", 16) }, + new BigInteger[]{ + new BigInteger("127971af8721782ecffa3", 16), + new BigInteger("9162fbe73984472a0a9e", 16) }, + new BigInteger("48b17df39cc22395054e8", 16), + new BigInteger("4b1a0f889c499de17a820", 16), + 163); + + ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv); // ECPoint G = curve.decodePoint(Hex.decode("02" // + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB")); ECPoint G = curve.decodePoint(Hex.decode("04" @@ -223,7 +243,20 @@ public class SECNamedCurves BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"); BigInteger h = BigInteger.valueOf(1); - ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h)); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("bb85691939b869c1d087f601554b96b80cb4f55b35f433c2", 16), + new BigInteger("3d84f26c12238d7b4f3d516613c1759033b1a5800175d0b1", 16), + new BigInteger[]{ + new BigInteger("71169be7330b3038edb025f1", 16), + new BigInteger("-b3fb3400dec5c4adceb8655c", 16) }, + new BigInteger[]{ + new BigInteger("12511cfe811d0f4e6bc688b4d", 16), + new BigInteger("71169be7330b3038edb025f1", 16) }, + new BigInteger("1c45a6f9ccc2cc0e3b6c097c7", 16), + new BigInteger("2cfecd0037b1712b73ae19575", 16), + 194); + + ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv); //ECPoint G = curve.decodePoint(Hex.decode("03" //+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D")); ECPoint G = curve.decodePoint(Hex.decode("04" @@ -275,7 +308,20 @@ public class SECNamedCurves BigInteger n = fromHex("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7"); BigInteger h = BigInteger.valueOf(1); - ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h)); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("fe0e87005b4e83761908c5131d552a850b3f58b749c37cf5b84d6768", 16), + new BigInteger("60dcd2104c4cbc0be6eeefc2bdd610739ec34e317f9b33046c9e4788", 16), + new BigInteger[]{ + new BigInteger("6b8cf07d4ca75c88957d9d670591", 16), + new BigInteger("-b8adf1378a6eb73409fa6c9c637d", 16) }, + new BigInteger[]{ + new BigInteger("1243ae1b4d71613bc9f780a03690e", 16), + new BigInteger("6b8cf07d4ca75c88957d9d670591", 16) }, + new BigInteger("35c6783ea653ae444abeceb382c82", 16), + new BigInteger("5c56f89bc5375b9a04fd364e31bdd", 16), + 227); + + ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv); //ECPoint G = curve.decodePoint(Hex.decode("03" //+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C")); ECPoint G = curve.decodePoint(Hex.decode("04" @@ -327,7 +373,20 @@ public class SECNamedCurves BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"); BigInteger h = BigInteger.valueOf(1); - ECCurve curve = configureCurve(new ECCurve.Fp(p, a, b, n, h)); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee", 16), + new BigInteger("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72", 16), + new BigInteger[]{ + new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16), + new BigInteger("-e4437ed6010e88286f547fa90abfe4c3", 16) }, + new BigInteger[]{ + new BigInteger("114ca50f7a8e2f3f657c1108d9d44cfd8", 16), + new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16) }, + new BigInteger("c21b48869f51af37a1b243924a13ac55", 16), + new BigInteger("3910dfb58043a20a1bd51fea42aff9311", 16), + 258); + + ECCurve curve = configureCurveGLV(new ECCurve.Fp(p, a, b, n, h), glv); //ECPoint G = curve.decodePoint(Hex.decode("02" //+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798")); ECPoint G = curve.decodePoint(Hex.decode("04" diff --git a/core/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java b/core/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java index 329618cd..d43deeba 100644 --- a/core/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java +++ b/core/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java @@ -1,5 +1,6 @@ package org.bouncycastle.crypto.ec; +import java.math.BigInteger; import java.util.Enumeration; import java.util.Hashtable; @@ -17,6 +18,8 @@ import org.bouncycastle.math.ec.custom.sec.SecP256K1Curve; import org.bouncycastle.math.ec.custom.sec.SecP256R1Curve; import org.bouncycastle.math.ec.custom.sec.SecP384R1Curve; import org.bouncycastle.math.ec.custom.sec.SecP521R1Curve; +import org.bouncycastle.math.ec.endo.GLVTypeBEndomorphism; +import org.bouncycastle.math.ec.endo.GLVTypeBParameters; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; @@ -27,6 +30,11 @@ public class CustomNamedCurves return curve; } + private static ECCurve configureCurveGLV(ECCurve c, GLVTypeBParameters p) + { + return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create(); + } + /* * secp192k1 */ @@ -35,7 +43,19 @@ public class CustomNamedCurves protected X9ECParameters createParameters() { byte[] S = null; - ECCurve curve = configureCurve(new SecP192K1Curve()); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("bb85691939b869c1d087f601554b96b80cb4f55b35f433c2", 16), + new BigInteger("3d84f26c12238d7b4f3d516613c1759033b1a5800175d0b1", 16), + new BigInteger[]{ + new BigInteger("71169be7330b3038edb025f1", 16), + new BigInteger("-b3fb3400dec5c4adceb8655c", 16) }, + new BigInteger[]{ + new BigInteger("12511cfe811d0f4e6bc688b4d", 16), + new BigInteger("71169be7330b3038edb025f1", 16) }, + new BigInteger("1c45a6f9ccc2cc0e3b6c097c7", 16), + new BigInteger("2cfecd0037b1712b73ae19575", 16), + 194); + ECCurve curve = configureCurveGLV(new SecP192K1Curve(), glv); ECPoint G = curve.decodePoint(Hex.decode("04" + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D" + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D")); @@ -67,7 +87,19 @@ public class CustomNamedCurves protected X9ECParameters createParameters() { byte[] S = null; - ECCurve curve = configureCurve(new SecP224K1Curve()); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("fe0e87005b4e83761908c5131d552a850b3f58b749c37cf5b84d6768", 16), + new BigInteger("60dcd2104c4cbc0be6eeefc2bdd610739ec34e317f9b33046c9e4788", 16), + new BigInteger[]{ + new BigInteger("6b8cf07d4ca75c88957d9d670591", 16), + new BigInteger("-b8adf1378a6eb73409fa6c9c637d", 16) }, + new BigInteger[]{ + new BigInteger("1243ae1b4d71613bc9f780a03690e", 16), + new BigInteger("6b8cf07d4ca75c88957d9d670591", 16) }, + new BigInteger("35c6783ea653ae444abeceb382c82", 16), + new BigInteger("5c56f89bc5375b9a04fd364e31bdd", 16), + 227); + ECCurve curve = configureCurveGLV(new SecP224K1Curve(), glv); ECPoint G = curve.decodePoint(Hex.decode("04" + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C" + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5")); @@ -99,7 +131,19 @@ public class CustomNamedCurves protected X9ECParameters createParameters() { byte[] S = null; - ECCurve curve = configureCurve(new SecP256K1Curve()); + GLVTypeBParameters glv = new GLVTypeBParameters( + new BigInteger("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee", 16), + new BigInteger("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72", 16), + new BigInteger[]{ + new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16), + new BigInteger("-e4437ed6010e88286f547fa90abfe4c3", 16) }, + new BigInteger[]{ + new BigInteger("114ca50f7a8e2f3f657c1108d9d44cfd8", 16), + new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16) }, + new BigInteger("c21b48869f51af37a1b243924a13ac55", 16), + new BigInteger("3910dfb58043a20a1bd51fea42aff9311", 16), + 258); + ECCurve curve = configureCurveGLV(new SecP256K1Curve(), glv); ECPoint G = curve.decodePoint(Hex.decode("04" + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798" + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8")); diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java index f9418d63..3bb8d600 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java +++ b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java @@ -32,11 +32,13 @@ public abstract class ECCurve public class Config { protected int coord; + protected ECEndomorphism endomorphism; protected ECMultiplier multiplier; - Config(int coord, ECMultiplier multiplier) + Config(int coord, ECEndomorphism endomorphism, ECMultiplier multiplier) { this.coord = coord; + this.endomorphism = endomorphism; this.multiplier = multiplier; } @@ -46,6 +48,12 @@ public abstract class ECCurve return this; } + public Config setEndomorphism(ECEndomorphism endomorphism) + { + this.endomorphism = endomorphism; + return this; + } + public Config setMultiplier(ECMultiplier multiplier) { this.multiplier = multiplier; @@ -66,6 +74,7 @@ public abstract class ECCurve } c.coord = coord; + c.endomorphism = endomorphism; c.multiplier = multiplier; return c; @@ -77,6 +86,7 @@ public abstract class ECCurve protected BigInteger order, cofactor; protected int coord = COORD_AFFINE; + protected ECEndomorphism endomorphism = null; protected ECMultiplier multiplier = null; protected ECCurve(FiniteField field) @@ -90,7 +100,7 @@ public abstract class ECCurve public Config configure() { - return new Config(this.coord, this.multiplier); + return new Config(this.coord, this.endomorphism, this.multiplier); } public ECPoint createPoint(BigInteger x, BigInteger y) @@ -115,6 +125,11 @@ public abstract class ECCurve protected ECMultiplier createDefaultMultiplier() { + if (endomorphism instanceof GLVEndomorphism) + { + return new GLVMultiplier(this, (GLVEndomorphism)endomorphism); + } + return new WNafL2RMultiplier(); } @@ -259,6 +274,11 @@ public abstract class ECCurve protected abstract ECPoint decompressPoint(int yTilde, BigInteger X1); + public synchronized ECEndomorphism getEndomorphism() + { + return endomorphism; + } + /** * Sets the default ECMultiplier, unless already set. */ diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java index 0292a642..87d9f10c 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP192K1Curve.java @@ -52,23 +52,6 @@ public class SecP192K1Curve extends ECCurve } } - protected ECMultiplier createDefaultMultiplier() - { - GLVTypeBParameters p = new GLVTypeBParameters( - fromBigInteger(new BigInteger("bb85691939b869c1d087f601554b96b80cb4f55b35f433c2", 16)), - new BigInteger("3d84f26c12238d7b4f3d516613c1759033b1a5800175d0b1", 16), - new BigInteger[]{ - new BigInteger("71169be7330b3038edb025f1", 16), - new BigInteger("-b3fb3400dec5c4adceb8655c", 16) }, - new BigInteger[]{ - new BigInteger("12511cfe811d0f4e6bc688b4d", 16), - new BigInteger("71169be7330b3038edb025f1", 16) }, - new BigInteger("1c45a6f9ccc2cc0e3b6c097c7", 16), - new BigInteger("2cfecd0037b1712b73ae19575", 16), - 194); - return new GLVMultiplier(this, new GLVTypeBEndomorphism(p)); - } - public BigInteger getQ() { return q; diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java index 03e3385e..8323de1d 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP224K1Curve.java @@ -51,23 +51,6 @@ public class SecP224K1Curve extends ECCurve } } - protected ECMultiplier createDefaultMultiplier() - { - GLVTypeBParameters p = new GLVTypeBParameters( - fromBigInteger(new BigInteger("fe0e87005b4e83761908c5131d552a850b3f58b749c37cf5b84d6768", 16)), - new BigInteger("60dcd2104c4cbc0be6eeefc2bdd610739ec34e317f9b33046c9e4788", 16), - new BigInteger[]{ - new BigInteger("6b8cf07d4ca75c88957d9d670591", 16), - new BigInteger("-b8adf1378a6eb73409fa6c9c637d", 16) }, - new BigInteger[]{ - new BigInteger("1243ae1b4d71613bc9f780a03690e", 16), - new BigInteger("6b8cf07d4ca75c88957d9d670591", 16) }, - new BigInteger("35c6783ea653ae444abeceb382c82", 16), - new BigInteger("5c56f89bc5375b9a04fd364e31bdd", 16), - 227); - return new GLVMultiplier(this, new GLVTypeBEndomorphism(p)); - } - public BigInteger getQ() { return q; diff --git a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java index 6b9937c2..7977d9df 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java +++ b/core/src/main/java/org/bouncycastle/math/ec/custom/sec/SecP256K1Curve.java @@ -51,23 +51,6 @@ public class SecP256K1Curve extends ECCurve } } - protected ECMultiplier createDefaultMultiplier() - { - GLVTypeBParameters p = new GLVTypeBParameters( - fromBigInteger(new BigInteger("7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee", 16)), - new BigInteger("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72", 16), - new BigInteger[]{ - new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16), - new BigInteger("-e4437ed6010e88286f547fa90abfe4c3", 16) }, - new BigInteger[]{ - new BigInteger("114ca50f7a8e2f3f657c1108d9d44cfd8", 16), - new BigInteger("3086d221a7d46bcde86c90e49284eb15", 16) }, - new BigInteger("c21b48869f51af37a1b243924a13ac55", 16), - new BigInteger("3910dfb58043a20a1bd51fea42aff9311", 16), - 258); - return new GLVMultiplier(this, new GLVTypeBEndomorphism(p)); - } - public BigInteger getQ() { return q; diff --git a/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java b/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java index 45b21722..f690e918 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java +++ b/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBEndomorphism.java @@ -3,19 +3,22 @@ package org.bouncycastle.math.ec.endo; import java.math.BigInteger; import org.bouncycastle.math.ec.ECConstants; +import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECPointMap; import org.bouncycastle.math.ec.GLVEndomorphism; import org.bouncycastle.math.ec.ScaleXPointMap; public class GLVTypeBEndomorphism implements GLVEndomorphism { - private final GLVTypeBParameters parameters; - private final ECPointMap pointMap; + protected final ECCurve curve; + protected final GLVTypeBParameters parameters; + protected final ECPointMap pointMap; - public GLVTypeBEndomorphism(GLVTypeBParameters parameters) + public GLVTypeBEndomorphism(ECCurve curve, GLVTypeBParameters parameters) { + this.curve = curve; this.parameters = parameters; - this.pointMap = new ScaleXPointMap(parameters.getBeta()); + this.pointMap = new ScaleXPointMap(curve.fromBigInteger(parameters.getBeta())); } public BigInteger[] decomposeScalar(BigInteger k) diff --git a/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java b/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java index ee2946fc..f02a882f 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java +++ b/core/src/main/java/org/bouncycastle/math/ec/endo/GLVTypeBParameters.java @@ -2,17 +2,15 @@ package org.bouncycastle.math.ec.endo; import java.math.BigInteger; -import org.bouncycastle.math.ec.ECFieldElement; - public class GLVTypeBParameters { - protected final ECFieldElement beta; + protected final BigInteger beta; protected final BigInteger lambda; protected final BigInteger[] v1, v2; protected final BigInteger g1, g2; protected final int bits; - public GLVTypeBParameters(ECFieldElement beta, BigInteger lambda, BigInteger[] v1, BigInteger[] v2, BigInteger g1, + public GLVTypeBParameters(BigInteger beta, BigInteger lambda, BigInteger[] v1, BigInteger[] v2, BigInteger g1, BigInteger g2, int bits) { this.beta = beta; @@ -24,7 +22,7 @@ public class GLVTypeBParameters this.bits = bits; } - public ECFieldElement getBeta() + public BigInteger getBeta() { return beta; } -- cgit v1.2.3