mphell-edwards.h

Go to the documentation of this file.

/* 
  MPHELL-4.0 
  Author(s): The MPHELL team

 (C) Copyright 2015-2018 - Institut Fourier / Univ. Grenoble Alpes (France) 

 This file is part of the MPHELL Library.
 MPHELL is free software: you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published by
 the Free Software Foundation, version 3 of the License.
 
 MPHELL is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU Lesser General Public License for more details.

 You should have received a copy of the GNU Lesser General Public License
 along with MPHELL.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef MPHELL_EDWARDS_H
#define MPHELL_EDWARDS_H

/* E: x^2 + y^2 = 1 + d x^2 y^2 */
/* Edwards form  */
/* Projective coordinates represent an affine point (x,y) on a Edwards-form elliptic curve x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying (X^2 + Y^2) Z^2 = Z^4 + d X^2 Y^2. Here (X:Y:Z) = (sX:sY:sZ) for all nonzero s. */
/* The triple (X, Y, Z) represents the affine point (X / Z, Y / Z) */

/* Jacobian coordinates represent an affine point (x,y) on a Edwards-form elliptic curve  x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying (X^2 Z^6 + Y^2 Z^4)  = Z^10 + d X^2 Y^2. Here (X:Y:Z) = (s^2 X:s^3 Y:sZ) for all nonzero s.*/
/* The triple (X, Y, Z) represents the affine point (X / Z^2, Y / Z^3). */

/* Extended twisted Edwards coordinates represent an affine point (x,y) on a Edwards-form elliptic curve x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying ( X^2 + Y^2) Z^2 = Z^4 + d X^2 Y^2. Here (X:Y:T:Z) = (sX:sY:sT:sZ) for all nonzero s. The auxiliary coordinate T has the property T=XY/Z. */

/* E: a x^2 + y^2 = 1 + d x^2 y^2 */
/* Twisted Edwards form  */
/* Projective coordinates represent an affine point (x,y) on a Edwards-form elliptic curve a x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying (X^2 + Y^2) Z^2 = Z^4 + d X^2 Y^2. Here (X:Y:Z) = (sX:sY:sZ) for all nonzero s. */
/* The triple (X, Y, Z) represents the affine point (X / Z, Y / Z) */

/* Jacobian coordinates represent an affine point (x,y) on a Weierstrass-form elliptic curve a x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying (a X^2 Z^6 + Y^2 Z^4)  = Z^10 + d X^2 Y^2. Here (X:Y:Z) = (s^2 X:s^3 Y:sZ) for all nonzero s.*/
/* The triple (X, Y, Z) represents the affine point (X / Z^2, Y / Z^3). */

/* Extended twisted Edwards coordinates represent an affine point (x,y) on a Edwards-form elliptic curve a x^2 + y^2 = 1 + d x^2 y^2 as (X:Y:Z) satisfying (a X^2 + Y^2) Z^2 = Z^4 + d X^2 Y^2. Here (X:Y:T:Z) = (sX:sY:sT:sZ) for all nonzero s. The auxiliary coordinate T has the property T=XY/Z. */

/* In this software the coefficients a and d that represent a(n) (Twisted) Edwards Curve are stored in E->a for a and E->b for d.*/

/* More details can be found for example in Twisted Edwards curves by Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, and Christiane Peters
  published in International Conference on Cryptology in Africa. Springer, Berlin, Heidelberg, 2008. p. 389-405. */

/************************************SETTERS**********************************/

void
edwards_compute_disc(ec_curve E, uint8_t stack);

bool 
edwards_verify_random_generation(ec_curve E, const char * seed, uint8_t stack);

void 
edwards_curve_random_generation(fe_ptr d, char * seed_res, field_srcptr k, uint8_t stack);

void 
edwards_point_set_neutral (ec_point_ptr dst, ec_curve_srcptr E, uint8_t stack);

void 
edwards_point_set_aff (ec_point_ptr P, fe_srcptr x, fe_srcptr y, field_srcptr k, uint8_t stack);

void 
edwards_point_set_aff_str (ec_point_ptr P, const char *str_x, const char *str_y,
        const bool is_reduced, const uint8_t base, field_srcptr k, uint8_t stack);

bool
edwards_belongs (ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack);

void 
edwards_point_random (ec_point_ptr P, ec_curve_srcptr E, uint8_t stack);

void
edwards_point_norm (ec_point_ptr P, ec_curve_srcptr E, uint8_t stack);

void
edwards_point_get_x_affine(field_elt x, ec_point_ptr P, ec_curve_srcptr E, uint8_t stack);

void
edwards_point_get_y_affine(field_elt y, ec_point_ptr P, ec_curve_srcptr E, uint8_t stack);

/*******************************COMPARISON************************************/

bool 
edwards_point_is_neutral (ec_point_srcptr P, ec_curve_srcptr E);

bool
edwards_point_are_equal (ec_point_srcptr P1, ec_point_srcptr P2, 
        ec_curve_srcptr E, uint8_t stack);

/*******************************OPERATIONS************************************/

void 
edwards_point_neg (ec_point_ptr P3, ec_point_srcptr P1, ec_curve_srcptr E);

/* UNIFIED => Resistant to SPA */

void 
edwards_point_add_unified (ec_point_ptr P3, ec_point_srcptr P1, ec_point_srcptr P2,
        ec_curve_srcptr E, uint8_t stack);

/* DEDICATED => Not resistant to SPA, but faster  */

void 
edwards_point_add_dedicated (ec_point_ptr P3, ec_point_srcptr P1, ec_point_srcptr P2,
        ec_curve_srcptr E, uint8_t stack);

void 
edwards_point_dbl_dedicated (ec_point_ptr P3, ec_point_srcptr P1, ec_curve_srcptr E, uint8_t stack);

#endif