Elliptic Curve Arithmetic

EC{B}

Represents a non-supersingular elliptic curve over the binary field B.

Contains fields a::B and b::B, where:

$y^2 + xy = x^3 + ax^2 + b$

AbstractECPoint{B}

Abstract type for points on an elliptic curve defined over the binary field B.

ECPointAffine{B} <: AbstractECPoint{B}

Represents a point on an elliptic curve over the binary B. Contains fields x::B, y::B, and ec::EC{B}.

$E: y^2 + xy = x^3 + ax^2 + b$

ECPointJacobian{B} <: AbstractECPoint{B}

Represents a point on an elliptic curve over the binary B. Contains fields x::B, y::B, z::B and ec::EC{B}.

$E: y^2 + xyz = x^3 + ax^2z^2 + bz^6$

Each point $(x, y)$ on the curve is represented by a set of equivalent Jacobian points, $\{(\lambda^2 x, \lambda^3 y, \lambda) : \lambda \in K^* \}$ (where $K^*$ is the binary field that the curve is based on).

ECPointLD{B} <: AbstractECPoint{B}

Represents a point on an elliptic curve over the binary B. Contains fields x::B, y::B, z::B and ec::EC{B}.

$E: y^2 + xyz = x^3z + ax^2z^2 + bz^4$

Each (affine) point $(x, y)$ is represented by a set of Lopez-Dahab points, $\{(\lambda x, \lambda^2 y, \lambda) : \lambda \in K^* \}$ (where $K^*$ is the binary field that the curve is based on).

ECMismatchException <: Exception

Indicates that an operation has been attempted on several points that are not on the same curve.

==(ec1::EC{B}, ec2::EC{B}) where B

Two elliptic curves are equal if they have the same parameters a and b, and are defined over the same field.

repr(ec::EC)

Returns a string representation of an elliptic curve equation, "$y^2 + xy = x^3 + ax^2 + b$".

==(p1::ECPointAffine{B}, p2::ECPointAffine{B}) where B

Two points are equal iff they have the same $x$ and $y$ coordinate, and are on the same elliptic curve.

+(p1::ECPointAffine{B}, p2::ECPointAffine{B}) where B

Returns $p_1+p_2$.

If the points are not on the same curve, this will throw an ECMismatchException.

double(p::ECPointAffine{B})::ECPointAffine{B} where B

Returns the result of doubling the point p, using a standard method that assumes p is a random unknown point.

-(p::ECPointAffine{B}) where B

Returns additive inverse of the given point, $-p$.

-(p1::AbstractECPoint, p2::AbstractECPoint)

Returns $p_1-p_2$.

*(p::AbstractECPoint{B}, k) where B

Returns the result of the scalar multiplication $p \cdot k$, using a default high performance method. Commutative, so that either p * k or k * p can be written, in addition to p \cdot k or k \cdot p. k must be an integer or a PFieldElt.

double_standard(p::ECPointAffine{B})::ECPointAffine{B} where B

Performs a standard version of the point doubling routine.

double_memo(p::ECPointAffine{B})::ECPointAffine{B} where B

Performs memoised point doubling: if the point p has previously been calculated by this routine, it will be fetched from a dictionary rather than recalculated. If the point has not yet been seen, it will be doubled with the double_standard routine and stored into a dictionary.

double_threaded(p::ECPointAffine{B})::ECPointAffine{B} where B

Doubles the point p by spawning an additional thread to perform extra work on.

mult_standard_rtl(P::AbstractECPoint{B}, k::Integer) where B

Performs scalar point multiplication using a right-to-left double-and-add method.

mult_standard_ltr(P::AbstractECPoint{B}, k::Integer) where B

Performs scalar point multiplication using a left-to-right double-and-add method.

mult_window(P::AbstractECPoint{B}, k::Integer, w::Int) where B

Performs scalar point multiplication using a windowed left-to-right double-and-add method.

mult_bnaf(P::AbstractECPoint{B}, k::Integer) where B

Performs scalar point multiplication using a right-to-left double-and-add method with the binary NAF of k.

mult_memo(P::AbstractECPoint{B}, k::Integer) where B

Performs scalar point multiplication using a right-to-left double-and-add method with the binary NAF of k. This function uses the memoised point doubling routine double_memo, and so it should only called with a known point P (i.e. one which will likely be seen again, such as a generating point).

mult_bnaf_threaded(P::AbstractECPoint{B}, k::Integer) where B

Performs scalar point multiplication using a right-to-left double-and-add method with the binary NAF of k, by spawning an extra thread where useful.

mult_bnaf_window(P::AbstractECPoint{B}, k::Integer, w::Int) where B

Performs scalar point multiplication using a windowed left-to-right double-and-add method with the binary NAF of k. Performs best with a window size of 8.

mult_wnaf(P::AbstractECPoint{B}, k::Integer, w::Int) where B

Performs scalar point multiplication using a left-to-right double-and-add method with the width-w NAF of k. Performs best with a width of 6.

mult_mont_general(p::AbstractECPoint, n::Integer)

Performs $p \cdot n$ with a fixed sequence of curve and field operations. More resistant to timing attacks than the standard double and add algorithm.

mult_mont_affine(p::ECPointAffine{B}, n::Integer) where B

Returns $p \cdot n$.

More resistant to timing attacks than the standard double and add algorithm.

Fast Multiplication on Elliptic Curves over $GF(2^m)$ without Precomputation, Algorithm 2A: Montgomery Scalar Multiplication.

iszero(p::ECPointAffine)

Returns true if $p = \mathcal{O}$, i.e it is the point at infinity.

zero(::Type{ECPointAffine{B}, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

zero(::Type{ECPointAffine, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

iszero(p::ECPointJacobian)

Returns true if $p = \mathcal{O}$, i.e it is the point at infinity.

zero(::Type{ECPointJacobian{B}}, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

zero(::Type{ECPointJacobian}, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

iszero(p::ECPointLD)

Returns true if $p = \mathcal{O}$, i.e it is the point at infinity.

zero(::Type{ECPointLD{B}}, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

zero(::Type{ECPointLD}, ec::EC{B}) where B

Returns an object representing the point at infinity on the given curve.

+(::Type{ECPointJacobian{B}}, p1::ECPointLD{B}, p2::ECPointJacobian{B}) where B

Returns $p_1 +p_2$ in Jacobian coordinates.

+(::Type{ECPointJacobian{B}}, p1::ECPointJacobian{B}, p2::ECPointLD{B}) where B

Returns $p_1 +p_2$ in Jacobian coordinates.

+(::Type{ECPointLD{B}}, p1::ECPointLD{B}, p2::ECPointJacobian{B}) where B

Returns $p_1 +p_2$ in Lopez-Dahab coordinates.

+(::Type{ECPointLD{B}}, p1::ECPointJacobian{B}, p2::ECPointLD{B}) where B

Returns $p_1 +p_2$ in Lopez-Dahab coordinates.

convert(::Type{ECPointAffine}, p::ECPointJacobian{B}) where B

Converts a point from Jacobian coordinates to affine coordinates.

convert(::Type{ECPointAffine}, p::ECPointLD{B}) where B

Converts a point from Lopez-Dahab coordinates to affine coordinates.

convert(::Type{ECPointJacobian}, p::ECPointAffine{B}) where B

Converts a point from affine coordinates to Jacobian coordinates.

convert(::Type{ECPointJacobian}, p::ECPointLD{B}) where B

Converts a point from Lopez-Dahab coordinates to Jacobian coordinates.

convert(::Type{ECPointLD}, p::ECPointAffine{B}) where B

Converts a point from affine coordinates to Lopez-Dahab coordinates.

convert(::Type{ECPointLD}, p::ECPointJacobian{B}) where B

Converts a point from Jacobian coordinates to Lopez-Dahab coordinates.

ECPointAffine(s::String, ec::EC{B}) where B

Convert a hex string to a point on the given elliptic curve using the procedure in SEC 2 (version 2), section 2.3.4.

isvalid(p::ECPointAffine)

Returns true if p is a point on the elliptic curve that it is associated with.

repr(p::ECPointAffine)

Returns a string representation of an elliptic curve point, i.e. "$(x, y)$".

repr(p::ECPointJacobian)

Returns a string representation of an elliptic curve point, "$(x, y, z)$".

repr(p::ECPointLD)

Returns a string representation of an elliptic curve point, "$(x, y, z)$".

naf(k::T) where T<:Integer

Computes the binary NAF of an integer k.

naf(k::Integer, w::Int)

Computes the width-w NAF of integer k.