author: J08nY 2018-07-12 19:45:23 +0200
committer: J08nY 2018-07-12 19:45:23 +0200
commit: b65fbd884350212cee449fb208636eb3ee76cd49 (patch)
tree: fdf47cab1257e811c37a71644e6d4a63b3130456
parent: cbd242d82a6e725071489a8d313a9fbf225ba9b6 (diff)
download: ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.tar.gz
ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.tar.zst
ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.zip
10 files changed, 96 insertions, 8 deletions
diff --git a/docs/IMPLEMENTATIONS.md b/docs/IMPLEMENTATIONS.md
index 23010c7..4a70b7d 100644
--- a/docs/IMPLEMENTATIONS.md
+++ b/docs/IMPLEMENTATIONS.md
@@ -119,7 +119,7 @@ negation: \(-[x, y] = [x, -y] \)
 
  - To Projective: \( [x, y] \rightarrow (x : y : 1) \)
  - To Jacobian: \( [x, y] \rightarrow (x : y : 1) \)
- - To Chudnovsky: ?
+ - To Chudnovsky: \( [x, y] \rightarrow (x : y : 1 : 1 : 1) \)
 
 ### Projective
 \begin{align*}
@@ -134,9 +134,11 @@ negation: \(-[x, y] = [x, -y] \)
 
 infinity is \((0 : 1 : 0)\).
 
+negation: \( -(X : Y : Z) = (X : -Y : Z) \)
+
  - To Affine: \( (X : Y : Z) \rightarrow [X/Z, Y/Z] \)
- - To Jacobian: ?
- - To Chudnovsky: ?
+ - To Jacobian: \( (X : Y : Z) \rightarrow (X/Z : Y/Z : 1) \) ?
+ - To Chudnovsky: \( (X : Y : Z) \rightarrow (X/Z : Y/Z : 1 : 1 : 1) \) ?
 
 ### Jacobian
 \begin{align*}
@@ -151,8 +153,10 @@ infinity is \((0 : 1 : 0)\).
 
 infinity is \( (1 : 1 : 0) \).
 
+negation: \( -(X : Y : Z) = (X : -Y : Z) \)
+
  - To Affine: \( (X : Y : Z) \rightarrow [X/Z^2, Y/Z^3] \)
- - To Projective: ?
+ - To Projective: \( (X : Y : Z) \rightarrow (X/Z^2 : Y/Z^3 : 1) \) ?
  - To Chudnovsky: \( (X : Y : Z) \rightarrow (X : Y : Z : Z^2 : Z^3) \)
 
 ### Chudnovsky
@@ -163,8 +167,10 @@ infinity is \( (1 : 1 : 0) \).
 
 infinity is \( (1 : 1 : 0 : 0 : 0) \). ?
 
+negation: \( -(X : Y : Z : Z^2 : Z^3) = (X : -Y : Z : Z^2 : Z^3) \)
+
  - To Affine: \( (X : Y : Z : Z^2 : Z^3) \rightarrow [X/Z^2, Y/Z^3] \)
- - To Projective: ?
+ - To Projective: \( (X : Y : Z : Z^2 : Z^3) \rightarrow (X/Z^2 : Y/Z^3 : 1) \) ?
  - To Jacobian: \( (X : Y : Z : Z^2 : Z^3) \rightarrow (X : Y : Z) \)
 
 
@@ -241,6 +247,26 @@ Cost: \( C_{binexp}(k) = \lambda(k)C_2 + (\nu(k) - k_0)C_+\)[^7]
 
 Uses binary addition chain, but does all the additions/multiplications.
 
+(right-to-left)
+
+    INPUT: k = (k_{t-1}, ..., k_1, k_0)_2, P ∈ E(F_q).
+    OUTPUT: [k]P.
+    1. Q ← ∞.
+    2. For i from t - 1 downto 0 do
+    2.1 If k_i = 1 then Q ← Q + P else Dummy ← Q + P.
+    2.2 P ← 2P.
+    3. Return(Q).
+
+(left-to-right)
+
+    INPUT: k = (k_{t-1}, ..., k_1, k_0)_2, P ∈ E(F_q).
+    OUTPUT: [k]P.
+    1. Q ← ∞.
+    2. For i from t - 1 downto 0 do
+    2.1 Q ← 2Q.
+    2.2 If k_i = 1 then Q ← Q + P else Dummy ← Q + P.
+    3. Return(Q).
+
 Cost: \( C_{const\_binexp}(k) = \lambda(k) (C_2 + C_+) \) ?
 
 ### Binary NAF multiplication (signed binary exponentiation)
@@ -285,7 +311,7 @@ Cost: \( C_{bin\_NAF} = l(k)C_2 + \sigma(k)C_+ + \text{NAF computation cost}\) ?
     INPUT: Window width w, positive integer k, P ∈ E(F_q).
     OUTPUT: [k]P.
     1. Use Algorithm 3.30 to compute NAF(k).
-    2. Compute P_i = [i]P for i ∈ {1, 3, . . ., 2(2^w - (-1)^w)/3 - 1}. //precomputation
+    2. Compute P_i = [i]P for i ∈ {1, 3, . . ., 2(2^w - (-1)^w)/3 - 1}. //precomputation for fixed P
     3. Q ← ∞, i ← l - 1.
     4. While i ≥ 0 do
     4.1 If k_i = 0 then:
@@ -323,7 +349,7 @@ Cost: \( C_{bin\_NAF} = l(k)C_2 + \sigma(k)C_+ + \text{NAF computation cost}\) ?
     INPUT: Window width w, positive integer k, P ∈ E(F_q).
     OUTPUT: [k]P.
     1. Use Algorithm 3.35 to compute NAF-w(k).
-    2. Compute P_i = [i]P for i ∈ {1, 3, 5, . . ., 2^{w-1} - 1}. //precomputation
+    2. Compute P_i = [i]P for i ∈ {1, 3, 5, . . ., 2^{w-1} - 1}. //precomputation for fixed P
     3. Q ← ∞.
     4. For i from l - 1 downto 0 do
     4.1 Q ← 2Q.
@@ -409,7 +435,7 @@ x_n &= X_n / Z_n; \qquad x_{n+1} = X_{n+1} / Z_{n+1} \\
 y_n &= \frac{2a_6 +(x_1x_n + a_4) (x_1 + x_n) - (x_1 - x_n)^2x_{n+1}}{2y_1}
 \end{align*}
 
-Lopez-Dahab addition formulas (Projective coordinates/XZ coordinates):[^2]
+Lopez-Dahab addition formulas on \( E(\mathbb{F}_{2^m}) \)(Projective coordinates/XZ coordinates):[^2]
 
  - Addition (\( n \ne m \)):
 \begin{align*}
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_128.csv b/src/cz/crcs/ectester/data/composite/carmichael_128.csv
new file mode 100644
index 0000000..400abca
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_128.csv
@@ -0,0 +1 @@
+0x8d4731c77d3462993d75627d4ea254ef,0x7374f7d098c61f64d0dcd328b537e22c,0x3658ca99638dc513932535134f48536b,0x7d5beaa13395695173e3371b7638347a,0x6f1c533a21abb60316bb9529528910c4,0x8d4731c77d346297e54306afea3730a1,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_192.csv b/src/cz/crcs/ectester/data/composite/carmichael_192.csv
new file mode 100644
index 0000000..7c21982
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_192.csv
@@ -0,0 +1 @@
+0x8b72c1f15aacdcc4c3d881b3e14fa5e07f614ffd25613c95,0x4de73fecdd02978832f2025306474f85af670aa44735bec4,0x55fa4ea6cbf5241ff5c3734bef8db6399fa45ffbf6450f45,0x0236516a5b59cd7871ed1403e820f07d1795483b5c1cc7c7,0x137236f344d2e6e51476662acc70a2247f81d4801b0b9fa4,0x8b72c1f15aacdcc4c3d881b2a6256f87e98d12e5385af0b9,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_224.csv b/src/cz/crcs/ectester/data/composite/carmichael_224.csv
new file mode 100644
index 0000000..d72a30c
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_224.csv
@@ -0,0 +1 @@
+0x929fe6161bc19ea029efb679c883576d18d69b5b3a3870eaf80d49a3,0x159ef3437e3d7297247f6ad693c1d80f069cb9eb98a0c679668e5ff9,0x6448a16b4ed54d4532e4145cb5fa9a0cd623232d350f706742aeac8c,0x816e1a2510e83da094374558ba2df28976404fcff6c18bfb5eb8cbf9,0x78f245d80d0e1e18e73272fef47911883ae1ab2af985f93f06dbc002,0x929fe6161bc19ea029efb679c881d967bd62678011c1949852a0b119,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_256.csv b/src/cz/crcs/ectester/data/composite/carmichael_256.csv
new file mode 100644
index 0000000..fea4281
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_256.csv
@@ -0,0 +1 @@
+0x974a679ba3168a019e1f069aac82c999e2612f1957052c56607e8002ef36be53,0x51f15e6797f0a4f0f049b1aedb340118e9584727c5668fe856ad8e2fa111f12d,0x4e7c9daa52715b65db00a3f85ec87bf6a8cc1c312845fc302fc724eb0067d82e,0x6737dcaa9b8198f73599b700e6b3bfda05731528b620f9080799fd6d491be926,0x0f71d01a2ac0f12fe6db25cc420578e9acb729d007580b139cb4897d6421517c,0x974a679ba3168a019e1f069aac82c9986c8ed1c88f1d90e54250abfb0a363941,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_384.csv b/src/cz/crcs/ectester/data/composite/carmichael_384.csv
new file mode 100644
index 0000000..3002514
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_384.csv
@@ -0,0 +1 @@
+0xa10402c0f3ab3f57b7ddf22e1b7054a8b2a292e3466496d060a5264d9fe29e2fc22347b3b6c21cdf7cba591fd00abd29,0x3dafe0a9c8fb6540cfb52253c08d63742c122062d031f96b0d901d27c9a91d9cefc6d5df27b9f56664860d02b98bc00c,0x3ae6993a790b7e73d67d1cd3a1376c08b9effb7a43211cd169d4e5871bdf096827d953a9f1a98ad11748b22dadf28f07,0x2f2843692b78f89332597df8bec5f5c55767af145ade2c4ad6a4e08fc772c5b7e2bab7d1cb054ebee4367739fe5d5e5c,0x6940f0d9cd2276b4c909e730cdb909a8742a2abee52fe157ca7401d1d825f57145a3cc20522910b28b90cffc38d64e9b,0xa10402c0f3ab3f57b7ddf22e1b7054a8b2a292e3466496d056717d18f11d70554d3bff46c2b156dc594b563cf7ce93d1,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_512.csv b/src/cz/crcs/ectester/data/composite/carmichael_512.csv
new file mode 100644
index 0000000..59d0b03
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_512.csv
@@ -0,0 +1 @@
+0x9c4dc6f1cd53c38d5af75215620fb6d643257fb1f658d3e5d3b5412dee1bce65b734e62f7a592cda1f6218a11d07f791503e00190b94521255c291e59a069367,0x624745292ab68c1d121cc5f7bda57be0be0fc2461c212494d44f4d522bf797f31c47ba99b44c7145313aebe5bb03893ed11cfc926082e51426cc2b4347746aa5,0x456e5b484249ffa61273c26a91941dd9f1153b4e972df10cfe7c32c64f8aa6ac0f9ec02b63dec7daff1f30eb1a5ac7b641671092f723175f092f13e5f41f1399,0x4348b5167f4f5d7c3d1265d5f08e08db97cd506b9b2e546d94065220597e79291c2c2ece0f6b904a2a8c39f3adc6706724b56dc26804e19e5fefce5a7763d241,0x61bc72b13f6954704e8d219c2d1a20824dc759503f49b8aed3de1acb1761d68a68fbc93064ba12cac87344690be9027e763e3889ae561904c68bc586407018db,0x9c4dc6f1cd53c38d5af75215620fb6d643257fb1f658d3e5d3b5412dee1bce670a65fd73b857d9d8111f52eb305cfc13d96ca09cdc88e257b289d02d3239d259,0x01
diff --git a/src/cz/crcs/ectester/data/composite/carmichael_521.csv b/src/cz/crcs/ectester/data/composite/carmichael_521.csv
new file mode 100644
index 0000000..47ec1c3
--- /dev/null
+++ b/src/cz/crcs/ectester/data/composite/carmichael_521.csv
@@ -0,0 +1 @@
+0x011ebb4ebb42f370324a2b937a20c443f110e1e3c40ecb3eb63af873d0c86e7cce05e5416605f1fcfc8296c879bbea344084007bb8fc2c704d85fc4b7fcdc0a4a001,0x00be420c826bac034b4b24ba623a2551510f6663babc95d6741dd68ab05adf6cf2624b1d47fb76c7b0b3edae8c436befe0b5d536525bd662e911529d00c05437e1db,0x0087789843e5da542f34b7c9737db3f6dbaf515788f355b0e2e36d66eb65d1a183a95a88fb9ffa27807961581ed69473046df573baab472fca6a361228bf326fa7f7,0x00457d321b63688cff7ddb0c04fb4bec1b0da6b5af8cac11b9d6fdce431e80d4b48947329078a7c1c5ca9aeb351a2514f89ef8215adaad9af4f581df098fa088aba6,0x00c286d2f1e48e58787c83878624b273db0fa6c3de13e59e326c0f783a40056dd3623688156396986179d5ee97cf9df846ac7a3180a27a23a45cbb400d9553d8a659,0x11ebb4ebb42f370324a2b937a20c443f110e1e3c40ecb3eb63af873d0c86e7cce1752f780ce79d0886704c8603b16dbb491481c1b6682865a9b7f83440515fbe561,0x01
diff --git a/src/cz/crcs/ectester/data/composite/curves.xml b/src/cz/crcs/ectester/data/composite/curves.xml
index 8cec330..c0d61c2 100644
--- a/src/cz/crcs/ectester/data/composite/curves.xml
+++ b/src/cz/crcs/ectester/data/composite/curves.xml
@@ -250,4 +250,54 @@
         <file>composite256_rg0.csv</file>
         <desc>|G| divides r(so [r]G = infinity), but r != |G| = 0x743bc7ea193d40db</desc>
     </curve>
+
+    <curve>
+    	<id>pp/carmichael128</id>
+    	<bits>128</bits>
+    	<field>prime</field>
+    	<file>carmichael_128.csv</file>
+    	<desc>r = Carmichael pseudoprime = 0x2ddbfe0f1f7 * 0x5bb7fc1e3ed * 0x8993fa2d5e3</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael192</id>
+        <bits>192</bits>
+        <field>prime</field>
+        <file>carmichael_192.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x730ea70deea47eeb * 0xe61d4e1bdd48fdd5 * 0x1592bf529cbed7cbf</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael224</id>
+        <bits>224</bits>
+        <field>prime</field>
+        <file>carmichael_224.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x2e6e4205e9ea74ebefd * 0x5cdc840bd3d4e9d7df9 * 0x8b4ac611bdbf5ec3cf5</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael256</id>
+        <bits>256</bits>
+        <field>prime</field>
+        <file>carmichael_256.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x129e94800bf86bd2d04ce1 * 0x253d290017f0d7a5a099c1 * 0x37dbbd8023e9437870e6a1</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael384</id>
+        <bits>384</bits>
+        <field>prime</field>
+        <file>carmichael_384.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x78b4fa97e97300a5c46b32fb522cf76f * 0xf169f52fd2e6014b88d665f6a459eedd * 0x16a1eefc7bc5901f14d4198f1f686e64b</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael512</id>
+        <bits>512</bits>
+        <field>prime</field>
+        <file>carmichael_512.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x2f6e41969c169b4e97b0a1c46ca4fb3a8f294afaefb * 0x5edc832d382d369d2f614388d949f6751e5295f5df5 * 0x8e4ac4c3d443d1ebc711e54d45eef1afad7be0f0cef</desc>
+    </curve>
+    <curve>
+        <id>pp/carmichael521</id>
+        <bits>521</bits>
+        <field>prime</field>
+        <file>carmichael_521.csv</file>
+        <desc>r = Carmichael pseudoprime = 0x170ac4fd154250e674f9ac6e0c29a214c6d6553e4f11 * 0x2e1589fa2a84a1cce9f358dc185344298dacaa7c9e21 * 0x45204ef73fc6f2b35eed054a247ce63e5482ffbaed31</desc>
+    </curve>
 </curves>
 \ No newline at end of file
diff --git a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
index b80a0e3..c4b3775 100644
--- a/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
+++ b/src/cz/crcs/ectester/reader/test/CardCompositeSuite.java
@@ -77,6 +77,11 @@ public class CardCompositeSuite extends CardTestSuite {
         List<EC_Curve> pqCurves = groupList.stream().filter((e) -> e.getKey().equals("pq")).findFirst().get().getValue();
         testGroup(pqCurves, null, ExpectedValue.ANY, "", "");
 
+        /* Also test having G or large order being a Carmichael pseudoprime, R = p * q * r,
+         */
+        List<EC_Curve> ppCurves = groupList.stream().filter((e) -> e.getKey().equals("pp")).findFirst().get().getValue();
+        testGroup(ppCurves, "Generator order = Carmichael pseudoprime", ExpectedValue.ANY, "", "");
+
         /* Also test rg0 curves.
          */
         List<EC_Curve> rg0Curves = groupList.stream().filter((e) -> e.getKey().equals("rg0")).findFirst().get().getValue();
author	J08nY	2018-07-12 19:45:23 +0200
committer	J08nY	2018-07-12 19:45:23 +0200
commit	b65fbd884350212cee449fb208636eb3ee76cd49 (patch)
tree	fdf47cab1257e811c37a71644e6d4a63b3130456
parent	cbd242d82a6e725071489a8d313a9fbf225ba9b6 (diff)
download	ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.tar.gz ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.tar.zst ECTester-b65fbd884350212cee449fb208636eb3ee76cd49.zip