diff options
| -rw-r--r-- | pyecsca/ec/mult/comb.py | 4 | ||||
| -rw-r--r-- | pyecsca/ec/mult/fixed.py | 2 | ||||
| -rw-r--r-- | pyecsca/ec/mult/naf.py | 27 | ||||
| -rw-r--r-- | pyecsca/ec/mult/window.py | 4 | ||||
| -rw-r--r-- | test/ec/test_countermeasures.py | 1 | ||||
| -rw-r--r-- | test/ec/test_mult.py | 1 | ||||
| -rw-r--r-- | test/sca/test_rpa.py | 4 |
7 files changed, 36 insertions, 7 deletions
diff --git a/pyecsca/ec/mult/comb.py b/pyecsca/ec/mult/comb.py index 2488edf..1253993 100644 --- a/pyecsca/ec/mult/comb.py +++ b/pyecsca/ec/mult/comb.py @@ -33,6 +33,8 @@ class BGMWMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultiplier) :param width: Window width. :param direction: Whether it is LTR or RTL. :param accumulation_order: The order of accumulation of points. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula} @@ -139,6 +141,8 @@ class CombMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultiplier) :param width: Window width (number of comb teeth). :param always: Whether the double and add always method is used. :param accumulation_order: The order of accumulation of points. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula} diff --git a/pyecsca/ec/mult/fixed.py b/pyecsca/ec/mult/fixed.py index 4b817e9..3bd1f06 100644 --- a/pyecsca/ec/mult/fixed.py +++ b/pyecsca/ec/mult/fixed.py @@ -32,6 +32,8 @@ class FullPrecompMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMult :param direction: Whether it is LTR or RTL. :param accumulation_order: The order of accumulation of points. :param complete: Whether it starts processing at full order-bit-length. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula} diff --git a/pyecsca/ec/mult/naf.py b/pyecsca/ec/mult/naf.py index f2e2bcc..6d3e566 100644 --- a/pyecsca/ec/mult/naf.py +++ b/pyecsca/ec/mult/naf.py @@ -29,15 +29,19 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip """ Binary NAF (Non Adjacent Form) multiplier. - :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs - of the point at infinity. + :param always: Whether the addition is always performed. :param direction: Whether it is LTR or RTL. :param accumulation_order: The order of accumulation of points. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula, NegationFormula} optionals = {ScalingFormula} + always: bool + """Whether the double and add always method is used.""" direction: ProcessingDirection + """Whether it is LTR or RTL.""" _point_neg: Point def __init__( @@ -46,6 +50,7 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip dbl: DoublingFormula, neg: NegationFormula, scl: Optional[ScalingFormula] = None, + always: bool = False, direction: ProcessingDirection = ProcessingDirection.LTR, accumulation_order: AccumulationOrder = AccumulationOrder.PeqPR, short_circuit: bool = True, @@ -58,6 +63,7 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip neg=neg, scl=scl, ) + self.always = always self.direction = direction def __hash__(self): @@ -65,6 +71,7 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip ( BinaryNAFMultiplier, super().__hash__(), + self.always, self.direction, self.accumulation_order, ) @@ -75,13 +82,14 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip return False return ( self.formulas == other.formulas + and self.always == other.always and self.short_circuit == other.short_circuit and self.direction == other.direction and self.accumulation_order == other.accumulation_order ) def __repr__(self): - return f"{self.__class__.__name__}({', '.join(map(str, self.formulas.values()))}, short_circuit={self.short_circuit}, direction={self.direction.name}, accumulation_order={self.accumulation_order.name})" + return f"{self.__class__.__name__}({', '.join(map(str, self.formulas.values()))}, short_circuit={self.short_circuit}, direction={self.direction.name}, accumulation_order={self.accumulation_order.name}, always={self.always})" def init(self, params: DomainParameters, point: Point, bits: Optional[int] = None): with PrecomputationAction(params, point) as action: @@ -95,9 +103,13 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip q = self._dbl(q) if val == 1: q = self._accumulate(q, self._point) - if val == -1: + if self.always: + self._accumulate(q, self._point_neg) + elif val == -1: # TODO: Whether this negation is precomputed can be a parameter q = self._accumulate(q, self._point_neg) + if self.always: + self._accumulate(q, self._point) return q def _rtl(self, scalar_naf: List[int]) -> Point: @@ -106,9 +118,14 @@ class BinaryNAFMultiplier(AccumulatorMultiplier, PrecompMultiplier, ScalarMultip for val in reversed(scalar_naf): if val == 1: r = self._accumulate(r, q) - if val == -1: + if self.always: + neg = self._neg(q) + self._accumulate(r, neg) + elif val == -1: neg = self._neg(q) r = self._accumulate(r, neg) + if self.always: + self._accumulate(r, q) q = self._dbl(q) return r diff --git a/pyecsca/ec/mult/window.py b/pyecsca/ec/mult/window.py index 1340e7e..327f794 100644 --- a/pyecsca/ec/mult/window.py +++ b/pyecsca/ec/mult/window.py @@ -39,6 +39,8 @@ class SlidingWindowMultiplier( :param width: The width of the sliding-window recoding. :param recoding_direction: The direction for the sliding-window recoding. :param accumulation_order: The order of accumulation of points. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula} @@ -140,6 +142,8 @@ class FixedWindowLTRMultiplier( :param m: The arity of the multiplier. :param accumulation_order: The order of accumulation of points. + :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs + of the point at infinity. """ requires = {AdditionFormula, DoublingFormula} diff --git a/test/ec/test_countermeasures.py b/test/ec/test_countermeasures.py index 3cd5461..1bf1477 100644 --- a/test/ec/test_countermeasures.py +++ b/test/ec/test_countermeasures.py @@ -42,6 +42,7 @@ def mults(secp128r1, add, dbl): for combination in product(*rtl_options.values()) ] bnaf_options = { + "always": (True, False), "direction": tuple(ProcessingDirection), "accumulation_order": tuple(AccumulationOrder), } diff --git a/test/ec/test_mult.py b/test/ec/test_mult.py index 07ddcdf..9617fa5 100644 --- a/test/ec/test_mult.py +++ b/test/ec/test_mult.py @@ -382,6 +382,7 @@ def test_basic_multipliers(secp128r1, num, add, dbl): for combination in product(*rtl_options.values()) ] bnaf_options = { + "always": (True, False), "direction": tuple(ProcessingDirection), "accumulation_order": tuple(AccumulationOrder), } diff --git a/test/sca/test_rpa.py b/test/sca/test_rpa.py index c2083ba..8be35f1 100644 --- a/test/sca/test_rpa.py +++ b/test/sca/test_rpa.py @@ -168,10 +168,10 @@ def test_distinguish_basic(distinguish_params_sw, add, dbl, neg): RTLMultiplier(add, dbl, None, True, AccumulationOrder.PeqPR, False), SimpleLadderMultiplier(add, dbl, None, True, True), BinaryNAFMultiplier( - add, dbl, neg, None, ProcessingDirection.LTR, AccumulationOrder.PeqPR, True + add, dbl, neg, None, False, ProcessingDirection.LTR, AccumulationOrder.PeqPR, True ), BinaryNAFMultiplier( - add, dbl, neg, None, ProcessingDirection.RTL, AccumulationOrder.PeqPR, True + add, dbl, neg, None, False, ProcessingDirection.RTL, AccumulationOrder.PeqPR, True ), WindowNAFMultiplier( add, dbl, neg, 3, None, AccumulationOrder.PeqPR, True, True |