diff options
| -rw-r--r-- | pyecsca/ec/coordinates.py | 18 | ||||
| m--------- | pyecsca/ec/efd | 0 | ||||
| -rw-r--r-- | pyecsca/sca/re/zvp.py | 11 | ||||
| -rwxr-xr-x | test/ec/perf_formula.py | 4 | ||||
| -rwxr-xr-x | test/ec/perf_mult.py | 4 | ||||
| -rw-r--r-- | test/ec/test_configuration.py | 4 | ||||
| -rw-r--r-- | test/ec/test_key_agreement.py | 4 | ||||
| -rw-r--r-- | test/ec/test_mult.py | 22 | ||||
| -rw-r--r-- | test/ec/test_signature.py | 4 | ||||
| -rw-r--r-- | test/sca/perf_zvp.py | 2 | ||||
| -rw-r--r-- | test/sca/test_target.py | 26 | ||||
| -rw-r--r-- | test/sca/test_zvp.py | 9 |
12 files changed, 70 insertions, 38 deletions
diff --git a/pyecsca/ec/coordinates.py b/pyecsca/ec/coordinates.py index 82b74e7..8cc21bc 100644 --- a/pyecsca/ec/coordinates.py +++ b/pyecsca/ec/coordinates.py @@ -33,6 +33,10 @@ class CoordinateModel: """Variables that the coordinate model uses.""" satisfying: List[Module] """Relationship between the coordinate system and affine coordinates.""" + toaffine: List[Module] + """Map to affine coordinates from system coordinates.""" + tosystem: List[Module] + """Map from coordinate system to affine coordinates.""" parameters: List[str] """Coordinate system parameters.""" assumptions: List[Module] @@ -78,6 +82,8 @@ class EFDCoordinateModel(CoordinateModel): self.curve_model = curve_model self.variables = [] self.satisfying = [] + self.toaffine = [] + self.tosystem = [] self.parameters = [] self.assumptions = [] self.neutral = [] @@ -126,6 +132,18 @@ class EFDCoordinateModel(CoordinateModel): self.satisfying.append(code) except SyntaxError: pass + elif line.startswith("toaffine"): + try: + code = parse(line[9:].replace("^", "**"), mode="exec") + self.toaffine.append(code) + except SyntaxError: + pass + elif line.startswith("tosystem"): + try: + code = parse(line[9:].replace("^", "**"), mode="exec") + self.tosystem.append(code) + except SyntaxError: + pass elif line.startswith("parameter"): self.parameters.append(line[10:]) elif line.startswith("assume"): diff --git a/pyecsca/ec/efd b/pyecsca/ec/efd -Subproject bfecf9e69ae1b20f0fe1b83496407c2ac09cd72 +Subproject 39ca92b31719956dd72edaca20928d21fae3088 diff --git a/pyecsca/sca/re/zvp.py b/pyecsca/sca/re/zvp.py index 58abea7..33b92cc 100644 --- a/pyecsca/sca/re/zvp.py +++ b/pyecsca/sca/re/zvp.py @@ -9,7 +9,7 @@ Implements ZVP point construction from [FFD]_. from typing import List, Set from public import public -from sympy import symbols, FF, Poly, Monomial, Symbol, Expr +from sympy import symbols, FF, Poly, Monomial, Symbol, Expr, sympify from ...ec.curve import EllipticCurve from ...ec.divpoly import mult_by_n @@ -29,6 +29,15 @@ def unroll_formula(formula: Formula) -> List[Poly]: params = {var: symbols(var) for var in formula.coordinate_model.curve_model.parameter_names} inputs = {f"{var}{i}": symbols(f"{var}{i}") for var in formula.coordinate_model.variables for i in range(1, formula.num_inputs + 1)} + for assumption, assumption_string in zip(formula.assumptions, formula.assumptions_str): + lhs, rhs = assumption_string.split(" == ") + if lhs in formula.parameters: + # Handle a symbolic assignment to a new parameter. + expr = sympify(rhs, evaluate=False) + for curve_param, value in params.items(): + expr = expr.subs(curve_param, value) + params[lhs] = expr + locals = {**params, **inputs} values = [] for op in formula.code: diff --git a/test/ec/perf_formula.py b/test/ec/perf_formula.py index baa6347..f4affa3 100755 --- a/test/ec/perf_formula.py +++ b/test/ec/perf_formula.py @@ -28,8 +28,8 @@ def main(profiler, mod, operations, directory): cfg.ec.mod_implementation = mod p256 = get_params("secg", "secp256r1", "projective") coords = p256.curve.coordinate_model - add = coords.formulas["add-2016-rcb"] - dbl = coords.formulas["dbl-2016-rcb"] + add = coords.formulas["add-2015-rcb"] + dbl = coords.formulas["dbl-2015-rcb"] click.echo( f"Profiling {operations} {p256.curve.prime.bit_length()}-bit doubling formula (dbl2016rcb) executions..." ) diff --git a/test/ec/perf_mult.py b/test/ec/perf_mult.py index e2adf29..d5e6a83 100755 --- a/test/ec/perf_mult.py +++ b/test/ec/perf_mult.py @@ -32,8 +32,8 @@ def main(profiler, mod, operations, directory): cfg.ec.mod_implementation = mod p256 = get_params("secg", "secp256r1", "projective") coords = p256.curve.coordinate_model - add = cast(AdditionFormula, coords.formulas["add-2016-rcb"]) - dbl = cast(DoublingFormula, coords.formulas["dbl-2016-rcb"]) + add = cast(AdditionFormula, coords.formulas["add-2015-rcb"]) + dbl = cast(DoublingFormula, coords.formulas["dbl-2015-rcb"]) mult = LTRMultiplier(add, dbl) click.echo( f"Profiling {operations} {p256.curve.prime.bit_length()}-bit scalar multiplication executions..." diff --git a/test/ec/test_configuration.py b/test/ec/test_configuration.py index 4e2e4ca..892c634 100644 --- a/test/ec/test_configuration.py +++ b/test/ec/test_configuration.py @@ -31,7 +31,7 @@ def test_weierstrass_projective(base_independents): coords = model.coordinates["projective"] configs = list(all_configurations(model=model, coords=coords, **base_independents)) assert len(set(map(lambda cfg: cfg.scalarmult, configs))) == len(configs) - assert len(configs) == 6020 + assert len(configs) == 6880 def test_mult_class(base_independents): @@ -40,7 +40,7 @@ def test_mult_class(base_independents): scalarmult = LTRMultiplier configs = list(all_configurations(model=model, coords=coords, scalarmult=scalarmult, **base_independents)) assert len(set(map(lambda cfg: cfg.scalarmult, configs))) == len(configs) - assert len(configs) == 1120 + assert len(configs) == 1280 def test_one(base_independents): diff --git a/test/ec/test_key_agreement.py b/test/ec/test_key_agreement.py index 392b21f..248d172 100644 --- a/test/ec/test_key_agreement.py +++ b/test/ec/test_key_agreement.py @@ -55,8 +55,8 @@ def test_ka_secg(): secg_data = json.load(f) secp160r1 = get_params("secg", "secp160r1", "projective") affine_model = AffineCoordinateModel(secp160r1.curve.model) - add = secp160r1.curve.coordinate_model.formulas["add-2016-rcb"] - dbl = secp160r1.curve.coordinate_model.formulas["dbl-2016-rcb"] + add = secp160r1.curve.coordinate_model.formulas["add-2015-rcb"] + dbl = secp160r1.curve.coordinate_model.formulas["dbl-2015-rcb"] mult = LTRMultiplier(add, dbl) privA = Mod(int(secg_data["keyA"]["priv"], 16), secp160r1.order) pubA_affine = Point(affine_model, diff --git a/test/ec/test_mult.py b/test/ec/test_mult.py index 8e5a06e..16d9c7f 100644 --- a/test/ec/test_mult.py +++ b/test/ec/test_mult.py @@ -57,7 +57,7 @@ def do_basic_test( @pytest.mark.parametrize("add,dbl,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "z"), - ("add-2016-rcb", "dbl-2016-rcb", None), + ("add-2015-rcb", "dbl-2015-rcb", None), ("add-1998-cmo", "dbl-1998-cmo", None), ]) def test_rtl(secp128r1, add, dbl, scale): @@ -67,7 +67,7 @@ def test_rtl(secp128r1, add, dbl, scale): @pytest.mark.parametrize("add,dbl,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "z"), - ("add-2016-rcb", "dbl-2016-rcb", None), + ("add-2015-rcb", "dbl-2015-rcb", None), ("add-1998-cmo", "dbl-1998-cmo", None), ]) def test_ltr(secp128r1, add, dbl, scale): @@ -98,7 +98,7 @@ def test_ltr(secp128r1, add, dbl, scale): @pytest.mark.parametrize("add,dbl,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "z"), - ("add-2016-rcb", "dbl-2016-rcb", None), + ("add-2015-rcb", "dbl-2015-rcb", None), ("add-1998-cmo", "dbl-1998-cmo", None), ]) def test_doubleandadd(secp128r1, add, dbl, scale): @@ -130,7 +130,7 @@ def test_doubleandadd(secp128r1, add, dbl, scale): @pytest.mark.parametrize("add,dbl,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "z"), - ("add-2016-rcb", "dbl-2016-rcb", None), + ("add-2015-rcb", "dbl-2015-rcb", None), ("add-1998-cmo", "dbl-1998-cmo", None), ] ) @@ -162,7 +162,7 @@ def test_ladder(curve25519): @pytest.mark.parametrize("add,dbl,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "z"), - ("add-2016-rcb", "dbl-2016-rcb", None), + ("add-2015-rcb", "dbl-2015-rcb", None), ("add-1998-cmo", "dbl-1998-cmo", None), ]) def test_simple_ladder(secp128r1, add, dbl, scale): @@ -204,7 +204,7 @@ def test_ladder_differential(curve25519, num, complete): @pytest.mark.parametrize("add,dbl,neg,scale", [ ("add-1998-cmo", "dbl-1998-cmo", "neg", "z"), - ("add-2016-rcb", "dbl-2016-rcb", "neg", None), + ("add-2015-rcb", "dbl-2015-rcb", "neg", None), ("add-1998-cmo", "dbl-1998-cmo", "neg", None), ]) def test_binary_naf(secp128r1, add, dbl, neg, scale): @@ -217,10 +217,10 @@ def test_binary_naf(secp128r1, add, dbl, neg, scale): [ ("add-1998-cmo", "dbl-1998-cmo", "neg", 3, "z"), ("add-1998-cmo", "dbl-1998-cmo", "neg", 3, None), - ("add-2016-rcb", "dbl-2016-rcb", "neg", 3, None), + ("add-2015-rcb", "dbl-2015-rcb", "neg", 3, None), ("add-1998-cmo", "dbl-1998-cmo", "neg", 5, "z"), ("add-1998-cmo", "dbl-1998-cmo", "neg", 5, None), - ("add-2016-rcb", "dbl-2016-rcb", "neg", 5, None), + ("add-2015-rcb", "dbl-2015-rcb", "neg", 5, None), ]) def test_window_naf(secp128r1, add, dbl, neg, width, scale): formulas = get_formulas(secp128r1.curve.coordinate_model, add, dbl, neg, scale) @@ -245,7 +245,7 @@ def test_window_naf(secp128r1, add, dbl, neg, width, scale): @pytest.mark.parametrize("add,dbl,width,scale", [ ("add-1998-cmo", "dbl-1998-cmo", 5, "z"), - ("add-2016-rcb", "dbl-2016-rcb", 5, None), + ("add-2015-rcb", "dbl-2015-rcb", 5, None), ("add-1998-cmo", "dbl-1998-cmo", 5, None), ]) def test_fixed_window(secp128r1, add, dbl, width, scale): @@ -261,12 +261,12 @@ def test_fixed_window(secp128r1, add, dbl, width, scale): assert InfinityPoint(secp128r1.curve.coordinate_model) == mult.multiply(0) -@pytest.fixture(params=["add-1998-cmo", "add-2016-rcb"]) +@pytest.fixture(params=["add-1998-cmo", "add-2015-rcb"]) def add(secp128r1, request): return secp128r1.curve.coordinate_model.formulas[request.param] -@pytest.fixture(params=["dbl-1998-cmo", "dbl-2016-rcb"]) +@pytest.fixture(params=["dbl-1998-cmo", "dbl-2015-rcb"]) def dbl(secp128r1, request): return secp128r1.curve.coordinate_model.formulas[request.param] diff --git a/test/ec/test_signature.py b/test/ec/test_signature.py index c5abf74..1244d6e 100644 --- a/test/ec/test_signature.py +++ b/test/ec/test_signature.py @@ -123,8 +123,8 @@ def test_ecdsa_nist(): P192 = get_params("nist", "P-192", "projective") affine_model = AffineCoordinateModel(P192.curve.model) - add = P192.curve.coordinate_model.formulas["add-2016-rcb"] - dbl = P192.curve.coordinate_model.formulas["dbl-2016-rcb"] + add = P192.curve.coordinate_model.formulas["add-2015-rcb"] + dbl = P192.curve.coordinate_model.formulas["dbl-2015-rcb"] mult = LTRMultiplier(add, dbl) priv = Mod(int(nist_data["priv"], 16), P192.order) diff --git a/test/sca/perf_zvp.py b/test/sca/perf_zvp.py index 770863e..6b4744f 100644 --- a/test/sca/perf_zvp.py +++ b/test/sca/perf_zvp.py @@ -28,7 +28,7 @@ def main(profiler, mod, operations, directory): with TemporaryConfig() as cfg: cfg.ec.mod_implementation = mod p128 = get_params("secg", "secp128r1", "projective") - formula = p128.curve.coordinate_model.formulas["add-2016-rcb"] + formula = p128.curve.coordinate_model.formulas["add-2015-rcb"] unrolled = unroll_formula(formula) poly = unrolled[7] k = 5 diff --git a/test/sca/test_target.py b/test/sca/test_target.py index 223b7cb..96dc081 100644 --- a/test/sca/test_target.py +++ b/test/sca/test_target.py @@ -327,8 +327,8 @@ def test_ecdh(target, secp256r1_affine, secp256r1_projective): ) mult = LTRMultiplier( - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], - secp256r1_projective.curve.coordinate_model.formulas["dbl-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["dbl-2015-rcb"], ) ecdh = ECDH_SHA1(mult, secp256r1_projective, pubkey_projective, privkey) expected = ecdh.perform() @@ -348,8 +348,8 @@ def test_ecdh_raw(target, secp256r1_projective): ) target.generate(KeypairEnum.KEYPAIR_LOCAL) mult = LTRMultiplier( - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], - secp256r1_projective.curve.coordinate_model.formulas["dbl-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["dbl-2015-rcb"], ) keygen = KeyGeneration(copy(mult), secp256r1_projective) _, pubkey_projective = keygen.generate() @@ -412,13 +412,13 @@ def test_ecdsa(target, secp256r1_affine, secp256r1_projective): sig = SignatureResult.from_DER(ecdsa_resp.signature) mult = LTRMultiplier( - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], - secp256r1_projective.curve.coordinate_model.formulas["dbl-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["dbl-2015-rcb"], ) ecdsa = ECDSA_SHA1( copy(mult), secp256r1_projective, - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], pubkey_projective, ) assert ecdsa.verify_data(sig, data) @@ -454,13 +454,13 @@ def test_ecdsa_sign(target, secp256r1_affine, secp256r1_projective): sig = SignatureResult.from_DER(ecdsa_resp.signature) mult = LTRMultiplier( - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], - secp256r1_projective.curve.coordinate_model.formulas["dbl-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["dbl-2015-rcb"], ) ecdsa = ECDSA_SHA1( copy(mult), secp256r1_projective, - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], pubkey_projective, ) assert ecdsa.verify_data(sig, data) @@ -478,8 +478,8 @@ def test_ecdsa_verify(target, secp256r1_projective): KeypairEnum.KEYPAIR_LOCAL, CurveEnum.secp256r1, ParameterEnum.DOMAIN_FP ) mult = LTRMultiplier( - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], - secp256r1_projective.curve.coordinate_model.formulas["dbl-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["dbl-2015-rcb"], ) keygen = KeyGeneration(copy(mult), secp256r1_projective) priv, pubkey_projective = keygen.generate() @@ -494,7 +494,7 @@ def test_ecdsa_verify(target, secp256r1_projective): ecdsa = ECDSA_SHA1( copy(mult), secp256r1_projective, - secp256r1_projective.curve.coordinate_model.formulas["add-2016-rcb"], + secp256r1_projective.curve.coordinate_model.formulas["add-2015-rcb"], pubkey_projective, priv, ) diff --git a/test/sca/test_zvp.py b/test/sca/test_zvp.py index 30eade1..0be304f 100644 --- a/test/sca/test_zvp.py +++ b/test/sca/test_zvp.py @@ -9,7 +9,7 @@ from pyecsca.ec.context import local, DefaultContext from sympy import symbols, Poly, sympify, FF -@pytest.fixture(params=["add-2007-bl", "add-2016-rcb"]) +@pytest.fixture(params=["add-2007-bl", "add-2015-rcb"]) def formula(secp128r1, request): return secp128r1.curve.coordinate_model.formulas[request.param] @@ -21,6 +21,11 @@ def test_unroll(formula): assert isinstance(res, Poly) +def test_model_map(secp128r1): + # to_model_map(secp128r1.curve.coordinate_model) + pass + + @pytest.mark.xfail(reason="Not removing Zs so far.") def test_factor_set(formula): factor_set = compute_factor_set(formula) @@ -43,7 +48,7 @@ def test_factor_set(formula): "2*X1^4 + 4*X1^3*X2 + 6*X1^2*X2^2 + 4*X1*X2^3 + 2*X2^4 - 3*X1*Y1^2 - 3*X2*Y1^2 - 6*X1*Y1*Y2 - 6*X2*Y1*Y2 - 3*X1*Y2^2 - 3*X2*Y2^2 + 4*X1^2*a + 4*X1*X2*a + 4*X2^2*a + 2*a^2", "2*X1^6 + 6*X1^5*X2 + 12*X1^4*X2^2 + 14*X1^3*X2^3 + 12*X1^2*X2^4 + 6*X1*X2^5 + 2*X2^6 - 3*X1^3*Y1^2 - 6*X1^2*X2*Y1^2 - 6*X1*X2^2*Y1^2 - 3*X2^3*Y1^2 - 6*X1^3*Y1*Y2 - 12*X1^2*X2*Y1*Y2 - 12*X1*X2^2*Y1*Y2 - 6*X2^3*Y1*Y2 - 3*X1^3*Y2^2 - 6*X1^2*X2*Y2^2 - 6*X1*X2^2*Y2^2 - 3*X2^3*Y2^2 + 6*X1^4*a + 12*X1^3*X2*a + 18*X1^2*X2^2*a + 12*X1*X2^3*a + 6*X2^4*a + Y1^4 + 4*Y1^3*Y2 + 6*Y1^2*Y2^2 + 4*Y1*Y2^3 + Y2^4 - 3*X1*Y1^2*a - 3*X2*Y1^2*a - 6*X1*Y1*Y2*a - 6*X2*Y1*Y2*a - 3*X1*Y2^2*a - 3*X2*Y2^2*a + 6*X1^2*a^2 + 6*X1*X2*a^2 + 6*X2^2*a^2 + 2*a^3" }, - "add-2016-rcb": { + "add-2015-rcb": { "Y2", "Y2 + 1", "Y1", |