diff options
586 files changed, 3 insertions, 9470 deletions
diff --git a/.gitmodules b/.gitmodules index fdf525c..cf70469 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,3 +5,6 @@ [submodule "notebook"] path = notebook url = https://github.com/J08nY/pyecsca-notebook +[submodule "pyecsca/ec/efd"] + path = pyecsca/ec/efd + url = https://github.com/J08nY/efd diff --git a/pyecsca/ec/efd b/pyecsca/ec/efd new file mode 160000 +Subproject efee538bc69724a674802ccd0e93b784bd8e77d diff --git a/pyecsca/ec/efd/edwards/coordinates b/pyecsca/ec/efd/edwards/coordinates deleted file mode 100644 index f70f3c8..0000000 --- a/pyecsca/ec/efd/edwards/coordinates +++ /dev/null @@ -1,25 +0,0 @@ -name Edwards curves -parameter c -parameter d -coordinate x -coordinate y -satisfying x^2+y^2 == c^2*(1+d*x^2*y^2) -ysquared (x^2-c^2)/(c^2*d*x^2-1) -addition x = (x1*y2+y1*x2)/(c(1+d*x1*x2*y1*y2)) -addition y = (y1*y2-x1*x2)/(c(1-d*x1*x2*y1*y2)) -doubling x = (x1*y1+y1*x1)/(c(1+d*x1*x1*y1*y1)) -doubling y = (y1*y1-x1*x1)/(c(1-d*x1*x1*y1*y1)) -negation x = -x1 -negation y = y1 -neutral x = 0 -neutral y = c -toweierstrass u = (c+y)/(c-y) -toweierstrass v = 2*c*(c+y)/(x(c-y)) -a0 = 1/(1-d*c^4) -a1 = 0 -a2 = 4/(1-d*c^4)-2 -a3 = 0 -a4 = 1 -a6 = 0 -fromweierstrass x = 2*c*u/v -fromweierstrass y = c(u-1)/(u+1) diff --git a/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl b/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl deleted file mode 100644 index 5cce401..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute A = Z1 Z2 -compute B = d A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C-D -compute I = (X1+Y1) (X2+Y2)-C-D -compute X3 = c (E+B) H -compute Y3 = c (E-B) I -compute Z3 = A H I diff --git a/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl.op3 deleted file mode 100644 index 062453a..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/add-2007-bl.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = Z1*Z2 -t0 = A^2 -B = d*t0 -C = X1*X2 -D = Y1*Y2 -E = C*D -H = C-D -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -I = t4-D -t5 = E+B -t6 = t5*H -X3 = c*t6 -t7 = E-B -t8 = t7*I -Y3 = c*t8 -t9 = H*I -Z3 = A*t9 diff --git a/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd b/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd deleted file mode 100644 index b1a2e19..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd +++ /dev/null @@ -1,13 +0,0 @@ -source 2008.02.25 Hisil--Wong--Carter--Dawson, page 8 -unified -compute A = X1 Z2 -compute B = Y1 Z2 -compute C = Z1 X2 -compute D = Z1 Y2 -compute E = A B -compute F = C D -compute G = E+F -compute H = E-F -compute X3 = ((A+D)(B+C)-G)H -compute Y3 = ((A-C)(B+D)-H)G -compute Z3 = c G H diff --git a/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd.op3 b/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd.op3 deleted file mode 100644 index 18977cd..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/add-20080225-hwcd.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = X1*Z2 -B = Y1*Z2 -C = Z1*X2 -D = Z1*Y2 -E = A*B -F = C*D -G = E+F -H = E-F -t0 = A+D -t1 = B+C -t2 = t0*t1 -t3 = t2-G -X3 = t3*H -t4 = A-C -t5 = B+D -t6 = t4*t5 -t7 = t6-H -Y3 = t7*G -t8 = G*H -Z3 = c*t8 diff --git a/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl b/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl deleted file mode 100644 index 621c9f1..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2 = 1 -compute A = Z1 -compute B = d A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C-D -compute I = (X1+Y1) (X2+Y2)-C-D -compute X3 = c (E+B) H -compute Y3 = c (E-B) I -compute Z3 = A H I diff --git a/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl.op3 deleted file mode 100644 index d23ab91..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/madd-2007-bl.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = Z1 -t0 = A^2 -B = d*t0 -C = X1*X2 -D = Y1*Y2 -E = C*D -H = C-D -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -I = t4-D -t5 = E+B -t6 = t5*H -X3 = c*t6 -t7 = E-B -t8 = t7*I -Y3 = c*t8 -t9 = H*I -Z3 = A*t9 diff --git a/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd b/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd deleted file mode 100644 index e0a3370..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd +++ /dev/null @@ -1,14 +0,0 @@ -source 2008.02.25 Hisil--Wong--Carter--Dawson, page 8 -unified -assume Z2 = 1 -compute A = X1 -compute B = Y1 -compute C = Z1 X2 -compute D = Z1 Y2 -compute E = A B -compute F = C D -compute G = E+F -compute H = E-F -compute X3 = ((A+D)(B+C)-G)H -compute Y3 = ((A-C)(B+D)-H)G -compute Z3 = c G H diff --git a/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd.op3 b/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd.op3 deleted file mode 100644 index 5713dc9..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/madd-20080225-hwcd.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = X1 -B = Y1 -C = Z1*X2 -D = Z1*Y2 -E = A*B -F = C*D -G = E+F -H = E-F -t0 = A+D -t1 = B+C -t2 = t0*t1 -t3 = t2-G -X3 = t3*H -t4 = A-C -t5 = B+D -t6 = t4*t5 -t7 = t6-H -Y3 = t7*G -t8 = G*H -Z3 = c*t8 diff --git a/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl b/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl deleted file mode 100644 index c14f6d2..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z1 = 1 -assume Z2 = 1 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C-D -compute I = (X1+Y1) (X2+Y2)-C-D -compute X3 = c (E+d) H -compute Y3 = c (E-d) I -compute Z3 = H I diff --git a/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl.op3 deleted file mode 100644 index 93c632d..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/mmadd-2007-bl.op3 +++ /dev/null @@ -1,16 +0,0 @@ -C = X1*X2 -D = Y1*Y2 -E = C*D -H = C-D -t0 = X1+Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2-C -I = t3-D -t4 = E+d -t5 = t4*H -X3 = c*t5 -t6 = E-d -t7 = t6*I -Y3 = c*t7 -Z3 = H*I diff --git a/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl b/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl deleted file mode 100644 index 0a5226a..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume X2 = 1 -compute A = Z1 Z2 -compute B = d A^2 -compute D = Y1 Y2 -compute E = X1 D -compute F = E-B -compute G = E+B -compute H = X1-D -compute I = X1 Y2+Y1 -compute X3 = c G H -compute Y3 = c F I -compute Z3 = A H I diff --git a/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl.op3 deleted file mode 100644 index 9a3ad1d..0000000 --- a/pyecsca/ec/efd/edwards/inverted/addition/xmadd-2007-bl.op3 +++ /dev/null @@ -1,16 +0,0 @@ -A = Z1*Z2 -t0 = A^2 -B = d*t0 -D = Y1*Y2 -E = X1*D -F = E-B -G = E+B -H = X1-D -t1 = X1*Y2 -I = t1+Y1 -t2 = G*H -X3 = c*t2 -t3 = F*I -Y3 = c*t3 -t4 = H*I -Z3 = A*t4 diff --git a/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl b/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl deleted file mode 100644 index ccdfd40..0000000 --- a/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -parameter ccd2 -assume ccd2 = 2*c*c*d -compute A = X1^2 -compute B = Y1^2 -compute C = A+B -compute D = A-B -compute E = (X1+Y1)^2-C -compute Z3 = c D E -compute X3 = C D -compute Y3 = E (C-ccd2 Z1^2) diff --git a/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 8286b07..0000000 --- a/pyecsca/ec/efd/edwards/inverted/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,14 +0,0 @@ -A = X1^2 -B = Y1^2 -C = A+B -D = A-B -t0 = X1+Y1 -t1 = t0^2 -E = t1-C -t2 = D*E -Z3 = c*t2 -X3 = C*D -t3 = Z1^2 -t4 = ccd2*t3 -t5 = C-t4 -Y3 = E*t5 diff --git a/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl b/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl deleted file mode 100644 index ca2095d..0000000 --- a/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -parameter ccd2 -assume ccd2 = 2*c*c*d -assume Z1 = 1 -compute A = X1^2 -compute B = Y1^2 -compute C = A+B -compute D = A-B -compute E = (X1+Y1)^2-C -compute Z3 = c D E -compute X3 = C D -compute Y3 = E (C-ccd2) diff --git a/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index 2ee195a..0000000 --- a/pyecsca/ec/efd/edwards/inverted/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,12 +0,0 @@ -A = X1^2 -B = Y1^2 -C = A+B -D = A-B -t0 = X1+Y1 -t1 = t0^2 -E = t1-C -t2 = D*E -Z3 = c*t2 -X3 = C*D -t3 = C-ccd2 -Y3 = E*t3 diff --git a/pyecsca/ec/efd/edwards/inverted/negation/neg b/pyecsca/ec/efd/edwards/inverted/negation/neg deleted file mode 100644 index 7363b22..0000000 --- a/pyecsca/ec/efd/edwards/inverted/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1 diff --git a/pyecsca/ec/efd/edwards/inverted/negation/neg.op3 b/pyecsca/ec/efd/edwards/inverted/negation/neg.op3 deleted file mode 100644 index 36cb8c8..0000000 --- a/pyecsca/ec/efd/edwards/inverted/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/edwards/inverted/scaling/z b/pyecsca/ec/efd/edwards/inverted/scaling/z deleted file mode 100644 index 4c37771..0000000 --- a/pyecsca/ec/efd/edwards/inverted/scaling/z +++ /dev/null @@ -1,4 +0,0 @@ -compute A = 1/Z1 -compute X3 = X1 A -compute Y3 = Y1 A -compute Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/inverted/scaling/z.op3 b/pyecsca/ec/efd/edwards/inverted/scaling/z.op3 deleted file mode 100644 index 8b51efc..0000000 --- a/pyecsca/ec/efd/edwards/inverted/scaling/z.op3 +++ /dev/null @@ -1,4 +0,0 @@ -A = 1/Z1 -X3 = X1*A -Y3 = Y1*A -Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl b/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl deleted file mode 100644 index 842e976..0000000 --- a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = (c Z1)^2 -compute D = XX+YY -compute DD = D^2 -compute E = 4 (D-d ZZ) -compute H = 2 D (YY-XX) -compute P = DD-XX E -compute Q = DD-YY E -compute X3 = (H+Q) Q X1 -compute Y3 = (H-P) P Y1 -compute Z3 = P Q Z1 diff --git a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2 b/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2 deleted file mode 100644 index c15bcb0..0000000 --- a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange -parameter ccd -assume ccd = c*c*d -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute D = XX+YY -compute DD = D^2 -compute E = 4 (D-ccd ZZ) -compute H = 2 D (YY-XX) -compute P = DD-XX E -compute Q = DD-YY E -compute QQ = Q^2 -compute X3 = (H+Q) ((Q+X1)^2-QQ-XX) -compute Y3 = 2 (H-P) P Y1 -compute Z3 = P ((Q+Z1)^2-QQ-ZZ) diff --git a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2.op3 b/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2.op3 deleted file mode 100644 index e61b239..0000000 --- a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl-2.op3 +++ /dev/null @@ -1,31 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -D = XX+YY -DD = D^2 -t0 = ccd*ZZ -t1 = D-t0 -E = 4*t1 -t2 = YY-XX -t3 = D*t2 -H = 2*t3 -t4 = XX*E -P = DD-t4 -t5 = YY*E -Q = DD-t5 -QQ = Q^2 -t6 = Q+X1 -t7 = t6^2 -t8 = H+Q -t9 = t7-QQ -t10 = t9-XX -X3 = t8*t10 -t11 = H-P -t12 = P*Y1 -t13 = t11*t12 -Y3 = 2*t13 -t14 = Q+Z1 -t15 = t14^2 -t16 = t15-QQ -t17 = t16-ZZ -Z3 = P*t17 diff --git a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl.op3 b/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl.op3 deleted file mode 100644 index 7684782..0000000 --- a/pyecsca/ec/efd/edwards/inverted/tripling/tpl-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -XX = X1^2 -YY = Y1^2 -t0 = c*Z1 -ZZ = t0^2 -D = XX+YY -DD = D^2 -t1 = d*ZZ -t2 = D-t1 -E = 4*t2 -t3 = YY-XX -t4 = D*t3 -H = 2*t4 -t5 = XX*E -P = DD-t5 -t6 = YY*E -Q = DD-t6 -t7 = H+Q -t8 = Q*X1 -X3 = t7*t8 -t9 = H-P -t10 = P*Y1 -Y3 = t9*t10 -t11 = Q*Z1 -Z3 = P*t11 diff --git a/pyecsca/ec/efd/edwards/inverted/variables b/pyecsca/ec/efd/edwards/inverted/variables deleted file mode 100644 index 97014ad..0000000 --- a/pyecsca/ec/efd/edwards/inverted/variables +++ /dev/null @@ -1,6 +0,0 @@ -name inverted coordinates -variable X -variable Y -variable Z -satisfying x = Z/X -satisfying y = Z/Y diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl deleted file mode 100644 index 49d14c7..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute A = Z1 Z2 -compute B = A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute F = B-E -compute G = B+E -compute X3 = A F((X1+Y1)(X2+Y2)-C-D) -compute Y3 = A G(D-C) -compute Z3 = c F G diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2 deleted file mode 100644 index 1d9cd2f..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2 +++ /dev/null @@ -1,31 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = X2 -compute R5 = Y2 -compute R6 = Z2 -compute R3 = R3 R6 -compute R7 = R1+R2 -compute R8 = R4+R5 -compute R1 = R1 R4 -compute R2 = R2 R5 -compute R7 = R7 R8 -compute R7 = R7-R1 -compute R7 = R7-R2 -compute R7 = R7 R3 -compute R8 = R1 R2 -compute R8 = d R8 -compute R2 = R2-R1 -compute R2 = R2 R3 -compute R3 = R3^2 -compute R1 = R3-R8 -compute R3 = R3+R8 -compute R2 = R2 R3 -compute R3 = R3 R1 -compute R1 = R1 R7 -compute R3 = c R3 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2.op3 deleted file mode 100644 index 37c2595..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-2.op3 +++ /dev/null @@ -1,29 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = X2 -R5 = Y2 -R6 = Z2 -R3 = R3*R6 -R7 = R1+R2 -R8 = R4+R5 -R1 = R1*R4 -R2 = R2*R5 -R7 = R7*R8 -R7 = R7-R1 -R7 = R7-R2 -R7 = R7*R3 -R8 = R1*R2 -R8 = d*R8 -R2 = R2-R1 -R2 = R2*R3 -R3 = R3^2 -R1 = R3-R8 -R3 = R3+R8 -R2 = R2*R3 -R3 = R3*R1 -R1 = R1*R7 -R3 = c*R3 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3 deleted file mode 100644 index f89c161..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3 +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange -unified -parameter c2 -assume c2 = 2*c -compute A = Z1 Z2 -compute B = A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute BB = B^2 -compute EE = E^2 -compute H = (A+B)^2-BB -compute I = (A+E)^2-EE -compute X3 = (H-I)((X1+Y1)(X2+Y2)-C-D) -compute Y3 = (H+I-2 B)(D-C) -compute Z3 = c2(BB-EE) diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3.op3 deleted file mode 100644 index 5c9f508..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-3.op3 +++ /dev/null @@ -1,28 +0,0 @@ -A = Z1*Z2 -B = A^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -BB = B^2 -EE = E^2 -t1 = A+B -t2 = t1^2 -H = t2-BB -t3 = A+E -t4 = t3^2 -I = t4-EE -t5 = X1+Y1 -t6 = X2+Y2 -t7 = t5*t6 -t8 = H-I -t9 = t7-C -t10 = t9-D -X3 = t8*t10 -t11 = 2*B -t12 = H+I -t13 = t12-t11 -t14 = D-C -Y3 = t13*t14 -t15 = BB-EE -Z3 = c2*t15 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4 deleted file mode 100644 index 0745da9..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4 +++ /dev/null @@ -1,23 +0,0 @@ -source 2007 Bernstein--Lange -unified -parameter i -assume i^2 = -1 -compute iX2 = i X2 -compute C2 = Y2+iX2 -compute D2 = Y2-iX2 -compute iX1 = i X1 -compute C1 = Y1+iX1 -compute D1 = Y1-iX1 -compute A = Z1 Z2 -compute B = 2 A^2 -compute C = C1 C2 -compute D = D1 D2 -compute L = D+C -compute M = Y1 Y2 -compute N = 2 M-L -compute E = d M N -compute F = B-E -compute G = B+E -compute X3 = i A F (D-C) -compute Y3 = A G L -compute Z3 = c G F diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4.op3 deleted file mode 100644 index 3886a57..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl-4.op3 +++ /dev/null @@ -1,27 +0,0 @@ -iX2 = i*X2 -C2 = Y2+iX2 -D2 = Y2-iX2 -iX1 = i*X1 -C1 = Y1+iX1 -D1 = Y1-iX1 -A = Z1*Z2 -t0 = A^2 -B = 2*t0 -C = C1*C2 -D = D1*D2 -L = D+C -M = Y1*Y2 -t1 = 2*M -N = t1-L -t2 = M*N -E = d*t2 -F = B-E -G = B+E -t3 = D-C -t4 = F*t3 -t5 = A*t4 -X3 = i*t5 -t6 = G*L -Y3 = A*t6 -t7 = G*F -Z3 = c*t7 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl.op3 deleted file mode 100644 index 6fdb17e..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-2007-bl.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = Z1*Z2 -B = A^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -F = B-E -G = B+E -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -t5 = t4-D -t6 = F*t5 -X3 = A*t6 -t7 = D-C -t8 = G*t7 -Y3 = A*t8 -t9 = F*G -Z3 = c*t9 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd b/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd deleted file mode 100644 index ad7188e..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd +++ /dev/null @@ -1,17 +0,0 @@ -source 2008.02.25 Hisil--Wong--Carter--Dawson, page 8 -unified -parameter k -assume k*c = 1 -compute A = X1 Z2 -compute B = Y1 Z2 -compute C = Z1 X2 -compute D = Z1 Y2 -compute E = A B -compute F = C D -compute G = E+F -compute H = E-F -compute J = (A-C)(B+D)-H -compute K = (A+D)(B+C)-G -compute X3 = G J -compute Y3 = H K -compute Z3 = k J K diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd.op3 deleted file mode 100644 index f91ca8d..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-20080225-hwcd.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = X1*Z2 -B = Y1*Z2 -C = Z1*X2 -D = Z1*Y2 -E = A*B -F = C*D -G = E+F -H = E-F -t0 = A-C -t1 = B+D -t2 = t0*t1 -J = t2-H -t3 = A+D -t4 = B+C -t5 = t3*t4 -K = t5-G -X3 = G*J -Y3 = H*K -t6 = J*K -Z3 = k*t6 diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd b/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd deleted file mode 100644 index bdfb3fb..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd +++ /dev/null @@ -1,16 +0,0 @@ -source 2009.03.11 Hisil--Wong--Carter--Dawson, after formula (17), plus denominator elimination -unified -parameter k -assume k*c = 1 -compute R1 = X2 Y2 -compute R2 = Z2^2 -compute A = X1 Y1 -compute B = Z1^2 -compute C = R2 A -compute D = R1 B -compute E = (X1-X2)(Y1+Y2)-A+R1 -compute F = (X1+Y2)(Y1+X2)-A-R1 -compute G = (Z1+Z2)^2-B-R2 -compute X3 = 2 E(C+D) -compute Y3 = 2 F(C-D) -compute Z3 = k E F G diff --git a/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd.op3 b/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd.op3 deleted file mode 100644 index 32dc1c5..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/add-20090311-hwcd.op3 +++ /dev/null @@ -1,29 +0,0 @@ -R1 = X2*Y2 -R2 = Z2^2 -A = X1*Y1 -B = Z1^2 -C = R2*A -D = R1*B -t0 = X1-X2 -t1 = Y1+Y2 -t2 = t0*t1 -t3 = t2-A -E = t3+R1 -t4 = X1+Y2 -t5 = Y1+X2 -t6 = t4*t5 -t7 = t6-A -F = t7-R1 -t8 = Z1+Z2 -t9 = t8^2 -t10 = t9-B -G = t10-R2 -t11 = C+D -t12 = E*t11 -X3 = 2*t12 -t13 = C-D -t14 = F*t13 -Y3 = 2*t14 -t15 = F*G -t16 = E*t15 -Z3 = k*t16 diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl deleted file mode 100644 index 72771c3..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2 = 1 -compute B = Z1^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute F = B-E -compute G = B+E -compute X3 = Z1 F ((X1+Y1)(X2+Y2)-C-D) -compute Y3 = Z1 G (D-C) -compute Z3 = c F G diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2 b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2 deleted file mode 100644 index f309991..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2 +++ /dev/null @@ -1,30 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2 = 1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = X2 -compute R5 = Y2 -compute R7 = R1+R2 -compute R6 = R4+R5 -compute R1 = R1 R4 -compute R2 = R2 R5 -compute R7 = R7 R6 -compute R7 = R7-R1 -compute R7 = R7-R2 -compute R7 = R7 R3 -compute R6 = R1 R2 -compute R6 = d R6 -compute R2 = R2-R1 -compute R2 = R2 R3 -compute R3 = R3^2 -compute R1 = R3-R6 -compute R3 = R3+R6 -compute R2 = R2 R3 -compute R3 = R3 R1 -compute R1 = R1 R7 -compute R3 = c R3 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2.op3 b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2.op3 deleted file mode 100644 index 4b605ad..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-2.op3 +++ /dev/null @@ -1,27 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = X2 -R5 = Y2 -R7 = R1+R2 -R6 = R4+R5 -R1 = R1*R4 -R2 = R2*R5 -R7 = R7*R6 -R7 = R7-R1 -R7 = R7-R2 -R7 = R7*R3 -R6 = R1*R2 -R6 = d*R6 -R2 = R2-R1 -R2 = R2*R3 -R3 = R3^2 -R1 = R3-R6 -R3 = R3+R6 -R2 = R2*R3 -R3 = R3*R1 -R1 = R1*R7 -R3 = c*R3 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3 b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3 deleted file mode 100644 index 149ab61..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3 +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange -unified -parameter c2 -assume c2 = 2*c -assume Z2 = 1 -compute B = Z1^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute BB = B^2 -compute EE = E^2 -compute H = (Z1+B)^2-BB -compute I = (Z1+E)^2-EE -compute X3 = (H-I)((X1+Y1)(X2+Y2)-C-D) -compute Y3 = (H+I-2 B)(D-C) -compute Z3 = c2(BB-EE) diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3.op3 b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3.op3 deleted file mode 100644 index 1aff593..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl-3.op3 +++ /dev/null @@ -1,27 +0,0 @@ -B = Z1^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -BB = B^2 -EE = E^2 -t1 = Z1+B -t2 = t1^2 -H = t2-BB -t3 = Z1+E -t4 = t3^2 -I = t4-EE -t5 = X1+Y1 -t6 = X2+Y2 -t7 = t5*t6 -t8 = H-I -t9 = t7-C -t10 = t9-D -X3 = t8*t10 -t11 = 2*B -t12 = H+I -t13 = t12-t11 -t14 = D-C -Y3 = t13*t14 -t15 = BB-EE -Z3 = c2*t15 diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl.op3 b/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl.op3 deleted file mode 100644 index 4da6bf9..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-2007-bl.op3 +++ /dev/null @@ -1,19 +0,0 @@ -B = Z1^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -F = B-E -G = B+E -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -t5 = t4-D -t6 = F*t5 -X3 = Z1*t6 -t7 = D-C -t8 = G*t7 -Y3 = Z1*t8 -t9 = F*G -Z3 = c*t9 diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd b/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd deleted file mode 100644 index fde623e..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd +++ /dev/null @@ -1,18 +0,0 @@ -source 2008.02.25 Hisil--Wong--Carter--Dawson, page 8 -unified -parameter k -assume k*c = 1 -assume Z2 = 1 -compute A = X1 -compute B = Y1 -compute C = Z1 X2 -compute D = Z1 Y2 -compute E = A B -compute F = C D -compute G = E+F -compute H = E-F -compute J = (A-C)(B+D)-H -compute K = (A+D)(B+C)-G -compute X3 = G J -compute Y3 = H K -compute Z3 = k J K diff --git a/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd.op3 b/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd.op3 deleted file mode 100644 index 22ea53d..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/madd-20080225-hwcd.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = X1 -B = Y1 -C = Z1*X2 -D = Z1*Y2 -E = A*B -F = C*D -G = E+F -H = E-F -t0 = A-C -t1 = B+D -t2 = t0*t1 -J = t2-H -t3 = A+D -t4 = B+C -t5 = t3*t4 -K = t5-G -X3 = G*J -Y3 = H*K -t6 = J*K -Z3 = k*t6 diff --git a/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl b/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl deleted file mode 100644 index ff09dd2..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl +++ /dev/null @@ -1,10 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z1 = 1 -assume Z2 = 1 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute X3 = (1-E)((X1+Y1)(X2+Y2)-C-D) -compute Y3 = (1+E)(D-C) -compute Z3 = c(1-E^2) diff --git a/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl.op3 b/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl.op3 deleted file mode 100644 index 1f64eff..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/mmadd-2007-bl.op3 +++ /dev/null @@ -1,17 +0,0 @@ -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = 1-E -t5 = t3-C -t6 = t5-D -X3 = t4*t6 -t7 = 1+E -t8 = D-C -Y3 = t7*t8 -t9 = E^2 -t10 = 1-t9 -Z3 = c*t10 diff --git a/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd b/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd deleted file mode 100644 index c24559e..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd +++ /dev/null @@ -1,19 +0,0 @@ -source 2007 Hisil--Carter--Dawson -unified -assume X2 = 1 -compute T0 = X1 Y2 -compute T0 = T0+Y1 -compute Y3 = Y1 Y2 -compute T1 = Y3 X1 -compute Y3 = Y3-X1 -compute Z3 = Z1 Z2 -compute X3 = T0 Z3 -compute Y3 = Y3 Z3 -compute T1 = d T1 -compute Z3 = Z3^2 -compute T0 = Z3-T1 -compute Z3 = Z3+T1 -compute X3 = X3 T0 -compute Y3 = Y3 Z3 -compute Z3 = Z3 T0 -compute Z3 = c Z3 diff --git a/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd.op3 b/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd.op3 deleted file mode 100644 index f607aff..0000000 --- a/pyecsca/ec/efd/edwards/projective/addition/xmadd-2007-hcd.op3 +++ /dev/null @@ -1,16 +0,0 @@ -T0 = X1*Y2 -T0 = T0+Y1 -Y3 = Y1*Y2 -T1 = Y3*X1 -Y3 = Y3-X1 -Z3 = Z1*Z2 -X3 = T0*Z3 -Y3 = Y3*Z3 -T1 = d*T1 -Z3 = Z3^2 -T0 = Z3-T1 -Z3 = Z3+T1 -X3 = X3*T0 -Y3 = Y3*Z3 -Z3 = Z3*T0 -Z3 = c*Z3 diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl deleted file mode 100644 index ed45cd4..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl +++ /dev/null @@ -1,10 +0,0 @@ -source 2007 Bernstein--Lange -compute B = (X1+Y1)^2 -compute C = X1^2 -compute D = Y1^2 -compute E = C+D -compute H = (c Z1)^2 -compute J = E-2 H -compute X3 = c (B-E)J -compute Y3 = c E(C-D) -compute Z3 = E J diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2 b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2 deleted file mode 100644 index d08fbb6..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2 +++ /dev/null @@ -1,23 +0,0 @@ -source 2007 Bernstein--Lange; source comments that these formulas use two temporary registers -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = R1+R2 -compute R3 = c R3 -compute R1 = R1^2 -compute R2 = R2^2 -compute R3 = R3^2 -compute R4 = R4^2 -compute R3 = 2 R3 -compute R5 = R1+R2 -compute R2 = R1-R2 -compute R4 = R4-R5 -compute R3 = R5-R3 -compute R1 = R3 R4 -compute R3 = R3 R5 -compute R2 = R2 R5 -compute R1 = c R1 -compute R2 = c R2 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2.op3 b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2.op3 deleted file mode 100644 index 524de13..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = R1+R2 -R3 = c*R3 -R1 = R1^2 -R2 = R2^2 -R3 = R3^2 -R4 = R4^2 -R3 = 2*R3 -R5 = R1+R2 -R2 = R1-R2 -R4 = R4-R5 -R3 = R5-R3 -R1 = R3*R4 -R3 = R3*R5 -R2 = R2*R5 -R1 = c*R1 -R2 = c*R2 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3 b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3 deleted file mode 100644 index ee6ce09..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3 +++ /dev/null @@ -1,24 +0,0 @@ -source 2007 Bernstein--Lange; source comments that these formulas use one temporary register -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R3 = c R3 -compute R4 = R1^2 -compute R1 = R1+R2 -compute R1 = R1^2 -compute R2 = R2^2 -compute R3 = R3^2 -compute R3 = 2 R3 -compute R4 = R2+R4 -compute R2 = 2 R2 -compute R2 = R4-R2 -compute R1 = R1-R4 -compute R2 = R2 R4 -compute R3 = R4-R3 -compute R1 = R1 R3 -compute R3 = R3 R4 -compute R1 = c R1 -compute R2 = c R2 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3.op3 b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3.op3 deleted file mode 100644 index ecb2ccf..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl-3.op3 +++ /dev/null @@ -1,23 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R3 = c*R3 -R4 = R1^2 -R1 = R1+R2 -R1 = R1^2 -R2 = R2^2 -R3 = R3^2 -R3 = 2*R3 -R4 = R2+R4 -R2 = 2*R2 -R2 = R4-R2 -R1 = R1-R4 -R2 = R2*R4 -R3 = R4-R3 -R1 = R1*R3 -R3 = R3*R4 -R1 = c*R1 -R2 = c*R2 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 547f8ef..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,16 +0,0 @@ -t0 = X1+Y1 -B = t0^2 -C = X1^2 -D = Y1^2 -E = C+D -t1 = c*Z1 -H = t1^2 -t2 = 2*H -J = E-t2 -t3 = B-E -t4 = t3*J -X3 = c*t4 -t5 = C-D -t6 = E*t5 -Y3 = c*t6 -Z3 = E*J diff --git a/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl b/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl deleted file mode 100644 index 538099a..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2007 Bernstein--Lange -parameter cc2 -assume cc2 = 2*c*c -assume Z1 = 1 -compute B = (X1+Y1)^2 -compute C = X1^2 -compute D = Y1^2 -compute E = C+D -compute J = E-cc2 -compute X3 = c(B-E)J -compute Y3 = c E(C-D) -compute Z3 = E J diff --git a/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index 7ad6acf..0000000 --- a/pyecsca/ec/efd/edwards/projective/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,13 +0,0 @@ -t0 = X1+Y1 -B = t0^2 -C = X1^2 -D = Y1^2 -E = C+D -J = E-cc2 -t1 = B-E -t2 = t1*J -X3 = c*t2 -t3 = C-D -t4 = E*t3 -Y3 = c*t4 -Z3 = E*J diff --git a/pyecsca/ec/efd/edwards/projective/negation/neg b/pyecsca/ec/efd/edwards/projective/negation/neg deleted file mode 100644 index 7363b22..0000000 --- a/pyecsca/ec/efd/edwards/projective/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1 diff --git a/pyecsca/ec/efd/edwards/projective/negation/neg.op3 b/pyecsca/ec/efd/edwards/projective/negation/neg.op3 deleted file mode 100644 index 36cb8c8..0000000 --- a/pyecsca/ec/efd/edwards/projective/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/edwards/projective/scaling/z b/pyecsca/ec/efd/edwards/projective/scaling/z deleted file mode 100644 index 4c37771..0000000 --- a/pyecsca/ec/efd/edwards/projective/scaling/z +++ /dev/null @@ -1,4 +0,0 @@ -compute A = 1/Z1 -compute X3 = X1 A -compute Y3 = Y1 A -compute Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/projective/scaling/z.op3 b/pyecsca/ec/efd/edwards/projective/scaling/z.op3 deleted file mode 100644 index 8b51efc..0000000 --- a/pyecsca/ec/efd/edwards/projective/scaling/z.op3 +++ /dev/null @@ -1,4 +0,0 @@ -A = 1/Z1 -X3 = X1*A -Y3 = Y1*A -Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp deleted file mode 100644 index 80f9a6e..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Birkner--Lange--Peters -parameter c2 -assume c2 = 2*c -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = (c2 Z1)^2 -compute D = XX+YY -compute DD = D^2 -compute H = 2 D (XX-YY) -compute P = DD-YY ZZ -compute Q = DD-XX ZZ -compute T = H+Q -compute U = H-P -compute X3 = P U X1 -compute Y3 = Q T Y1 -compute Z3 = T U Z1 diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2 deleted file mode 100644 index f87553b..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2 +++ /dev/null @@ -1,17 +0,0 @@ -source 2007 Bernstein--Birkner--Lange--Peters -assume c = 1 -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute ZZ4 = 4 ZZ -compute D = XX+YY -compute DD = D^2 -compute H = 2 D(XX-YY) -compute P = DD-YY ZZ4 -compute Q = DD-XX ZZ4 -compute T = H+Q -compute TT = T^2 -compute U = H-P -compute X3 = 2 P U X1 -compute Y3 = Q((T+Y1)^2-TT-YY) -compute Z3 = U((T+Z1)^2-TT-ZZ) diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2.op3 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2.op3 deleted file mode 100644 index db7d8b5..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-2.op3 +++ /dev/null @@ -1,29 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -ZZ4 = 4*ZZ -D = XX+YY -DD = D^2 -t0 = XX-YY -t1 = D*t0 -H = 2*t1 -t2 = YY*ZZ4 -P = DD-t2 -t3 = XX*ZZ4 -Q = DD-t3 -T = H+Q -TT = T^2 -U = H-P -t4 = U*X1 -t5 = P*t4 -X3 = 2*t5 -t6 = T+Y1 -t7 = t6^2 -t8 = t7-TT -t9 = t8-YY -Y3 = Q*t9 -t10 = T+Z1 -t11 = t10^2 -t12 = t11-TT -t13 = t12-ZZ -Z3 = U*t13 diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3 deleted file mode 100644 index 4999e6f..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3 +++ /dev/null @@ -1,18 +0,0 @@ -source 2007 Bernstein--Birkner--Lange--Peters -parameter cc4 -assume cc4 = 4*c*c -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute ZZ4 = cc4 ZZ -compute D = XX+YY -compute DD = D^2 -compute H = 2 D(XX-YY) -compute P = DD-YY ZZ4 -compute Q = DD-XX ZZ4 -compute T = H+Q -compute TT = T^2 -compute U = H-P -compute X3 = 2 P U X1 -compute Y3 = Q((T+Y1)^2-TT-YY) -compute Z3 = U((T+Z1)^2-TT-ZZ) diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3.op3 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3.op3 deleted file mode 100644 index 509ec50..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp-3.op3 +++ /dev/null @@ -1,29 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -ZZ4 = cc4*ZZ -D = XX+YY -DD = D^2 -t0 = XX-YY -t1 = D*t0 -H = 2*t1 -t2 = YY*ZZ4 -P = DD-t2 -t3 = XX*ZZ4 -Q = DD-t3 -T = H+Q -TT = T^2 -U = H-P -t4 = U*X1 -t5 = P*t4 -X3 = 2*t5 -t6 = T+Y1 -t7 = t6^2 -t8 = t7-TT -t9 = t8-YY -Y3 = Q*t9 -t10 = T+Z1 -t11 = t10^2 -t12 = t11-TT -t13 = t12-ZZ -Z3 = U*t13 diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp.op3 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp.op3 deleted file mode 100644 index ff7b58f..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-bblp.op3 +++ /dev/null @@ -1,21 +0,0 @@ -XX = X1^2 -YY = Y1^2 -t0 = c2*Z1 -ZZ = t0^2 -D = XX+YY -DD = D^2 -t1 = XX-YY -t2 = D*t1 -H = 2*t2 -t3 = YY*ZZ -P = DD-t3 -t4 = XX*ZZ -Q = DD-t4 -T = H+Q -U = H-P -t5 = U*X1 -X3 = P*t5 -t6 = T*Y1 -Y3 = Q*t6 -t7 = U*Z1 -Z3 = T*t7 diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd deleted file mode 100644 index 2b7153a..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Hisil--Carter--Dawson -compute A = X1^2 -compute B = Y1^2 -compute C = (2 c Z1)^2 -compute D = (A+B)^2 -compute E = 2(A+B)(A-B) -compute F = A C -compute G = B C -compute X3 = X1(E-(D-G))(D-G) -compute Y3 = Y1(E+(D-F))(D-F) -compute Z3 = Z1(E-(D-G))(E+(D-F)) diff --git a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd.op3 b/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd.op3 deleted file mode 100644 index 3873e6b..0000000 --- a/pyecsca/ec/efd/edwards/projective/tripling/tpl-2007-hcd.op3 +++ /dev/null @@ -1,29 +0,0 @@ -A = X1^2 -B = Y1^2 -t0 = c*Z1 -t1 = 2*t0 -C = t1^2 -t2 = A+B -D = t2^2 -t3 = A+B -t4 = A-B -t5 = t3*t4 -E = 2*t5 -F = A*C -G = B*C -t6 = D-G -t7 = E-t6 -t8 = D-G -t9 = t7*t8 -X3 = X1*t9 -t10 = D-F -t11 = E+t10 -t12 = D-F -t13 = t11*t12 -Y3 = Y1*t13 -t14 = D-G -t15 = D-F -t16 = E-t14 -t17 = E+t15 -t18 = t16*t17 -Z3 = Z1*t18 diff --git a/pyecsca/ec/efd/edwards/projective/variables b/pyecsca/ec/efd/edwards/projective/variables deleted file mode 100644 index 9c6045b..0000000 --- a/pyecsca/ec/efd/edwards/projective/variables +++ /dev/null @@ -1,6 +0,0 @@ -name projective coordinates -variable X -variable Y -variable Z -satisfying x = X/Z -satisfying y = Y/Z diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g b/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g deleted file mode 100644 index 6ab2f30..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g +++ /dev/null @@ -1,7 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on page 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5 -parameter s -assume s = (1+r)/(1-r) -compute V = s(r Z2^2-Y2^2)(r Z3^2-Y3^2) -compute W = (r Z2^2+Y2^2)(r Z3^2+Y3^2) -compute Y4 = r Z1(W-V) -compute Z4 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2 b/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2 deleted file mode 100644 index d7bb994..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2 +++ /dev/null @@ -1,11 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on page 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5; plus common-subexpression elimination -parameter s -assume s = (1+r)/(1-r) -compute YY2 = Y2^2 -compute ZZ2 = r Z2^2 -compute YY3 = Y3^2 -compute ZZ3 = r Z3^2 -compute V = s(ZZ2-YY2)(ZZ3-YY3) -compute W = (ZZ2+YY2)(ZZ3+YY3) -compute Y4 = (r Z1)(W-V) -compute Z4 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2.op3 deleted file mode 100644 index 0686bc1..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g-2.op3 +++ /dev/null @@ -1,18 +0,0 @@ -YY2 = Y2^2 -t0 = Z2^2 -ZZ2 = r*t0 -YY3 = Y3^2 -t1 = Z3^2 -ZZ3 = r*t1 -t2 = ZZ2-YY2 -t3 = ZZ3-YY3 -t4 = t2*t3 -V = s*t4 -t5 = ZZ2+YY2 -t6 = ZZ3+YY3 -W = t5*t6 -t7 = r*Z1 -t8 = W-V -Y4 = t7*t8 -t9 = W+V -Z4 = Y1*t9 diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g.op3 b/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g.op3 deleted file mode 100644 index 584ce61..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/dadd-2006-g.op3 +++ /dev/null @@ -1,24 +0,0 @@ -t0 = Z2^2 -t1 = Y2^2 -t2 = Z3^2 -t3 = Y3^2 -t4 = r*t2 -t5 = r*t0 -t6 = t5-t1 -t7 = t4-t3 -t8 = t6*t7 -V = s*t8 -t9 = Z2^2 -t10 = Y2^2 -t11 = Z3^2 -t12 = Y3^2 -t13 = r*t11 -t14 = r*t9 -t15 = t14+t10 -t16 = t13+t12 -W = t15*t16 -t17 = W-V -t18 = Z1*t17 -Y4 = r*t18 -t19 = W+V -Z4 = Y1*t19 diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2 b/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2 deleted file mode 100644 index 2ddd828..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2 +++ /dev/null @@ -1,12 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on page 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5; plus common-subexpression elimination; plus assumption Z1=1 -parameter s -assume s = (1+r)/(1-r) -assume Z1 = 1 -compute YY2 = Y2^2 -compute ZZ2 = r Z2^2 -compute YY3 = Y3^2 -compute ZZ3 = r Z3^2 -compute V = s(ZZ2-YY2)(ZZ3-YY3) -compute W = (ZZ2+YY2)(ZZ3+YY3) -compute Y4 = r(W-V) -compute Z4 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2.op3 deleted file mode 100644 index c888d1f..0000000 --- a/pyecsca/ec/efd/edwards/yz/diffadd/mdadd-2006-g-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -YY2 = Y2^2 -t0 = Z2^2 -ZZ2 = r*t0 -YY3 = Y3^2 -t1 = Z3^2 -ZZ3 = r*t1 -t2 = ZZ2-YY2 -t3 = ZZ3-YY3 -t4 = t2*t3 -V = s*t4 -t5 = ZZ2+YY2 -t6 = ZZ3+YY3 -W = t5*t6 -t7 = W-V -Y4 = r*t7 -t8 = W+V -Z4 = Y1*t8 diff --git a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g b/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g deleted file mode 100644 index 3cc3673..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g +++ /dev/null @@ -1,7 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z3/Y3 -parameter s -assume s = (1+r)/(1-r) -compute V = s(r Z1^2-Y1^2)^2 -compute W = (r Z1^2+Y1^2)^2 -compute Y3 = W-V -compute Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2 b/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2 deleted file mode 100644 index 2f90481..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2 +++ /dev/null @@ -1,9 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z3/Y3; plus common-subexpression elimination -parameter s -assume s = (1+r)/(1-r) -compute YY = Y1^2 -compute ZZ = r Z1^2 -compute V = s(ZZ-YY)^2 -compute W = (ZZ+YY)^2 -compute Y3 = W-V -compute Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2.op3 deleted file mode 100644 index 4954f59..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g-2.op3 +++ /dev/null @@ -1,10 +0,0 @@ -YY = Y1^2 -t0 = Z1^2 -ZZ = r*t0 -t1 = ZZ-YY -t2 = t1^2 -V = s*t2 -t3 = ZZ+YY -W = t3^2 -Y3 = W-V -Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g.op3 b/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g.op3 deleted file mode 100644 index be78d4c..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/dbl-2006-g.op3 +++ /dev/null @@ -1,13 +0,0 @@ -t0 = Z1^2 -t1 = Y1^2 -t2 = r*t0 -t3 = t2-t1 -t4 = t3^2 -V = s*t4 -t5 = Z1^2 -t6 = Y1^2 -t7 = r*t5 -t8 = t7+t6 -W = t8^2 -Y3 = W-V -Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2 b/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2 deleted file mode 100644 index 3a58e29..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z3/Y3; plus common-subexpression elimination; plus assumption Z1=1; plus standard simplification -parameter s -assume s = (1+r)/(1-r) -parameter r2 -assume r2 = 2*r -assume Z1 = 1 -compute YY = Y1^2 -compute A = r2 YY -compute B = d + YY^2 -compute V = s(B-A) -compute W = B+A -compute Y3 = W-V -compute Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2.op3 deleted file mode 100644 index 29a9d69..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-2.op3 +++ /dev/null @@ -1,9 +0,0 @@ -YY = Y1^2 -A = r2*YY -t0 = YY^2 -B = d+t0 -t1 = B-A -V = s*t1 -W = B+A -Y3 = W-V -Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3 b/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3 deleted file mode 100644 index b7f7615..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3 +++ /dev/null @@ -1,10 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z3/Y3; plus common-subexpression elimination; plus assumption Z1=1; plus standard simplification -parameter s -assume s = (1+r)/(1-r) -assume Z1 = 1 -compute YY = Y1^2 -compute B = d + YY^2 -compute W = (r+YY)^2 -compute V = s(2 B-W) -compute Y3 = W-V -compute Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3.op3 b/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3.op3 deleted file mode 100644 index e82b83e..0000000 --- a/pyecsca/ec/efd/edwards/yz/doubling/mdbl-2006-g-3.op3 +++ /dev/null @@ -1,10 +0,0 @@ -YY = Y1^2 -t0 = YY^2 -B = d+t0 -t1 = r+YY -W = t1^2 -t2 = 2*B -t3 = t2-W -V = s*t3 -Y3 = W-V -Z3 = W+V diff --git a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g b/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g deleted file mode 100644 index 229acb7..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g +++ /dev/null @@ -1,11 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5 -parameter s -assume s = (1+r)/(1-r) -compute V2 = s(r Z2^2-Y2^2)^2 -compute W2 = (r Z2^2+Y2^2)^2 -compute Y4 = W2-V2 -compute Z4 = W2+V2 -compute V = s(r Z2^2-Y2^2)(r Z3^2-Y3^2) -compute W = (r Z2^2+Y2^2)(r Z3^2+Y3^2) -compute Y5 = r Z1(W-V) -compute Z5 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2 b/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2 deleted file mode 100644 index 014f607..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2 +++ /dev/null @@ -1,17 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5; plus common-subexpression elimination -parameter s -assume s = (1+r)/(1-r) -compute YY2 = Y2^2 -compute ZZ2 = r Z2^2 -compute A = ZZ2-YY2 -compute B = ZZ2+YY2 -compute YY3 = Y3^2 -compute ZZ3 = r Z3^2 -compute V2 = s A^2 -compute W2 = B^2 -compute Y4 = W2-V2 -compute Z4 = W2+V2 -compute V = s A(ZZ3-YY3) -compute W = B(ZZ3+YY3) -compute Y5 = (r Z1)(W-V) -compute Z5 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2.op3 deleted file mode 100644 index 517f8b3..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g-2.op3 +++ /dev/null @@ -1,23 +0,0 @@ -YY2 = Y2^2 -t0 = Z2^2 -ZZ2 = r*t0 -A = ZZ2-YY2 -B = ZZ2+YY2 -YY3 = Y3^2 -t1 = Z3^2 -ZZ3 = r*t1 -t2 = A^2 -V2 = s*t2 -W2 = B^2 -Y4 = W2-V2 -Z4 = W2+V2 -t3 = ZZ3-YY3 -t4 = A*t3 -V = s*t4 -t5 = ZZ3+YY3 -W = B*t5 -t6 = r*Z1 -t7 = W-V -Y5 = t6*t7 -t8 = W+V -Z5 = Y1*t8 diff --git a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g.op3 b/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g.op3 deleted file mode 100644 index f576bc2..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/ladd-2006-g.op3 +++ /dev/null @@ -1,37 +0,0 @@ -t0 = Z2^2 -t1 = Y2^2 -t2 = r*t0 -t3 = t2-t1 -t4 = t3^2 -V2 = s*t4 -t5 = Z2^2 -t6 = Y2^2 -t7 = r*t5 -t8 = t7+t6 -W2 = t8^2 -Y4 = W2-V2 -Z4 = W2+V2 -t9 = Z2^2 -t10 = Y2^2 -t11 = Z3^2 -t12 = Y3^2 -t13 = r*t11 -t14 = r*t9 -t15 = t14-t10 -t16 = t13-t12 -t17 = t15*t16 -V = s*t17 -t18 = Z2^2 -t19 = Y2^2 -t20 = Z3^2 -t21 = Y3^2 -t22 = r*t20 -t23 = r*t18 -t24 = t23+t19 -t25 = t22+t21 -W = t24*t25 -t26 = W-V -t27 = Z1*t26 -Y5 = r*t27 -t28 = W+V -Z5 = Y1*t28 diff --git a/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2 b/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2 deleted file mode 100644 index bfc7677..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2 +++ /dev/null @@ -1,18 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by r Z2^2/Y2^2 and r Z3^2/Y3^2 and r Z1^2/Y1^2, intermediate x'/y' replaced by W/V, output X/Y replaced by sqrt(r) Z5/Y5; plus common-subexpression elimination; plus assumption Z1=1 -parameter s -assume s = (1+r)/(1-r) -assume Z1 = 1 -compute YY2 = Y2^2 -compute ZZ2 = r Z2^2 -compute A = ZZ2-YY2 -compute B = ZZ2+YY2 -compute YY3 = Y3^2 -compute ZZ3 = r Z3^2 -compute V2 = s A^2 -compute W2 = B^2 -compute Y4 = W2-V2 -compute Z4 = W2+V2 -compute V = s A(ZZ3-YY3) -compute W = B(ZZ3+YY3) -compute Y5 = r(W-V) -compute Z5 = Y1(W+V) diff --git a/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2.op3 deleted file mode 100644 index 1299de3..0000000 --- a/pyecsca/ec/efd/edwards/yz/ladder/mladd-2006-g-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -YY2 = Y2^2 -t0 = Z2^2 -ZZ2 = r*t0 -A = ZZ2-YY2 -B = ZZ2+YY2 -YY3 = Y3^2 -t1 = Z3^2 -ZZ3 = r*t1 -t2 = A^2 -V2 = s*t2 -W2 = B^2 -Y4 = W2-V2 -Z4 = W2+V2 -t3 = ZZ3-YY3 -t4 = A*t3 -V = s*t4 -t5 = ZZ3+YY3 -W = B*t5 -t6 = W-V -Y5 = r*t6 -t7 = W+V -Z5 = Y1*t7 diff --git a/pyecsca/ec/efd/edwards/yz/scaling/scale b/pyecsca/ec/efd/edwards/yz/scaling/scale deleted file mode 100644 index 8c5563b..0000000 --- a/pyecsca/ec/efd/edwards/yz/scaling/scale +++ /dev/null @@ -1,2 +0,0 @@ -compute Y3 = Y1 / Z1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/yz/scaling/scale.op3 b/pyecsca/ec/efd/edwards/yz/scaling/scale.op3 deleted file mode 100644 index b35c4ba..0000000 --- a/pyecsca/ec/efd/edwards/yz/scaling/scale.op3 +++ /dev/null @@ -1,3 +0,0 @@ -t0 = 1/Z1 -Y3 = Y1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/yz/variables b/pyecsca/ec/efd/edwards/yz/variables deleted file mode 100644 index 8481675..0000000 --- a/pyecsca/ec/efd/edwards/yz/variables +++ /dev/null @@ -1,7 +0,0 @@ -name YZ coordinates with square d -parameter r -assume c = 1 -assume d = r^2 -variable Y -variable Z -satisfying r*y = Y/Z diff --git a/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g b/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g deleted file mode 100644 index ab03316..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g +++ /dev/null @@ -1,7 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on page 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5 -parameter s -assume s = (1+r)/(1-r) -compute V = s(Z2-Y2)(Z3-Y3) -compute W = (Z2+Y2)(Z3+Y3) -compute Y4 = Z1(W-V)^2 -compute Z4 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g.op3 deleted file mode 100644 index 40d57b8..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/diffadd/dadd-2006-g.op3 +++ /dev/null @@ -1,13 +0,0 @@ -t0 = Z2-Y2 -t1 = Z3-Y3 -t2 = t0*t1 -V = s*t2 -t3 = Z2+Y2 -t4 = Z3+Y3 -W = t3*t4 -t5 = W-V -t6 = t5^2 -Y4 = Z1*t6 -t7 = W+V -t8 = t7^2 -Z4 = Y1*t8 diff --git a/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g b/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g deleted file mode 100644 index 2c6e1ac..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g +++ /dev/null @@ -1,8 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on page 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5; plus assumption Z1=1 -assume Z1 = 1 -parameter s -assume s = (1+r)/(1-r) -compute V = s(Z2-Y2)(Z3-Y3) -compute W = (Z2+Y2)(Z3+Y3) -compute Y4 = (W-V)^2 -compute Z4 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g.op3 deleted file mode 100644 index 8e82aa3..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/diffadd/mdadd-2006-g.op3 +++ /dev/null @@ -1,12 +0,0 @@ -t0 = Z2-Y2 -t1 = Z3-Y3 -t2 = t0*t1 -V = s*t2 -t3 = Z2+Y2 -t4 = Z3+Y3 -W = t3*t4 -t5 = W-V -Y4 = t5^2 -t6 = W+V -t7 = t6^2 -Z4 = Y1*t7 diff --git a/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g b/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g deleted file mode 100644 index 6bf616e..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g +++ /dev/null @@ -1,7 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z3/Y3 -parameter s -assume s = (1+r)/(1-r) -compute V = s(Z1-Y1)^2 -compute W = (Z1+Y1)^2 -compute Y3 = (W-V)^2 -compute Z3 = r(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g.op3 deleted file mode 100644 index 7360c87..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/doubling/dbl-2006-g.op3 +++ /dev/null @@ -1,10 +0,0 @@ -t0 = Z1-Y1 -t1 = t0^2 -V = s*t1 -t2 = Z1+Y1 -W = t2^2 -t3 = W-V -Y3 = t3^2 -t4 = W+V -t5 = t4^2 -Z3 = r*t5 diff --git a/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g b/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g deleted file mode 100644 index 60af410..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g +++ /dev/null @@ -1,8 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", page 22/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 and b/a on page 22/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 replaced by Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z3/Y3; plus assumption Z1=1; plus standard simplification -assume Z1 = 1 -parameter s -assume s = (1+r)/(1-r) -compute W = (1+Y1)^2 -compute V = s(W-4 Y1) -compute Y3 = (W-V)^2 -compute Z3 = r(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g.op3 deleted file mode 100644 index 512e52d..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/doubling/mdbl-2006-g.op3 +++ /dev/null @@ -1,10 +0,0 @@ -t0 = 1+Y1 -W = t0^2 -t1 = 4*Y1 -t2 = W-t1 -V = s*t2 -t3 = W-V -Y3 = t3^2 -t4 = W+V -t5 = t4^2 -Z3 = r*t5 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g b/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g deleted file mode 100644 index dc25d53..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g +++ /dev/null @@ -1,11 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5 -parameter s -assume s = (1+r)/(1-r) -compute V2 = s(Z2-Y2)^2 -compute W2 = (Z2+Y2)^2 -compute Y4 = (W2-V2)^2 -compute Z4 = r(W2+V2)^2 -compute V = s(Z2-Y2)(Z3-Y3) -compute W = (Z2+Y2)(Z3+Y3) -compute Y5 = Z1(W-V)^2 -compute Z5 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2 b/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2 deleted file mode 100644 index 0266100..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5; plus common-subexpression elimination -parameter s -assume s = (1+r)/(1-r) -compute A = Z2-Y2 -compute B = Z2+Y2 -compute V2 = s A^2 -compute W2 = B^2 -compute Y4 = (W2-V2)^2 -compute Z4 = r(W2+V2)^2 -compute V = s A(Z3-Y3) -compute W = B(Z3+Y3) -compute Y5 = Z1(W-V)^2 -compute Z5 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2.op3 deleted file mode 100644 index 0a98e01..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g-2.op3 +++ /dev/null @@ -1,21 +0,0 @@ -A = Z2-Y2 -B = Z2+Y2 -t0 = A^2 -V2 = s*t0 -W2 = B^2 -t1 = W2-V2 -Y4 = t1^2 -t2 = W2+V2 -t3 = t2^2 -Z4 = r*t3 -t4 = Z3-Y3 -t5 = A*t4 -V = s*t5 -t6 = Z3+Y3 -W = B*t6 -t7 = W-V -t8 = t7^2 -Y5 = Z1*t8 -t9 = W+V -t10 = t9^2 -Z5 = Y1*t10 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g.op3 deleted file mode 100644 index 1247fba..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/ladd-2006-g.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z2-Y2 -t1 = t0^2 -V2 = s*t1 -t2 = Z2+Y2 -W2 = t2^2 -t3 = W2-V2 -Y4 = t3^2 -t4 = W2+V2 -t5 = t4^2 -Z4 = r*t5 -t6 = Z2-Y2 -t7 = Z3-Y3 -t8 = t6*t7 -V = s*t8 -t9 = Z2+Y2 -t10 = Z3+Y3 -W = t9*t10 -t11 = W-V -t12 = t11^2 -Y5 = Z1*t12 -t13 = W+V -t14 = t13^2 -Z5 = Y1*t14 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g b/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g deleted file mode 100644 index 3f4f4b0..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g +++ /dev/null @@ -1,12 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5; plus assumption Z1=1 -assume Z1 = 1 -parameter s -assume s = (1+r)/(1-r) -compute V2 = s(Z2-Y2)^2 -compute W2 = (Z2+Y2)^2 -compute Y4 = (W2-V2)^2 -compute Z4 = r(W2+V2)^2 -compute V = s(Z2-Y2)(Z3-Y3) -compute W = (Z2+Y2)(Z3+Y3) -compute Y5 = (W-V)^2 -compute Z5 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2 b/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2 deleted file mode 100644 index 50930f8..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2 +++ /dev/null @@ -1,14 +0,0 @@ -source 2006 Gaudry "Variants of the Montgomery form based on Theta functions", pages 22/52 and 23/52, with A^2/B^2 = (a^2+b^2)/(a^2-b^2) as on page 20/52, replacing incorrect B^2/A^2 on pages 22/52 and 23/52 with correct A^2/B^2 and a/b; or 2009 Gaudry--Lubicz "The arithmetic of characteristic 2 Kummer surfaces and of elliptic Kummer lines", Section 6.2, replacing incorrect A'/B' = (a^2+b^2)/(a^2-b^2) with correct A'^2/B'^2 = (a^2+b^2)/(a^2-b^2), replacing A'^2/B'^2 with A^2/B^2, and replacing z... with y...; plus notation changes: a/b and A^2/B^2 defined as 1/sqrt(r) and (1+r)/(1-r), input x^2/y^2 etc. replaced by Z2/Y2 and Z3/Y3 and Z1/Y1, intermediate x'/y' replaced by W/V, output X^2/Y^2 replaced by Z5/Y5; plus common-subexpression elimination; plus assumption Z1=1 -assume Z1 = 1 -parameter s -assume s = (1+r)/(1-r) -compute A = Z2-Y2 -compute B = Z2+Y2 -compute V2 = s A^2 -compute W2 = B^2 -compute Y4 = (W2-V2)^2 -compute Z4 = r(W2+V2)^2 -compute V = s A(Z3-Y3) -compute W = B(Z3+Y3) -compute Y5 = (W-V)^2 -compute Z5 = Y1(W+V)^2 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2.op3 b/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2.op3 deleted file mode 100644 index b1acdc4..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g-2.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = Z2-Y2 -B = Z2+Y2 -t0 = A^2 -V2 = s*t0 -W2 = B^2 -t1 = W2-V2 -Y4 = t1^2 -t2 = W2+V2 -t3 = t2^2 -Z4 = r*t3 -t4 = Z3-Y3 -t5 = A*t4 -V = s*t5 -t6 = Z3+Y3 -W = B*t6 -t7 = W-V -Y5 = t7^2 -t8 = W+V -t9 = t8^2 -Z5 = Y1*t9 diff --git a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g.op3 b/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g.op3 deleted file mode 100644 index 1d8670a..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/ladder/mladd-2006-g.op3 +++ /dev/null @@ -1,22 +0,0 @@ -t0 = Z2-Y2 -t1 = t0^2 -V2 = s*t1 -t2 = Z2+Y2 -W2 = t2^2 -t3 = W2-V2 -Y4 = t3^2 -t4 = W2+V2 -t5 = t4^2 -Z4 = r*t5 -t6 = Z2-Y2 -t7 = Z3-Y3 -t8 = t6*t7 -V = s*t8 -t9 = Z2+Y2 -t10 = Z3+Y3 -W = t9*t10 -t11 = W-V -Y5 = t11^2 -t12 = W+V -t13 = t12^2 -Z5 = Y1*t13 diff --git a/pyecsca/ec/efd/edwards/yzsquared/scaling/scale b/pyecsca/ec/efd/edwards/yzsquared/scaling/scale deleted file mode 100644 index 8c5563b..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/scaling/scale +++ /dev/null @@ -1,2 +0,0 @@ -compute Y3 = Y1 / Z1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/yzsquared/scaling/scale.op3 b/pyecsca/ec/efd/edwards/yzsquared/scaling/scale.op3 deleted file mode 100644 index b35c4ba..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/scaling/scale.op3 +++ /dev/null @@ -1,3 +0,0 @@ -t0 = 1/Z1 -Y3 = Y1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/edwards/yzsquared/variables b/pyecsca/ec/efd/edwards/yzsquared/variables deleted file mode 100644 index 439f49f..0000000 --- a/pyecsca/ec/efd/edwards/yzsquared/variables +++ /dev/null @@ -1,7 +0,0 @@ -name squared YZ coordinates with square d -parameter r -assume c = 1 -assume d = r^2 -variable Y -variable Z -satisfying r*y^2 = Y/Z diff --git a/pyecsca/ec/efd/montgom/coordinates b/pyecsca/ec/efd/montgom/coordinates deleted file mode 100644 index d3b7f4e..0000000 --- a/pyecsca/ec/efd/montgom/coordinates +++ /dev/null @@ -1,23 +0,0 @@ -name Montgomery curves -parameter a -parameter b -coordinate x -coordinate y -satisfying b*y^2 == x^3 + a*x^2 + x -ysquared (x^3+a*x^2+x)/b -addition x = b*(y2-y1)^2/(x2-x1)^2-a-x1-x2 -addition y = (2*x1+x2+a)*(y2-y1)/(x2-x1)-b*(y2-y1)^3/(x2-x1)^3-y1 -doubling x = b*(3*x1^2+2*a*x1+1)^2/(2*b*y1)^2-a-x1-x1 -doubling y = (2*x1+x1+a)*(3*x1^2+2*a*x1+1)/(2*b*y1)-b*(3*x1^2+2*a*x1+1)^3/(2*b*y1)^3-y1 -negation x = x1 -negation y = -y1 -toweierstrass weierx = x -toweierstrass weiery = y -a0 = b -a1 = 0 -a2 = a -a3 = 0 -a4 = 1 -a6 = 0 -fromweierstrass x = weierx -fromweierstrass y = weiery diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m deleted file mode 100644 index b0e2c79..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m +++ /dev/null @@ -1,3 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, third display -compute X4 = Z1(X2 X3-Z2 Z3)^2 -compute Z4 = X1(X2 Z3-Z2 X3)^2 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2 b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2 deleted file mode 100644 index 8d5ef46..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2 +++ /dev/null @@ -1,3 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth display -compute X4 = Z1((X3-Z3)(X2+Z2)+(X3+Z3)(X2-Z2))^2 -compute Z4 = X1((X3-Z3)(X2+Z2)-(X3+Z3)(X2-Z2))^2 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2.op3 b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2.op3 deleted file mode 100644 index 8cc9c2c..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-2.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = X3-Z3 -t1 = X2+Z2 -t2 = X3+Z3 -t3 = X2-Z2 -t4 = t2*t3 -t5 = t0*t1 -t6 = t5+t4 -t7 = t6^2 -X4 = Z1*t7 -t8 = X3-Z3 -t9 = X2+Z2 -t10 = X3+Z3 -t11 = X2-Z2 -t12 = t10*t11 -t13 = t8*t9 -t14 = t13-t12 -t15 = t14^2 -Z4 = X1*t15 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3 b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3 deleted file mode 100644 index adb5e88..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3 +++ /dev/null @@ -1,9 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth display, plus common-subexpression elimination -compute A = X2+Z2 -compute B = X2-Z2 -compute C = X3+Z3 -compute D = X3-Z3 -compute DA = D A -compute CB = C B -compute X4 = Z1(DA+CB)^2 -compute Z4 = X1(DA-CB)^2 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3.op3 b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3.op3 deleted file mode 100644 index 011bb85..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m-3.op3 +++ /dev/null @@ -1,12 +0,0 @@ -A = X2+Z2 -B = X2-Z2 -C = X3+Z3 -D = X3-Z3 -DA = D*A -CB = C*B -t0 = DA+CB -t1 = t0^2 -X4 = Z1*t1 -t2 = DA-CB -t3 = t2^2 -Z4 = X1*t3 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m.op3 deleted file mode 100644 index 5e55d59..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/dadd-1987-m.op3 +++ /dev/null @@ -1,10 +0,0 @@ -t0 = Z2*Z3 -t1 = X2*X3 -t2 = t1-t0 -t3 = t2^2 -X4 = Z1*t3 -t4 = Z2*X3 -t5 = X2*Z3 -t6 = t5-t4 -t7 = t6^2 -Z4 = X1*t7 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m b/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m deleted file mode 100644 index 4ae695c..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m +++ /dev/null @@ -1,10 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth display, plus common-subexpression elimination, plus assumption Z1=1 -assume Z1 = 1 -compute A = X2+Z2 -compute B = X2-Z2 -compute C = X3+Z3 -compute D = X3-Z3 -compute DA = D A -compute CB = C B -compute X4 = (DA+CB)^2 -compute Z4 = X1(DA-CB)^2 diff --git a/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m.op3 deleted file mode 100644 index 3b321d0..0000000 --- a/pyecsca/ec/efd/montgom/xz/diffadd/mdadd-1987-m.op3 +++ /dev/null @@ -1,11 +0,0 @@ -A = X2+Z2 -B = X2-Z2 -C = X3+Z3 -D = X3-Z3 -DA = D*A -CB = C*B -t0 = DA+CB -X4 = t0^2 -t1 = DA-CB -t2 = t1^2 -Z4 = X1*t2 diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m deleted file mode 100644 index c12912a..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m +++ /dev/null @@ -1,3 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fourth display -compute X3 = (X1^2-Z1^2)^2 -compute Z3 = 4 X1 Z1 (X1^2 + a X1 Z1 + Z1^2) diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2 b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2 deleted file mode 100644 index bb52e95..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2 +++ /dev/null @@ -1,5 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, sixth display -parameter a24 -assume 4*a24 = a+2 -compute X3 = (X1+Z1)^2 (X1-Z1)^2 -compute Z3 = (4 X1 Z1)((X1-Z1)^2 + a24(4 X1 Z1)) diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2.op3 b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2.op3 deleted file mode 100644 index 329d655..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-2.op3 +++ /dev/null @@ -1,14 +0,0 @@ -t0 = X1+Z1 -t1 = X1-Z1 -t2 = t0^2 -t3 = t1^2 -X3 = t2*t3 -t4 = X1*Z1 -t5 = 4*t4 -t6 = X1-Z1 -t7 = t6^2 -t8 = a24*t5 -t9 = X1*Z1 -t10 = 4*t9 -t11 = t7+t8 -Z3 = t10*t11 diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3 b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3 deleted file mode 100644 index 981f838..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3 +++ /dev/null @@ -1,10 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, sixth display, plus common-subexpression elimination -parameter a24 -assume 4*a24 = a+2 -compute A = X1+Z1 -compute AA = A^2 -compute B = X1-Z1 -compute BB = B^2 -compute C = AA-BB -compute X3 = AA BB -compute Z3 = C(BB + a24 C) diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3.op3 b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3.op3 deleted file mode 100644 index 175d46b..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m-3.op3 +++ /dev/null @@ -1,9 +0,0 @@ -A = X1+Z1 -AA = A^2 -B = X1-Z1 -BB = B^2 -C = AA-BB -X3 = AA*BB -t0 = a24*C -t1 = BB+t0 -Z3 = C*t1 diff --git a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m.op3 deleted file mode 100644 index 0993ef2..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/dbl-1987-m.op3 +++ /dev/null @@ -1,13 +0,0 @@ -t0 = X1^2 -t1 = Z1^2 -t2 = t0-t1 -X3 = t2^2 -t3 = X1^2 -t4 = Z1^2 -t5 = X1*Z1 -t6 = a*t5 -t7 = t3+t6 -t8 = t7+t4 -t9 = Z1*t8 -t10 = X1*t9 -Z3 = 4*t10 diff --git a/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m b/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m deleted file mode 100644 index b6850bf..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m +++ /dev/null @@ -1,5 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fourth display, plus assumption Z1=1, plus common-subexpression elimination -assume Z1 = 1 -compute XX1 = X1^2 -compute X3 = (XX1-1)^2 -compute Z3 = 4 X1 (XX1 + a X1 + 1) diff --git a/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m.op3 deleted file mode 100644 index c94a9d0..0000000 --- a/pyecsca/ec/efd/montgom/xz/doubling/mdbl-1987-m.op3 +++ /dev/null @@ -1,8 +0,0 @@ -XX1 = X1^2 -t0 = XX1-1 -X3 = t0^2 -t1 = a*X1 -t2 = XX1+t1 -t3 = t2+1 -t4 = X1*t3 -Z3 = 4*t4 diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m deleted file mode 100644 index 35ebff6..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m +++ /dev/null @@ -1,5 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, third and fourth displays -compute X5 = Z1(X2 X3-Z2 Z3)^2 -compute Z5 = X1(X2 Z3-Z2 X3)^2 -compute X4 = (X2^2-Z2^2)^2 -compute Z4 = 4 X2 Z2 (X2^2 + a X2 Z2 + Z2^2) diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2 b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2 deleted file mode 100644 index b9326b1..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2 +++ /dev/null @@ -1,7 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth and sixth displays -parameter a24 -assume 4*a24 = a+2 -compute X5 = Z1((X3-Z3)(X2+Z2)+(X3+Z3)(X2-Z2))^2 -compute Z5 = X1((X3-Z3)(X2+Z2)-(X3+Z3)(X2-Z2))^2 -compute X4 = (X2+Z2)^2 (X2-Z2)^2 -compute Z4 = (4 X2 Z2)((X2-Z2)^2 + a24(4 X2 Z2)) diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2.op3 b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2.op3 deleted file mode 100644 index d3bd6af..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-2.op3 +++ /dev/null @@ -1,32 +0,0 @@ -t0 = X3-Z3 -t1 = X2+Z2 -t2 = X3+Z3 -t3 = X2-Z2 -t4 = t2*t3 -t5 = t0*t1 -t6 = t5+t4 -t7 = t6^2 -X5 = Z1*t7 -t8 = X3-Z3 -t9 = X2+Z2 -t10 = X3+Z3 -t11 = X2-Z2 -t12 = t10*t11 -t13 = t8*t9 -t14 = t13-t12 -t15 = t14^2 -Z5 = X1*t15 -t16 = X2+Z2 -t17 = X2-Z2 -t18 = t16^2 -t19 = t17^2 -X4 = t18*t19 -t20 = X2*Z2 -t21 = 4*t20 -t22 = X2-Z2 -t23 = t22^2 -t24 = a24*t21 -t25 = X2*Z2 -t26 = 4*t25 -t27 = t23+t24 -Z4 = t26*t27 diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3 b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3 deleted file mode 100644 index d8b9b94..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3 +++ /dev/null @@ -1,16 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth and sixth displays, plus common-subexpression elimination -parameter a24 -assume 4*a24 = a+2 -compute A = X2+Z2 -compute AA = A^2 -compute B = X2-Z2 -compute BB = B^2 -compute E = AA-BB -compute C = X3+Z3 -compute D = X3-Z3 -compute DA = D A -compute CB = C B -compute X5 = Z1(DA+CB)^2 -compute Z5 = X1(DA-CB)^2 -compute X4 = AA BB -compute Z4 = E(BB + a24 E) diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3.op3 b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3.op3 deleted file mode 100644 index 4296bf4..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m-3.op3 +++ /dev/null @@ -1,19 +0,0 @@ -A = X2+Z2 -AA = A^2 -B = X2-Z2 -BB = B^2 -E = AA-BB -C = X3+Z3 -D = X3-Z3 -DA = D*A -CB = C*B -t0 = DA+CB -t1 = t0^2 -X5 = Z1*t1 -t2 = DA-CB -t3 = t2^2 -Z5 = X1*t3 -X4 = AA*BB -t4 = a24*E -t5 = BB+t4 -Z4 = E*t5 diff --git a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m.op3 deleted file mode 100644 index 53ccfda..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/ladd-1987-m.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z2*Z3 -t1 = X2*X3 -t2 = t1-t0 -t3 = t2^2 -X5 = Z1*t3 -t4 = Z2*X3 -t5 = X2*Z3 -t6 = t5-t4 -t7 = t6^2 -Z5 = X1*t7 -t8 = X2^2 -t9 = Z2^2 -t10 = t8-t9 -X4 = t10^2 -t11 = X2^2 -t12 = Z2^2 -t13 = X2*Z2 -t14 = a*t13 -t15 = t11+t14 -t16 = t15+t12 -t17 = Z2*t16 -t18 = X2*t17 -Z4 = 4*t18 diff --git a/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m b/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m deleted file mode 100644 index 23a5588..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m +++ /dev/null @@ -1,17 +0,0 @@ -source 1987 Montgomery "Speeding the Pollard and elliptic curve methods of factorization", page 261, fifth and sixth displays, plus common-subexpression elimination, plus assumption Z1=1 -assume Z1 = 1 -parameter a24 -assume 4*a24 = a+2 -compute A = X2+Z2 -compute AA = A^2 -compute B = X2-Z2 -compute BB = B^2 -compute E = AA-BB -compute C = X3+Z3 -compute D = X3-Z3 -compute DA = D A -compute CB = C B -compute X5 = (DA+CB)^2 -compute Z5 = X1(DA-CB)^2 -compute X4 = AA BB -compute Z4 = E(BB + a24 E) diff --git a/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m.op3 b/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m.op3 deleted file mode 100644 index 745f888..0000000 --- a/pyecsca/ec/efd/montgom/xz/ladder/mladd-1987-m.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X2+Z2 -AA = A^2 -B = X2-Z2 -BB = B^2 -E = AA-BB -C = X3+Z3 -D = X3-Z3 -DA = D*A -CB = C*B -t0 = DA+CB -X5 = t0^2 -t1 = DA-CB -t2 = t1^2 -Z5 = X1*t2 -X4 = AA*BB -t3 = a24*E -t4 = BB+t3 -Z4 = E*t4 diff --git a/pyecsca/ec/efd/montgom/xz/scaling/scale b/pyecsca/ec/efd/montgom/xz/scaling/scale deleted file mode 100644 index 9309967..0000000 --- a/pyecsca/ec/efd/montgom/xz/scaling/scale +++ /dev/null @@ -1,2 +0,0 @@ -compute X3 = X1 / Z1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/montgom/xz/scaling/scale.op3 b/pyecsca/ec/efd/montgom/xz/scaling/scale.op3 deleted file mode 100644 index 3a6b93c..0000000 --- a/pyecsca/ec/efd/montgom/xz/scaling/scale.op3 +++ /dev/null @@ -1,3 +0,0 @@ -t0 = 1/Z1 -X3 = X1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/montgom/xz/variables b/pyecsca/ec/efd/montgom/xz/variables deleted file mode 100644 index 9863a08..0000000 --- a/pyecsca/ec/efd/montgom/xz/variables +++ /dev/null @@ -1,4 +0,0 @@ -name XZ coordinates -variable X -variable Z -satisfying x = X/Z diff --git a/pyecsca/ec/efd/shortw/coordinates b/pyecsca/ec/efd/shortw/coordinates deleted file mode 100644 index fa93043..0000000 --- a/pyecsca/ec/efd/shortw/coordinates +++ /dev/null @@ -1,23 +0,0 @@ -name short Weierstrass curves -parameter a -parameter b -coordinate x -coordinate y -satisfying y^2 == x^3 + a*x + b -ysquared x^3+a*x+b -addition x = (y2-y1)^2/(x2-x1)^2-x1-x2 -addition y = (2*x1+x2)*(y2-y1)/(x2-x1)-(y2-y1)^3/(x2-x1)^3-y1 -doubling x = (3*x1^2+a)^2/(2*y1)^2-x1-x1 -doubling y = (2*x1+x1)*(3*x1^2+a)/(2*y1)-(3*x1^2+a)^3/(2*y1)^3-y1 -negation x = x1 -negation y = -y1 -toweierstrass weierx = x -toweierstrass weiery = y -a0 = 1 -a1 = 0 -a2 = 0 -a3 = 0 -a4 = a -a6 = b -fromweierstrass x = weierx -fromweierstrass y = weiery diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc deleted file mode 100644 index e3f4775..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc +++ /dev/null @@ -1,11 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.3i) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute P = U2-U1 -compute R = S2-S1 -compute X3 = R^2-(U1+U2) P^2 -compute Y3 = R (U1 P^2-X3)-S1 P^3 -compute Z3 = Z1 Z2 P diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc.op3 deleted file mode 100644 index 9774366..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1986-cc.op3 +++ /dev/null @@ -1,24 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -P = U2-U1 -R = S2-S1 -t4 = U1+U2 -t5 = R^2 -t6 = P^2 -t7 = t4*t6 -X3 = t5-t7 -t8 = P^2 -t9 = U1*t8 -t10 = t9-X3 -t11 = P^3 -t12 = S1*t11 -t13 = R*t10 -Y3 = t13-t12 -t14 = Z2*P -Z3 = Z1*t14 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo deleted file mode 100644 index 681a723..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute H = U2-U1 -compute r = S2-S1 -compute X3 = r^2-H^3-2 U1 H^2 -compute Y3 = r (U1 H^2-X3)-S1 H^3 -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2 deleted file mode 100644 index 9d3659a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5), plus common-subexpression elimination -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute HH = H^2 -compute HHH = H HH -compute r = S2-S1 -compute V = U1 HH -compute X3 = r^2-HHH-2 V -compute Y3 = r (V-X3)-S1 HHH -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 439ab62..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,23 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -HH = H^2 -HHH = H*HH -r = S2-S1 -V = U1*HH -t2 = r^2 -t3 = 2*V -t4 = t2-HHH -X3 = t4-t3 -t5 = V-X3 -t6 = S1*HHH -t7 = r*t5 -Y3 = t7-t6 -t8 = Z2*H -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo.op3 deleted file mode 100644 index 2721e20..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,26 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -H = U2-U1 -r = S2-S1 -t4 = r^2 -t5 = H^3 -t6 = H^2 -t7 = U1*t6 -t8 = 2*t7 -t9 = t4-t5 -X3 = t9-t8 -t10 = H^2 -t11 = U1*t10 -t12 = t11-X3 -t13 = H^3 -t14 = S1*t13 -t15 = r*t12 -Y3 = t15-t14 -t16 = Z2*H -Z3 = Z1*t16 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm deleted file mode 100644 index 36c775f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm +++ /dev/null @@ -1,40 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -unified -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = X2 -compute R5 = Y2 -compute R6 = Z2 -compute R7 = R6^2 -compute R1 = R1 R7 -compute R7 = R6 R7 -compute R2 = R2 R7 -compute R7 = R3^2 -compute R8 = R4 R7 -compute R7 = R3 R7 -compute R7 = R5 R7 -compute R2 = R2-R7 -compute R7 = 2 R7 -compute R7 = R2+R7 -compute R1 = R1-R8 -compute R8 = 2 R8 -compute R8 = R1+R8 -compute R3 = R3 R6 -compute R3 = R3 R1 -compute R7 = R7 R1 -compute R1 = R1^2 -compute R8 = R8 R1 -compute R7 = R7 R1 -compute R1 = R2^2 -compute R1 = R1-R8 -compute R8 = R8-R1 -compute R8 = R8-R1 -compute R8 = R8 R2 -compute R2 = R8-R7 -compute R2 = half R2 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm.op3 deleted file mode 100644 index 5817e98..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-1998-hnm.op3 +++ /dev/null @@ -1,36 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = X2 -R5 = Y2 -R6 = Z2 -R7 = R6^2 -R1 = R1*R7 -R7 = R6*R7 -R2 = R2*R7 -R7 = R3^2 -R8 = R4*R7 -R7 = R3*R7 -R7 = R5*R7 -R2 = R2-R7 -R7 = 2*R7 -R7 = R2+R7 -R1 = R1-R8 -R8 = 2*R8 -R8 = R1+R8 -R3 = R3*R6 -R3 = R3*R1 -R7 = R7*R1 -R1 = R1^2 -R8 = R8*R1 -R7 = R7*R1 -R1 = R2^2 -R1 = R1-R8 -R8 = R8-R1 -R8 = R8-R1 -R8 = R8*R2 -R2 = R8-R7 -R2 = half*R2 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b deleted file mode 100644 index 0ae3011..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b +++ /dev/null @@ -1,19 +0,0 @@ -source 2001 Bernstein http://cr.yp.to/nistp224.html opt-idea53.c ecadd -unified -compute ZZ1 = Z1^2 -compute ZZZ1 = Z1 ZZ1 -compute ZZ2 = Z2^2 -compute ZZZ2 = Z2 ZZ2 -compute A = X1 ZZ2 -compute B = X2 ZZ1 -A -compute c = Y1 ZZZ2 -compute d = Y2 ZZZ1 -c -compute e = B^2 -compute f = B e -compute g = A e -compute h = Z1 Z2 -compute f2g = 2 g+f -compute X3 = d^2-f2g -compute Z3 = B h -compute gx = g-X3 -compute Y3 = d gx-c f diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b.op3 deleted file mode 100644 index 6f362a2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2001-b.op3 +++ /dev/null @@ -1,23 +0,0 @@ -ZZ1 = Z1^2 -ZZZ1 = Z1*ZZ1 -ZZ2 = Z2^2 -ZZZ2 = Z2*ZZ2 -A = X1*ZZ2 -t0 = X2*ZZ1 -B = t0-A -c = Y1*ZZZ2 -t1 = Y2*ZZZ1 -d = t1-c -e = B^2 -f = B*e -g = A*e -h = Z1*Z2 -t2 = 2*g -f2g = t2+f -t3 = d^2 -X3 = t3-f2g -Z3 = B*h -gx = g-X3 -t4 = c*f -t5 = d*gx -Y3 = t5-t4 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl deleted file mode 100644 index 29a4d50..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange; note that the improvement from 12M+4S to 11M+5S was already mentioned in 2001 Bernstein http://cr.yp.to/talks.html#2001.10.29 -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-S1) -compute V = U1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 S1 J -compute Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2) H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl.op3 deleted file mode 100644 index 89085ff..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/add-2007-bl.op3 +++ /dev/null @@ -1,29 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -t2 = 2*H -I = t2^2 -J = H*I -t3 = S2-S1 -r = 2*t3 -V = U1*I -t4 = r^2 -t5 = 2*V -t6 = t4-J -X3 = t6-t5 -t7 = V-X3 -t8 = S1*J -t9 = 2*t8 -t10 = r*t7 -Y3 = t10-t9 -t11 = Z1+Z2 -t12 = t11^2 -t13 = t12-Z1Z1 -t14 = t13-Z2Z2 -Z3 = t14*H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd deleted file mode 100644 index a7486ca..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd +++ /dev/null @@ -1,13 +0,0 @@ -assume Z2=1 -unified -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 Z1 H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv deleted file mode 100644 index f47ecf9..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv +++ /dev/null @@ -1,21 +0,0 @@ -source 2004 Hankerson--Menezes--Vanstone, page 91 -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = T1-X1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T3 = T1^2 -compute T4 = T3 T1 -compute T3 = T3 X1 -compute T1 = 2 T3 -compute X3 = T2^2 -compute X3 = X3-T1 -compute X3 = X3-T4 -compute T3 = T3-X3 -compute T3 = T3 T2 -compute T4 = T4 Y1 -compute Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv.op3 deleted file mode 100644 index 70a991f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2004-hmv.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = T1-X1 -T2 = T2-Y1 -Z3 = Z1*T1 -T3 = T1^2 -T4 = T3*T1 -T3 = T3*X1 -T1 = 2*T3 -X3 = T2^2 -X3 = X3-T1 -X3 = X3-T4 -T3 = T3-X3 -T3 = T3*T2 -T4 = T4*Y1 -Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl deleted file mode 100644 index 6e4a6f1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl +++ /dev/null @@ -1,15 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2=1 -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = (Z1+H)^2-Z1Z1-HH diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl.op3 deleted file mode 100644 index 958774f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -HH = H^2 -I = 4*HH -J = H*I -t1 = S2-Y1 -r = 2*t1 -V = X1*I -t2 = r^2 -t3 = 2*V -t4 = t2-J -X3 = t4-t3 -t5 = V-X3 -t6 = Y1*J -t7 = 2*t6 -t8 = r*t5 -Y3 = t8-t7 -t9 = Z1+H -t10 = t9^2 -t11 = t10-Z1Z1 -Z3 = t11-HH diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g deleted file mode 100644 index 0beec69..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g +++ /dev/null @@ -1,21 +0,0 @@ -source 2008 Giessmann -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = X1-T1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T4 = T1^2 -compute T1 = T1 T4 -compute T4 = T4 X1 -compute X3 = T2^2 -compute X3 = X3+T1 -compute Y3 = T1 Y1 -compute T1 = 2 T4 -compute X3 = X3-T1 -compute T4 = X3-T4 -compute T4 = T4 T2 -compute Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g.op3 deleted file mode 100644 index c0552ea..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd-2008-g.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = X1-T1 -T2 = T2-Y1 -Z3 = Z1*T1 -T4 = T1^2 -T1 = T1*T4 -T4 = T4*X1 -X3 = T2^2 -X3 = X3+T1 -Y3 = T1*Y1 -T1 = 2*T4 -X3 = X3-T1 -T4 = X3-T4 -T4 = T4*T2 -Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/madd.op3 deleted file mode 100644 index e33baa2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/madd.op3 +++ /dev/null @@ -1,22 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -t1 = 2*H -I = t1^2 -J = H*I -t2 = S2-Y1 -r = 2*t2 -V = X1*I -t3 = r^2 -t4 = 2*V -t5 = t3-J -X3 = t5-t4 -t6 = V-X3 -t7 = Y1*J -t8 = 2*t7 -t9 = r*t6 -Y3 = t9-t8 -t10 = Z1*H -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl deleted file mode 100644 index 73dbfbb..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z1=1 -assume Z2=1 -compute H = X2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (Y2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl.op3 deleted file mode 100644 index e91cc9f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/mmadd-2007-bl.op3 +++ /dev/null @@ -1,17 +0,0 @@ -H = X2-X1 -HH = H^2 -I = 4*HH -J = H*I -t0 = Y2-Y1 -r = 2*t0 -V = X1*I -t1 = r^2 -t2 = 2*V -t3 = t1-J -X3 = t3-t2 -t4 = V-X3 -t5 = Y1*J -t6 = 2*t5 -t7 = r*t4 -Y3 = t7-t6 -Z3 = 2*H diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m b/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m deleted file mode 100644 index 589d783..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m +++ /dev/null @@ -1,10 +0,0 @@ -source 2007 Meloni "New point addition formulae for ECC applications", page 192 -unified -assume Z1 = Z2 -compute A = (X2-X1)^2 -compute B = X1 A -compute C = X2 A -compute D = (Y2-Y1)^2 -compute X3 = D-B-C -compute Y3 = (Y2-Y1)(B-X3)-Y1(C-B) -compute Z3 = Z1(X2-X1) diff --git a/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m.op3 b/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m.op3 deleted file mode 100644 index afefe88..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/addition/zadd-2007-m.op3 +++ /dev/null @@ -1,16 +0,0 @@ -t0 = X2-X1 -A = t0^2 -B = X1*A -C = X2*A -t1 = Y2-Y1 -D = t1^2 -t2 = D-B -X3 = t2-C -t3 = Y2-Y1 -t4 = B-X3 -t5 = C-B -t6 = Y1*t5 -t7 = t3*t4 -Y3 = t7-t6 -t8 = X2-X1 -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc deleted file mode 100644 index 56fa583..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc +++ /dev/null @@ -1,7 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.2ii) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1986-cc.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo deleted file mode 100644 index 448809a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo +++ /dev/null @@ -1,7 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 3757742..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6), plus common-subexpression elimination -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute S = 4 X1 YY -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YY^2 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index 0e80d93..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,20 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -t0 = X1*YY -S = 4*t0 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*XX -M = t3+t2 -t4 = M^2 -t5 = 2*S -T = t4-t5 -X3 = T -t6 = S-T -t7 = YY^2 -t8 = 8*t7 -t9 = M*t6 -Y3 = t9-t8 -t10 = Y1*Z1 -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm deleted file mode 100644 index 67375ba..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm +++ /dev/null @@ -1,29 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = R3^2 -compute R3 = R2 R3 -compute R3 = 2 R3 -compute R4 = R4^2 -compute R4 = a R4 -compute R5 = R1^2 -compute R4 = R4+R5 -compute R5 = 2 R5 -compute R4 = R4+R5 -compute R2 = 2 R2 -compute R2 = R2^2 -compute R5 = R2^2 -compute R5 = half R5 -compute R2 = R2 R1 -compute R1 = R4^2 -compute R1 = R1-R2 -compute R1 = R1-R2 -compute R2 = R2-R1 -compute R2 = R2 R4 -compute R2 = R2-R5 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm.op3 deleted file mode 100644 index 003affc..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-1998-hnm.op3 +++ /dev/null @@ -1,26 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = R3^2 -R3 = R2*R3 -R3 = 2*R3 -R4 = R4^2 -R4 = a*R4 -R5 = R1^2 -R4 = R4+R5 -R5 = 2*R5 -R4 = R4+R5 -R2 = 2*R2 -R2 = R2^2 -R5 = R2^2 -R5 = half*R5 -R2 = R2*R1 -R1 = R4^2 -R1 = R1-R2 -R1 = R1-R2 -R2 = R2-R1 -R2 = R2*R4 -R2 = R2-R5 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl deleted file mode 100644 index e6ae5c6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute ZZ = Z1^2 -compute S = 2 ((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YYYY -compute Z3 = (Y1+Z1)^2-YY-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 7f76b36..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,25 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -ZZ = Z1^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = ZZ^2 -t5 = a*t4 -t6 = 3*XX -M = t6+t5 -t7 = M^2 -t8 = 2*S -T = t7-t8 -X3 = T -t9 = S-T -t10 = 8*YYYY -t11 = M*t9 -Y3 = t11-t10 -t12 = Y1+Z1 -t13 = t12^2 -t14 = t13-YY -Z3 = t14-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr deleted file mode 100644 index c0d382c..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr +++ /dev/null @@ -1,12 +0,0 @@ -source 2009.04.01 Arene--Lange--Naehrig--Ritzenthaler -appliesto jacobian-0 -compute A = X1^2 -compute B = Y1^2 -compute ZZ = Z1^2 -compute C = B^2 -compute D = 2 ((X1 + B)^2 - A - C) -compute E = 3 A -compute F = E^2 -compute X3 = F - 2 D -compute Y3 = E (D - X3) - 8 C -compute Z3 = (Y1 + Z1)^2 - B - ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr.op3 deleted file mode 100644 index 5a26209..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-alnr.op3 +++ /dev/null @@ -1,21 +0,0 @@ -A = X1^2 -B = Y1^2 -ZZ = Z1^2 -C = B^2 -t0 = X1+B -t1 = t0^2 -t2 = t1-A -t3 = t2-C -D = 2*t3 -E = 3*A -F = E^2 -t4 = 2*D -X3 = F-t4 -t5 = D-X3 -t6 = 8*C -t7 = E*t5 -Y3 = t7-t6 -t8 = Y1+Z1 -t9 = t8^2 -t10 = t9-B -Z3 = t10-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l deleted file mode 100644 index ef412c3..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l +++ /dev/null @@ -1,11 +0,0 @@ -source 2009.04.01 Lange -appliesto jacobian-0 -compute A = X1^2 -compute B = Y1^2 -compute C = B^2 -compute D = 2 ((X1 + B)^2 - A - C) -compute E = 3 A -compute F = E^2 -compute X3 = F - 2 D -compute Y3 = E (D - X3) - 8 C -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l.op3 deleted file mode 100644 index 260fab8..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/dbl-2009-l.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1^2 -B = Y1^2 -C = B^2 -t0 = X1+B -t1 = t0^2 -t2 = t1-A -t3 = t2-C -D = 2*t3 -E = 3*A -F = E^2 -t4 = 2*D -X3 = F-t4 -t5 = D-X3 -t6 = 8*C -t7 = E*t5 -Y3 = t7-t6 -t8 = Y1*Z1 -Z3 = 2*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl deleted file mode 100644 index 5e3e22e..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1=1 -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute S = 2((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 YYYY -compute Z3 = 2 Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index df25bc2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,19 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = 3*XX -M = t4+a -t5 = M^2 -t6 = 2*S -T = t5-t6 -X3 = T -t7 = S-T -t8 = 8*YYYY -t9 = M*t7 -Y3 = t9-t8 -Z3 = 2*Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/negation/neg b/pyecsca/ec/efd/shortw/jacobian-0/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian-0/negation/neg.op3 b/pyecsca/ec/efd/shortw/jacobian-0/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian-0/scaling/z b/pyecsca/ec/efd/shortw/jacobian-0/scaling/z deleted file mode 100644 index 1e19284..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/scaling/z +++ /dev/null @@ -1,5 +0,0 @@ -compute A = 1/Z1 -compute AA = A^2 -compute X3 = X1*AA -compute Y3 = Y1*AA*A -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/scaling/z.op3 b/pyecsca/ec/efd/shortw/jacobian-0/scaling/z.op3 deleted file mode 100644 index 61856ec..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/scaling/z.op3 +++ /dev/null @@ -1,6 +0,0 @@ -A = 1/Z1 -AA = A^2 -X3 = X1*AA -t0 = AA*A -Y3 = Y1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim deleted file mode 100644 index a9c6d71..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim +++ /dev/null @@ -1,7 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra -compute M = 3 X1^2+a Z1^4 -compute E = 12 X1 Y1^2-M^2 -compute T = 8 Y1^4 -compute X3 = 8 Y1^2 (T-M E)+X1 E^2 -compute Y3 = Y1 (4 (M E-T) (2 T-M E)-E^3) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2 b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2 deleted file mode 100644 index 9eb1356..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra, plus common-subexpression elimination -compute ZZ = Z1^2 -compute YY = Y1^2 -compute C = 2 YY -compute M = 3 X1^2+a ZZ^2 -compute E = 6 X1 C-M^2 -compute EE = E^2 -compute T = 2 C^2 -compute U = M E-T -compute U4 = 4 U -compute X3 = X1 EE-C U4 -compute Y3 = Y1 (U4 (T-U)-E EE) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2.op3 b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2.op3 deleted file mode 100644 index 3d3ae16..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim-2.op3 +++ /dev/null @@ -1,27 +0,0 @@ -ZZ = Z1^2 -YY = Y1^2 -C = 2*YY -t0 = X1^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = M^2 -t5 = X1*C -t6 = 6*t5 -E = t6-t4 -EE = E^2 -t7 = C^2 -T = 2*t7 -t8 = M*E -U = t8-T -U4 = 4*U -t9 = C*U4 -t10 = X1*EE -X3 = t10-t9 -t11 = T-U -t12 = E*EE -t13 = U4*t11 -t14 = t13-t12 -Y3 = Y1*t14 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim.op3 b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim.op3 deleted file mode 100644 index a20c4fd..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2005-dim.op3 +++ /dev/null @@ -1,31 +0,0 @@ -t0 = X1^2 -t1 = Z1^4 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = Y1^2 -t5 = M^2 -t6 = X1*t4 -t7 = 12*t6 -E = t7-t5 -t8 = Y1^4 -T = 8*t8 -t9 = M*E -t10 = T-t9 -t11 = Y1^2 -t12 = E^2 -t13 = X1*t12 -t14 = t11*t10 -t15 = 8*t14 -X3 = t15+t13 -t16 = M*E -t17 = 2*T -t18 = M*E -t19 = t18-T -t20 = t17-t16 -t21 = E^3 -t22 = t19*t20 -t23 = 4*t22 -t24 = t23-t21 -Y3 = Y1*t24 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl deleted file mode 100644 index ad53ad1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute YYYY = YY^2 -compute M = 3 XX+a ZZ^2 -compute MM = M^2 -compute E = 6 ((X1+YY)^2-XX-YYYY)-MM -compute EE = E^2 -compute T = 16 YYYY -compute U = (M+E)^2-MM-EE-T -compute X3 = 4 (X1 EE-4 YY U) -compute Y3 = 8 Y1 (U (T-U)-E EE) -compute Z3 = (Z1+E)^2-ZZ-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl.op3 deleted file mode 100644 index 5a1cda6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/tripling/tpl-2007-bl.op3 +++ /dev/null @@ -1,37 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -YYYY = YY^2 -t0 = ZZ^2 -t1 = a*t0 -t2 = 3*XX -M = t2+t1 -MM = M^2 -t3 = X1+YY -t4 = t3^2 -t5 = t4-XX -t6 = t5-YYYY -t7 = 6*t6 -E = t7-MM -EE = E^2 -T = 16*YYYY -t8 = M+E -t9 = t8^2 -t10 = t9-MM -t11 = t10-EE -U = t11-T -t12 = YY*U -t13 = 4*t12 -t14 = X1*EE -t15 = t14-t13 -X3 = 4*t15 -t16 = T-U -t17 = E*EE -t18 = U*t16 -t19 = t18-t17 -t20 = Y1*t19 -Y3 = 8*t20 -t21 = Z1+E -t22 = t21^2 -t23 = t22-ZZ -Z3 = t23-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-0/variables b/pyecsca/ec/efd/shortw/jacobian-0/variables deleted file mode 100644 index 932bce1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-0/variables +++ /dev/null @@ -1,12 +0,0 @@ -name Jacobian coordinates with a4=0 -assume a = 0 -variable X -variable Y -variable Z -neutral X = 1 -neutral Y = 1 -neutral Z = 0 -satisfying ZZ = Z^2 -satisfying ZZZ = ZZ*Z -satisfying x = X/ZZ -satisfying y = Y/ZZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc deleted file mode 100644 index e3f4775..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc +++ /dev/null @@ -1,11 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.3i) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute P = U2-U1 -compute R = S2-S1 -compute X3 = R^2-(U1+U2) P^2 -compute Y3 = R (U1 P^2-X3)-S1 P^3 -compute Z3 = Z1 Z2 P diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc.op3 deleted file mode 100644 index 9774366..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1986-cc.op3 +++ /dev/null @@ -1,24 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -P = U2-U1 -R = S2-S1 -t4 = U1+U2 -t5 = R^2 -t6 = P^2 -t7 = t4*t6 -X3 = t5-t7 -t8 = P^2 -t9 = U1*t8 -t10 = t9-X3 -t11 = P^3 -t12 = S1*t11 -t13 = R*t10 -Y3 = t13-t12 -t14 = Z2*P -Z3 = Z1*t14 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo deleted file mode 100644 index 681a723..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute H = U2-U1 -compute r = S2-S1 -compute X3 = r^2-H^3-2 U1 H^2 -compute Y3 = r (U1 H^2-X3)-S1 H^3 -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2 deleted file mode 100644 index 9d3659a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5), plus common-subexpression elimination -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute HH = H^2 -compute HHH = H HH -compute r = S2-S1 -compute V = U1 HH -compute X3 = r^2-HHH-2 V -compute Y3 = r (V-X3)-S1 HHH -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 439ab62..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,23 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -HH = H^2 -HHH = H*HH -r = S2-S1 -V = U1*HH -t2 = r^2 -t3 = 2*V -t4 = t2-HHH -X3 = t4-t3 -t5 = V-X3 -t6 = S1*HHH -t7 = r*t5 -Y3 = t7-t6 -t8 = Z2*H -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo.op3 deleted file mode 100644 index 2721e20..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,26 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -H = U2-U1 -r = S2-S1 -t4 = r^2 -t5 = H^3 -t6 = H^2 -t7 = U1*t6 -t8 = 2*t7 -t9 = t4-t5 -X3 = t9-t8 -t10 = H^2 -t11 = U1*t10 -t12 = t11-X3 -t13 = H^3 -t14 = S1*t13 -t15 = r*t12 -Y3 = t15-t14 -t16 = Z2*H -Z3 = Z1*t16 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm deleted file mode 100644 index 36c775f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm +++ /dev/null @@ -1,40 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -unified -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = X2 -compute R5 = Y2 -compute R6 = Z2 -compute R7 = R6^2 -compute R1 = R1 R7 -compute R7 = R6 R7 -compute R2 = R2 R7 -compute R7 = R3^2 -compute R8 = R4 R7 -compute R7 = R3 R7 -compute R7 = R5 R7 -compute R2 = R2-R7 -compute R7 = 2 R7 -compute R7 = R2+R7 -compute R1 = R1-R8 -compute R8 = 2 R8 -compute R8 = R1+R8 -compute R3 = R3 R6 -compute R3 = R3 R1 -compute R7 = R7 R1 -compute R1 = R1^2 -compute R8 = R8 R1 -compute R7 = R7 R1 -compute R1 = R2^2 -compute R1 = R1-R8 -compute R8 = R8-R1 -compute R8 = R8-R1 -compute R8 = R8 R2 -compute R2 = R8-R7 -compute R2 = half R2 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm.op3 deleted file mode 100644 index 5817e98..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-1998-hnm.op3 +++ /dev/null @@ -1,36 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = X2 -R5 = Y2 -R6 = Z2 -R7 = R6^2 -R1 = R1*R7 -R7 = R6*R7 -R2 = R2*R7 -R7 = R3^2 -R8 = R4*R7 -R7 = R3*R7 -R7 = R5*R7 -R2 = R2-R7 -R7 = 2*R7 -R7 = R2+R7 -R1 = R1-R8 -R8 = 2*R8 -R8 = R1+R8 -R3 = R3*R6 -R3 = R3*R1 -R7 = R7*R1 -R1 = R1^2 -R8 = R8*R1 -R7 = R7*R1 -R1 = R2^2 -R1 = R1-R8 -R8 = R8-R1 -R8 = R8-R1 -R8 = R8*R2 -R2 = R8-R7 -R2 = half*R2 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b deleted file mode 100644 index 0ae3011..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b +++ /dev/null @@ -1,19 +0,0 @@ -source 2001 Bernstein http://cr.yp.to/nistp224.html opt-idea53.c ecadd -unified -compute ZZ1 = Z1^2 -compute ZZZ1 = Z1 ZZ1 -compute ZZ2 = Z2^2 -compute ZZZ2 = Z2 ZZ2 -compute A = X1 ZZ2 -compute B = X2 ZZ1 -A -compute c = Y1 ZZZ2 -compute d = Y2 ZZZ1 -c -compute e = B^2 -compute f = B e -compute g = A e -compute h = Z1 Z2 -compute f2g = 2 g+f -compute X3 = d^2-f2g -compute Z3 = B h -compute gx = g-X3 -compute Y3 = d gx-c f diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b.op3 deleted file mode 100644 index 6f362a2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2001-b.op3 +++ /dev/null @@ -1,23 +0,0 @@ -ZZ1 = Z1^2 -ZZZ1 = Z1*ZZ1 -ZZ2 = Z2^2 -ZZZ2 = Z2*ZZ2 -A = X1*ZZ2 -t0 = X2*ZZ1 -B = t0-A -c = Y1*ZZZ2 -t1 = Y2*ZZZ1 -d = t1-c -e = B^2 -f = B*e -g = A*e -h = Z1*Z2 -t2 = 2*g -f2g = t2+f -t3 = d^2 -X3 = t3-f2g -Z3 = B*h -gx = g-X3 -t4 = c*f -t5 = d*gx -Y3 = t5-t4 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl deleted file mode 100644 index 29a4d50..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange; note that the improvement from 12M+4S to 11M+5S was already mentioned in 2001 Bernstein http://cr.yp.to/talks.html#2001.10.29 -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-S1) -compute V = U1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 S1 J -compute Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2) H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl.op3 deleted file mode 100644 index 89085ff..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/add-2007-bl.op3 +++ /dev/null @@ -1,29 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -t2 = 2*H -I = t2^2 -J = H*I -t3 = S2-S1 -r = 2*t3 -V = U1*I -t4 = r^2 -t5 = 2*V -t6 = t4-J -X3 = t6-t5 -t7 = V-X3 -t8 = S1*J -t9 = 2*t8 -t10 = r*t7 -Y3 = t10-t9 -t11 = Z1+Z2 -t12 = t11^2 -t13 = t12-Z1Z1 -t14 = t13-Z2Z2 -Z3 = t14*H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd deleted file mode 100644 index a7486ca..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd +++ /dev/null @@ -1,13 +0,0 @@ -assume Z2=1 -unified -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 Z1 H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv deleted file mode 100644 index f47ecf9..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv +++ /dev/null @@ -1,21 +0,0 @@ -source 2004 Hankerson--Menezes--Vanstone, page 91 -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = T1-X1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T3 = T1^2 -compute T4 = T3 T1 -compute T3 = T3 X1 -compute T1 = 2 T3 -compute X3 = T2^2 -compute X3 = X3-T1 -compute X3 = X3-T4 -compute T3 = T3-X3 -compute T3 = T3 T2 -compute T4 = T4 Y1 -compute Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv.op3 deleted file mode 100644 index 70a991f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2004-hmv.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = T1-X1 -T2 = T2-Y1 -Z3 = Z1*T1 -T3 = T1^2 -T4 = T3*T1 -T3 = T3*X1 -T1 = 2*T3 -X3 = T2^2 -X3 = X3-T1 -X3 = X3-T4 -T3 = T3-X3 -T3 = T3*T2 -T4 = T4*Y1 -Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl deleted file mode 100644 index 6e4a6f1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl +++ /dev/null @@ -1,15 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2=1 -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = (Z1+H)^2-Z1Z1-HH diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl.op3 deleted file mode 100644 index 958774f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -HH = H^2 -I = 4*HH -J = H*I -t1 = S2-Y1 -r = 2*t1 -V = X1*I -t2 = r^2 -t3 = 2*V -t4 = t2-J -X3 = t4-t3 -t5 = V-X3 -t6 = Y1*J -t7 = 2*t6 -t8 = r*t5 -Y3 = t8-t7 -t9 = Z1+H -t10 = t9^2 -t11 = t10-Z1Z1 -Z3 = t11-HH diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g deleted file mode 100644 index 0beec69..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g +++ /dev/null @@ -1,21 +0,0 @@ -source 2008 Giessmann -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = X1-T1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T4 = T1^2 -compute T1 = T1 T4 -compute T4 = T4 X1 -compute X3 = T2^2 -compute X3 = X3+T1 -compute Y3 = T1 Y1 -compute T1 = 2 T4 -compute X3 = X3-T1 -compute T4 = X3-T4 -compute T4 = T4 T2 -compute Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g.op3 deleted file mode 100644 index c0552ea..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd-2008-g.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = X1-T1 -T2 = T2-Y1 -Z3 = Z1*T1 -T4 = T1^2 -T1 = T1*T4 -T4 = T4*X1 -X3 = T2^2 -X3 = X3+T1 -Y3 = T1*Y1 -T1 = 2*T4 -X3 = X3-T1 -T4 = X3-T4 -T4 = T4*T2 -Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/madd.op3 deleted file mode 100644 index e33baa2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/madd.op3 +++ /dev/null @@ -1,22 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -t1 = 2*H -I = t1^2 -J = H*I -t2 = S2-Y1 -r = 2*t2 -V = X1*I -t3 = r^2 -t4 = 2*V -t5 = t3-J -X3 = t5-t4 -t6 = V-X3 -t7 = Y1*J -t8 = 2*t7 -t9 = r*t6 -Y3 = t9-t8 -t10 = Z1*H -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl deleted file mode 100644 index 73dbfbb..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z1=1 -assume Z2=1 -compute H = X2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (Y2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl.op3 deleted file mode 100644 index e91cc9f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/mmadd-2007-bl.op3 +++ /dev/null @@ -1,17 +0,0 @@ -H = X2-X1 -HH = H^2 -I = 4*HH -J = H*I -t0 = Y2-Y1 -r = 2*t0 -V = X1*I -t1 = r^2 -t2 = 2*V -t3 = t1-J -X3 = t3-t2 -t4 = V-X3 -t5 = Y1*J -t6 = 2*t5 -t7 = r*t4 -Y3 = t7-t6 -Z3 = 2*H diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m b/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m deleted file mode 100644 index 589d783..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m +++ /dev/null @@ -1,10 +0,0 @@ -source 2007 Meloni "New point addition formulae for ECC applications", page 192 -unified -assume Z1 = Z2 -compute A = (X2-X1)^2 -compute B = X1 A -compute C = X2 A -compute D = (Y2-Y1)^2 -compute X3 = D-B-C -compute Y3 = (Y2-Y1)(B-X3)-Y1(C-B) -compute Z3 = Z1(X2-X1) diff --git a/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m.op3 b/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m.op3 deleted file mode 100644 index afefe88..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/addition/zadd-2007-m.op3 +++ /dev/null @@ -1,16 +0,0 @@ -t0 = X2-X1 -A = t0^2 -B = X1*A -C = X2*A -t1 = Y2-Y1 -D = t1^2 -t2 = D-B -X3 = t2-C -t3 = Y2-Y1 -t4 = B-X3 -t5 = C-B -t6 = Y1*t5 -t7 = t3*t4 -Y3 = t7-t6 -t8 = X2-X1 -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc deleted file mode 100644 index 56fa583..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc +++ /dev/null @@ -1,7 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.2ii) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2 deleted file mode 100644 index 5a973d1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2 +++ /dev/null @@ -1,8 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.2ii) modified as indicated after "It is even smarter ..." -appliesto jacobian-3 -compute S = 4 X1 Y1^2 -compute M = 3(X1-Z1^2)(X1+Z1^2) -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2.op3 deleted file mode 100644 index 97715bf..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc-2.op3 +++ /dev/null @@ -1,20 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = Z1^2 -t3 = Z1^2 -t4 = X1-t2 -t5 = X1+t3 -t6 = t4*t5 -M = 3*t6 -t7 = M^2 -t8 = 2*S -T = t7-t8 -X3 = T -t9 = S-T -t10 = Y1^4 -t11 = 8*t10 -t12 = M*t9 -Y3 = t12-t11 -t13 = Y1*Z1 -Z3 = 2*t13 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1986-cc.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo deleted file mode 100644 index 448809a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo +++ /dev/null @@ -1,7 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 3757742..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6), plus common-subexpression elimination -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute S = 4 X1 YY -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YY^2 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index 0e80d93..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,20 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -t0 = X1*YY -S = 4*t0 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*XX -M = t3+t2 -t4 = M^2 -t5 = 2*S -T = t4-t5 -X3 = T -t6 = S-T -t7 = YY^2 -t8 = 8*t7 -t9 = M*t6 -Y3 = t9-t8 -t10 = Y1*Z1 -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm deleted file mode 100644 index 67375ba..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm +++ /dev/null @@ -1,29 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = R3^2 -compute R3 = R2 R3 -compute R3 = 2 R3 -compute R4 = R4^2 -compute R4 = a R4 -compute R5 = R1^2 -compute R4 = R4+R5 -compute R5 = 2 R5 -compute R4 = R4+R5 -compute R2 = 2 R2 -compute R2 = R2^2 -compute R5 = R2^2 -compute R5 = half R5 -compute R2 = R2 R1 -compute R1 = R4^2 -compute R1 = R1-R2 -compute R1 = R1-R2 -compute R2 = R2-R1 -compute R2 = R2 R4 -compute R2 = R2-R5 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2 deleted file mode 100644 index ead1425..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2 +++ /dev/null @@ -1,29 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -appliesto jacobian-3 -parameter half -assume 2*half=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = R3^2 -compute R3 = R2 R3 -compute R3 = 2 R3 -compute R5 = R1-R4 -compute R4 = R1+R4 -compute R5 = R4 R5 -compute R4 = 2 R5 -compute R4 = R4+R5 -compute R2 = 2 R2 -compute R2 = R2^2 -compute R5 = R2^2 -compute R5 = half R5 -compute R2 = R2 R1 -compute R1 = R4^2 -compute R1 = R1-R2 -compute R1 = R1-R2 -compute R2 = R2-R1 -compute R2 = R2 R4 -compute R2 = R2-R5 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2.op3 deleted file mode 100644 index 260c5d5..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm-2.op3 +++ /dev/null @@ -1,25 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = R3^2 -R3 = R2*R3 -R3 = 2*R3 -R5 = R1-R4 -R4 = R1+R4 -R5 = R4*R5 -R4 = 2*R5 -R4 = R4+R5 -R2 = 2*R2 -R2 = R2^2 -R5 = R2^2 -R5 = half*R5 -R2 = R2*R1 -R1 = R4^2 -R1 = R1-R2 -R1 = R1-R2 -R2 = R2-R1 -R2 = R2*R4 -R2 = R2-R5 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm.op3 deleted file mode 100644 index 003affc..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-1998-hnm.op3 +++ /dev/null @@ -1,26 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = R3^2 -R3 = R2*R3 -R3 = 2*R3 -R4 = R4^2 -R4 = a*R4 -R5 = R1^2 -R4 = R4+R5 -R5 = 2*R5 -R4 = R4+R5 -R2 = 2*R2 -R2 = R2^2 -R5 = R2^2 -R5 = half*R5 -R2 = R2*R1 -R1 = R4^2 -R1 = R1-R2 -R1 = R1-R2 -R2 = R2-R1 -R2 = R2*R4 -R2 = R2-R5 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b deleted file mode 100644 index a13f718..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b +++ /dev/null @@ -1,9 +0,0 @@ -source 2001 Bernstein "A software implementation of NIST P-224" -appliesto jacobian-3 -compute delta = Z1^2 -compute gamma = Y1^2 -compute beta = X1 gamma -compute alpha = 3 (X1-delta) (X1+delta) -compute X3 = alpha^2-8 beta -compute Z3 = (Y1+Z1)^2-gamma-delta -compute Y3 = alpha (4 beta-X3)-8 gamma^2 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b.op3 deleted file mode 100644 index 42e3a9a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2001-b.op3 +++ /dev/null @@ -1,20 +0,0 @@ -delta = Z1^2 -gamma = Y1^2 -beta = X1*gamma -t0 = X1-delta -t1 = X1+delta -t2 = t0*t1 -alpha = 3*t2 -t3 = alpha^2 -t4 = 8*beta -X3 = t3-t4 -t5 = Y1+Z1 -t6 = t5^2 -t7 = t6-gamma -Z3 = t7-delta -t8 = 4*beta -t9 = t8-X3 -t10 = gamma^2 -t11 = 8*t10 -t12 = alpha*t9 -Y3 = t12-t11 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv deleted file mode 100644 index f8902a4..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv +++ /dev/null @@ -1,21 +0,0 @@ -source 2004 Hankerson--Menezes--Vanstone, page 91 -appliesto jacobian-3 -parameter half -assume 2*half = 1 -compute T1 = Z1^2 -compute T2 = X1-T1 -compute T1 = X1+T1 -compute T2 = T2 T1 -compute T2 = 3 T2 -compute Y3 = 2 Y1 -compute Z3 = Y3 Z1 -compute Y3 = Y3^2 -compute T3 = Y3 X1 -compute Y3 = Y3^2 -compute Y3 = half Y3 -compute X3 = T2^2 -compute T1 = 2 T3 -compute X3 = X3-T1 -compute T1 = T3-X3 -compute T1 = T1 T2 -compute Y3 = T1-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv.op3 deleted file mode 100644 index cb78707..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2004-hmv.op3 +++ /dev/null @@ -1,17 +0,0 @@ -T1 = Z1^2 -T2 = X1-T1 -T1 = X1+T1 -T2 = T2*T1 -T2 = 3*T2 -Y3 = 2*Y1 -Z3 = Y3*Z1 -Y3 = Y3^2 -T3 = Y3*X1 -Y3 = Y3^2 -Y3 = half*Y3 -X3 = T2^2 -T1 = 2*T3 -X3 = X3-T1 -T1 = T3-X3 -T1 = T1*T2 -Y3 = T1-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl deleted file mode 100644 index e6ae5c6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute ZZ = Z1^2 -compute S = 2 ((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YYYY -compute Z3 = (Y1+Z1)^2-YY-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 7f76b36..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,25 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -ZZ = Z1^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = ZZ^2 -t5 = a*t4 -t6 = 3*XX -M = t6+t5 -t7 = M^2 -t8 = 2*S -T = t7-t8 -X3 = T -t9 = S-T -t10 = 8*YYYY -t11 = M*t9 -Y3 = t11-t10 -t12 = Y1+Z1 -t13 = t12^2 -t14 = t13-YY -Z3 = t14-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl deleted file mode 100644 index 5e3e22e..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1=1 -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute S = 2((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 YYYY -compute Z3 = 2 Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index df25bc2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,19 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = 3*XX -M = t4+a -t5 = M^2 -t6 = 2*S -T = t5-t6 -X3 = T -t7 = S-T -t8 = 8*YYYY -t9 = M*t7 -Y3 = t9-t8 -Z3 = 2*Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/negation/neg b/pyecsca/ec/efd/shortw/jacobian-3/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian-3/negation/neg.op3 b/pyecsca/ec/efd/shortw/jacobian-3/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian-3/scaling/z b/pyecsca/ec/efd/shortw/jacobian-3/scaling/z deleted file mode 100644 index 1e19284..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/scaling/z +++ /dev/null @@ -1,5 +0,0 @@ -compute A = 1/Z1 -compute AA = A^2 -compute X3 = X1*AA -compute Y3 = Y1*AA*A -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/scaling/z.op3 b/pyecsca/ec/efd/shortw/jacobian-3/scaling/z.op3 deleted file mode 100644 index 61856ec..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/scaling/z.op3 +++ /dev/null @@ -1,6 +0,0 @@ -A = 1/Z1 -AA = A^2 -X3 = X1*AA -t0 = AA*A -Y3 = Y1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim deleted file mode 100644 index a9c6d71..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim +++ /dev/null @@ -1,7 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra -compute M = 3 X1^2+a Z1^4 -compute E = 12 X1 Y1^2-M^2 -compute T = 8 Y1^4 -compute X3 = 8 Y1^2 (T-M E)+X1 E^2 -compute Y3 = Y1 (4 (M E-T) (2 T-M E)-E^3) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2 deleted file mode 100644 index 9eb1356..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra, plus common-subexpression elimination -compute ZZ = Z1^2 -compute YY = Y1^2 -compute C = 2 YY -compute M = 3 X1^2+a ZZ^2 -compute E = 6 X1 C-M^2 -compute EE = E^2 -compute T = 2 C^2 -compute U = M E-T -compute U4 = 4 U -compute X3 = X1 EE-C U4 -compute Y3 = Y1 (U4 (T-U)-E EE) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2.op3 deleted file mode 100644 index 3d3ae16..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim-2.op3 +++ /dev/null @@ -1,27 +0,0 @@ -ZZ = Z1^2 -YY = Y1^2 -C = 2*YY -t0 = X1^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = M^2 -t5 = X1*C -t6 = 6*t5 -E = t6-t4 -EE = E^2 -t7 = C^2 -T = 2*t7 -t8 = M*E -U = t8-T -U4 = 4*U -t9 = C*U4 -t10 = X1*EE -X3 = t10-t9 -t11 = T-U -t12 = E*EE -t13 = U4*t11 -t14 = t13-t12 -Y3 = Y1*t14 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim.op3 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim.op3 deleted file mode 100644 index a20c4fd..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2005-dim.op3 +++ /dev/null @@ -1,31 +0,0 @@ -t0 = X1^2 -t1 = Z1^4 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = Y1^2 -t5 = M^2 -t6 = X1*t4 -t7 = 12*t6 -E = t7-t5 -t8 = Y1^4 -T = 8*t8 -t9 = M*E -t10 = T-t9 -t11 = Y1^2 -t12 = E^2 -t13 = X1*t12 -t14 = t11*t10 -t15 = 8*t14 -X3 = t15+t13 -t16 = M*E -t17 = 2*T -t18 = M*E -t19 = t18-T -t20 = t17-t16 -t21 = E^3 -t22 = t19*t20 -t23 = 4*t22 -t24 = t23-t21 -Y3 = Y1*t24 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl deleted file mode 100644 index ad53ad1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute YYYY = YY^2 -compute M = 3 XX+a ZZ^2 -compute MM = M^2 -compute E = 6 ((X1+YY)^2-XX-YYYY)-MM -compute EE = E^2 -compute T = 16 YYYY -compute U = (M+E)^2-MM-EE-T -compute X3 = 4 (X1 EE-4 YY U) -compute Y3 = 8 Y1 (U (T-U)-E EE) -compute Z3 = (Z1+E)^2-ZZ-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2 deleted file mode 100644 index b76f081..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2 +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -appliesto jacobian-3 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute YYYY = YY^2 -compute M = 3 (X1-ZZ) (X1+ZZ) -compute MM = M^2 -compute E = 12 X1 YY-MM -compute EE = E^2 -compute T = 16 YYYY -compute U = (M+E)^2-MM-EE-T -compute X3 = 4 (X1 EE-4 YY U) -compute Y3 = 8 Y1 (U (T-U)-E EE) -compute Z3 = (Z1+E)^2-ZZ-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2.op3 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2.op3 deleted file mode 100644 index f10d8b4..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl-2.op3 +++ /dev/null @@ -1,33 +0,0 @@ -YY = Y1^2 -ZZ = Z1^2 -YYYY = YY^2 -t0 = X1-ZZ -t1 = X1+ZZ -t2 = t0*t1 -M = 3*t2 -MM = M^2 -t3 = X1*YY -t4 = 12*t3 -E = t4-MM -EE = E^2 -T = 16*YYYY -t5 = M+E -t6 = t5^2 -t7 = t6-MM -t8 = t7-EE -U = t8-T -t9 = YY*U -t10 = 4*t9 -t11 = X1*EE -t12 = t11-t10 -X3 = 4*t12 -t13 = T-U -t14 = E*EE -t15 = U*t13 -t16 = t15-t14 -t17 = Y1*t16 -Y3 = 8*t17 -t18 = Z1+E -t19 = t18^2 -t20 = t19-ZZ -Z3 = t20-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl.op3 deleted file mode 100644 index 5a1cda6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/tripling/tpl-2007-bl.op3 +++ /dev/null @@ -1,37 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -YYYY = YY^2 -t0 = ZZ^2 -t1 = a*t0 -t2 = 3*XX -M = t2+t1 -MM = M^2 -t3 = X1+YY -t4 = t3^2 -t5 = t4-XX -t6 = t5-YYYY -t7 = 6*t6 -E = t7-MM -EE = E^2 -T = 16*YYYY -t8 = M+E -t9 = t8^2 -t10 = t9-MM -t11 = t10-EE -U = t11-T -t12 = YY*U -t13 = 4*t12 -t14 = X1*EE -t15 = t14-t13 -X3 = 4*t15 -t16 = T-U -t17 = E*EE -t18 = U*t16 -t19 = t18-t17 -t20 = Y1*t19 -Y3 = 8*t20 -t21 = Z1+E -t22 = t21^2 -t23 = t22-ZZ -Z3 = t23-EE diff --git a/pyecsca/ec/efd/shortw/jacobian-3/variables b/pyecsca/ec/efd/shortw/jacobian-3/variables deleted file mode 100644 index 397e688..0000000 --- a/pyecsca/ec/efd/shortw/jacobian-3/variables +++ /dev/null @@ -1,12 +0,0 @@ -name Jacobian coordinates with a4=-3 -assume a = -3 -variable X -variable Y -variable Z -neutral X = 1 -neutral Y = 1 -neutral Z = 0 -satisfying ZZ = Z^2 -satisfying ZZZ = ZZ*Z -satisfying x = X/ZZ -satisfying y = Y/ZZZ diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc b/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc deleted file mode 100644 index e3f4775..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc +++ /dev/null @@ -1,11 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.3i) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute P = U2-U1 -compute R = S2-S1 -compute X3 = R^2-(U1+U2) P^2 -compute Y3 = R (U1 P^2-X3)-S1 P^3 -compute Z3 = Z1 Z2 P diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc.op3 deleted file mode 100644 index 9774366..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1986-cc.op3 +++ /dev/null @@ -1,24 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -P = U2-U1 -R = S2-S1 -t4 = U1+U2 -t5 = R^2 -t6 = P^2 -t7 = t4*t6 -X3 = t5-t7 -t8 = P^2 -t9 = U1*t8 -t10 = t9-X3 -t11 = P^3 -t12 = S1*t11 -t13 = R*t10 -Y3 = t13-t12 -t14 = Z2*P -Z3 = Z1*t14 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo deleted file mode 100644 index 681a723..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5) -unified -compute U1 = X1 Z2^2 -compute U2 = X2 Z1^2 -compute S1 = Y1 Z2^3 -compute S2 = Y2 Z1^3 -compute H = U2-U1 -compute r = S2-S1 -compute X3 = r^2-H^3-2 U1 H^2 -compute Y3 = r (U1 H^2-X3)-S1 H^3 -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2 deleted file mode 100644 index 9d3659a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (5), plus common-subexpression elimination -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute HH = H^2 -compute HHH = H HH -compute r = S2-S1 -compute V = U1 HH -compute X3 = r^2-HHH-2 V -compute Y3 = r (V-X3)-S1 HHH -compute Z3 = Z1 Z2 H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 439ab62..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,23 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -HH = H^2 -HHH = H*HH -r = S2-S1 -V = U1*HH -t2 = r^2 -t3 = 2*V -t4 = t2-HHH -X3 = t4-t3 -t5 = V-X3 -t6 = S1*HHH -t7 = r*t5 -Y3 = t7-t6 -t8 = Z2*H -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo.op3 deleted file mode 100644 index 2721e20..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,26 +0,0 @@ -t0 = Z2^2 -U1 = X1*t0 -t1 = Z1^2 -U2 = X2*t1 -t2 = Z2^3 -S1 = Y1*t2 -t3 = Z1^3 -S2 = Y2*t3 -H = U2-U1 -r = S2-S1 -t4 = r^2 -t5 = H^3 -t6 = H^2 -t7 = U1*t6 -t8 = 2*t7 -t9 = t4-t5 -X3 = t9-t8 -t10 = H^2 -t11 = U1*t10 -t12 = t11-X3 -t13 = H^3 -t14 = S1*t13 -t15 = r*t12 -Y3 = t15-t14 -t16 = Z2*H -Z3 = Z1*t16 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm deleted file mode 100644 index 36c775f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm +++ /dev/null @@ -1,40 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -unified -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = X2 -compute R5 = Y2 -compute R6 = Z2 -compute R7 = R6^2 -compute R1 = R1 R7 -compute R7 = R6 R7 -compute R2 = R2 R7 -compute R7 = R3^2 -compute R8 = R4 R7 -compute R7 = R3 R7 -compute R7 = R5 R7 -compute R2 = R2-R7 -compute R7 = 2 R7 -compute R7 = R2+R7 -compute R1 = R1-R8 -compute R8 = 2 R8 -compute R8 = R1+R8 -compute R3 = R3 R6 -compute R3 = R3 R1 -compute R7 = R7 R1 -compute R1 = R1^2 -compute R8 = R8 R1 -compute R7 = R7 R1 -compute R1 = R2^2 -compute R1 = R1-R8 -compute R8 = R8-R1 -compute R8 = R8-R1 -compute R8 = R8 R2 -compute R2 = R8-R7 -compute R2 = half R2 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm.op3 deleted file mode 100644 index 5817e98..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-1998-hnm.op3 +++ /dev/null @@ -1,36 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = X2 -R5 = Y2 -R6 = Z2 -R7 = R6^2 -R1 = R1*R7 -R7 = R6*R7 -R2 = R2*R7 -R7 = R3^2 -R8 = R4*R7 -R7 = R3*R7 -R7 = R5*R7 -R2 = R2-R7 -R7 = 2*R7 -R7 = R2+R7 -R1 = R1-R8 -R8 = 2*R8 -R8 = R1+R8 -R3 = R3*R6 -R3 = R3*R1 -R7 = R7*R1 -R1 = R1^2 -R8 = R8*R1 -R7 = R7*R1 -R1 = R2^2 -R1 = R1-R8 -R8 = R8-R1 -R8 = R8-R1 -R8 = R8*R2 -R2 = R8-R7 -R2 = half*R2 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b b/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b deleted file mode 100644 index 0ae3011..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b +++ /dev/null @@ -1,19 +0,0 @@ -source 2001 Bernstein http://cr.yp.to/nistp224.html opt-idea53.c ecadd -unified -compute ZZ1 = Z1^2 -compute ZZZ1 = Z1 ZZ1 -compute ZZ2 = Z2^2 -compute ZZZ2 = Z2 ZZ2 -compute A = X1 ZZ2 -compute B = X2 ZZ1 -A -compute c = Y1 ZZZ2 -compute d = Y2 ZZZ1 -c -compute e = B^2 -compute f = B e -compute g = A e -compute h = Z1 Z2 -compute f2g = 2 g+f -compute X3 = d^2-f2g -compute Z3 = B h -compute gx = g-X3 -compute Y3 = d gx-c f diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b.op3 deleted file mode 100644 index 6f362a2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-2001-b.op3 +++ /dev/null @@ -1,23 +0,0 @@ -ZZ1 = Z1^2 -ZZZ1 = Z1*ZZ1 -ZZ2 = Z2^2 -ZZZ2 = Z2*ZZ2 -A = X1*ZZ2 -t0 = X2*ZZ1 -B = t0-A -c = Y1*ZZZ2 -t1 = Y2*ZZZ1 -d = t1-c -e = B^2 -f = B*e -g = A*e -h = Z1*Z2 -t2 = 2*g -f2g = t2+f -t3 = d^2 -X3 = t3-f2g -Z3 = B*h -gx = g-X3 -t4 = c*f -t5 = d*gx -Y3 = t5-t4 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl b/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl deleted file mode 100644 index 29a4d50..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl +++ /dev/null @@ -1,16 +0,0 @@ -source 2007 Bernstein--Lange; note that the improvement from 12M+4S to 11M+5S was already mentioned in 2001 Bernstein http://cr.yp.to/talks.html#2001.10.29 -unified -compute Z1Z1 = Z1^2 -compute Z2Z2 = Z2^2 -compute U1 = X1 Z2Z2 -compute U2 = X2 Z1Z1 -compute S1 = Y1 Z2 Z2Z2 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-U1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-S1) -compute V = U1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 S1 J -compute Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2) H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl.op3 deleted file mode 100644 index 89085ff..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/add-2007-bl.op3 +++ /dev/null @@ -1,29 +0,0 @@ -Z1Z1 = Z1^2 -Z2Z2 = Z2^2 -U1 = X1*Z2Z2 -U2 = X2*Z1Z1 -t0 = Z2*Z2Z2 -S1 = Y1*t0 -t1 = Z1*Z1Z1 -S2 = Y2*t1 -H = U2-U1 -t2 = 2*H -I = t2^2 -J = H*I -t3 = S2-S1 -r = 2*t3 -V = U1*I -t4 = r^2 -t5 = 2*V -t6 = t4-J -X3 = t6-t5 -t7 = V-X3 -t8 = S1*J -t9 = 2*t8 -t10 = r*t7 -Y3 = t10-t9 -t11 = Z1+Z2 -t12 = t11^2 -t13 = t12-Z1Z1 -t14 = t13-Z2Z2 -Z3 = t14*H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd b/pyecsca/ec/efd/shortw/jacobian/addition/madd deleted file mode 100644 index a7486ca..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd +++ /dev/null @@ -1,13 +0,0 @@ -assume Z2=1 -unified -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute I = (2 H)^2 -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 Z1 H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv deleted file mode 100644 index f47ecf9..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv +++ /dev/null @@ -1,21 +0,0 @@ -source 2004 Hankerson--Menezes--Vanstone, page 91 -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = T1-X1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T3 = T1^2 -compute T4 = T3 T1 -compute T3 = T3 X1 -compute T1 = 2 T3 -compute X3 = T2^2 -compute X3 = X3-T1 -compute X3 = X3-T4 -compute T3 = T3-X3 -compute T3 = T3 T2 -compute T4 = T4 Y1 -compute Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv.op3 deleted file mode 100644 index 70a991f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2004-hmv.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = T1-X1 -T2 = T2-Y1 -Z3 = Z1*T1 -T3 = T1^2 -T4 = T3*T1 -T3 = T3*X1 -T1 = 2*T3 -X3 = T2^2 -X3 = X3-T1 -X3 = X3-T4 -T3 = T3-X3 -T3 = T3*T2 -T4 = T4*Y1 -Y3 = T3-T4 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl deleted file mode 100644 index 6e4a6f1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl +++ /dev/null @@ -1,15 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z2=1 -compute Z1Z1 = Z1^2 -compute U2 = X2 Z1Z1 -compute S2 = Y2 Z1 Z1Z1 -compute H = U2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (S2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = (Z1+H)^2-Z1Z1-HH diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl.op3 deleted file mode 100644 index 958774f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -HH = H^2 -I = 4*HH -J = H*I -t1 = S2-Y1 -r = 2*t1 -V = X1*I -t2 = r^2 -t3 = 2*V -t4 = t2-J -X3 = t4-t3 -t5 = V-X3 -t6 = Y1*J -t7 = 2*t6 -t8 = r*t5 -Y3 = t8-t7 -t9 = Z1+H -t10 = t9^2 -t11 = t10-Z1Z1 -Z3 = t11-HH diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g deleted file mode 100644 index 0beec69..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g +++ /dev/null @@ -1,21 +0,0 @@ -source 2008 Giessmann -unified -assume Z2=1 -compute T1 = Z1^2 -compute T2 = T1 Z1 -compute T1 = T1 X2 -compute T2 = T2 Y2 -compute T1 = X1-T1 -compute T2 = T2-Y1 -compute Z3 = Z1 T1 -compute T4 = T1^2 -compute T1 = T1 T4 -compute T4 = T4 X1 -compute X3 = T2^2 -compute X3 = X3+T1 -compute Y3 = T1 Y1 -compute T1 = 2 T4 -compute X3 = X3-T1 -compute T4 = X3-T4 -compute T4 = T4 T2 -compute Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g.op3 deleted file mode 100644 index c0552ea..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd-2008-g.op3 +++ /dev/null @@ -1,18 +0,0 @@ -T1 = Z1^2 -T2 = T1*Z1 -T1 = T1*X2 -T2 = T2*Y2 -T1 = X1-T1 -T2 = T2-Y1 -Z3 = Z1*T1 -T4 = T1^2 -T1 = T1*T4 -T4 = T4*X1 -X3 = T2^2 -X3 = X3+T1 -Y3 = T1*Y1 -T1 = 2*T4 -X3 = X3-T1 -T4 = X3-T4 -T4 = T4*T2 -Y3 = T4-Y3 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/madd.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/madd.op3 deleted file mode 100644 index e33baa2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/madd.op3 +++ /dev/null @@ -1,22 +0,0 @@ -Z1Z1 = Z1^2 -U2 = X2*Z1Z1 -t0 = Z1*Z1Z1 -S2 = Y2*t0 -H = U2-X1 -t1 = 2*H -I = t1^2 -J = H*I -t2 = S2-Y1 -r = 2*t2 -V = X1*I -t3 = r^2 -t4 = 2*V -t5 = t3-J -X3 = t5-t4 -t6 = V-X3 -t7 = Y1*J -t8 = 2*t7 -t9 = r*t6 -Y3 = t9-t8 -t10 = Z1*H -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl b/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl deleted file mode 100644 index 73dbfbb..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -unified -assume Z1=1 -assume Z2=1 -compute H = X2-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2 (Y2-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r (V-X3)-2 Y1 J -compute Z3 = 2 H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl.op3 deleted file mode 100644 index e91cc9f..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/mmadd-2007-bl.op3 +++ /dev/null @@ -1,17 +0,0 @@ -H = X2-X1 -HH = H^2 -I = 4*HH -J = H*I -t0 = Y2-Y1 -r = 2*t0 -V = X1*I -t1 = r^2 -t2 = 2*V -t3 = t1-J -X3 = t3-t2 -t4 = V-X3 -t5 = Y1*J -t6 = 2*t5 -t7 = r*t4 -Y3 = t7-t6 -Z3 = 2*H diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m b/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m deleted file mode 100644 index 589d783..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m +++ /dev/null @@ -1,10 +0,0 @@ -source 2007 Meloni "New point addition formulae for ECC applications", page 192 -unified -assume Z1 = Z2 -compute A = (X2-X1)^2 -compute B = X1 A -compute C = X2 A -compute D = (Y2-Y1)^2 -compute X3 = D-B-C -compute Y3 = (Y2-Y1)(B-X3)-Y1(C-B) -compute Z3 = Z1(X2-X1) diff --git a/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m.op3 b/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m.op3 deleted file mode 100644 index afefe88..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/addition/zadd-2007-m.op3 +++ /dev/null @@ -1,16 +0,0 @@ -t0 = X2-X1 -A = t0^2 -B = X1*A -C = X2*A -t1 = Y2-Y1 -D = t1^2 -t2 = D-B -X3 = t2-C -t3 = Y2-Y1 -t4 = B-X3 -t5 = C-B -t6 = Y1*t5 -t7 = t3*t4 -Y3 = t7-t6 -t8 = X2-X1 -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc deleted file mode 100644 index 56fa583..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc +++ /dev/null @@ -1,7 +0,0 @@ -source 1986 Chudnovsky--Chudnovsky "Sequences of numbers generated by addition in formal groups and new primality and factorization tests", page 414, formula (4.2ii) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1986-cc.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo deleted file mode 100644 index 448809a..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo +++ /dev/null @@ -1,7 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6) -compute S = 4 X1 Y1^2 -compute M = 3 X1^2+a Z1^4 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 Y1^4 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 3757742..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (6), plus common-subexpression elimination -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute S = 4 X1 YY -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YY^2 -compute Z3 = 2 Y1 Z1 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index 0e80d93..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,20 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -t0 = X1*YY -S = 4*t0 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*XX -M = t3+t2 -t4 = M^2 -t5 = 2*S -T = t4-t5 -X3 = T -t6 = S-T -t7 = YY^2 -t8 = 8*t7 -t9 = M*t6 -Y3 = t9-t8 -t10 = Y1*Z1 -Z3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index 7d564ae..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = Y1^2 -t1 = X1*t0 -S = 4*t1 -t2 = X1^2 -t3 = Z1^4 -t4 = a*t3 -t5 = 3*t2 -M = t5+t4 -t6 = M^2 -t7 = 2*S -T = t6-t7 -X3 = T -t8 = S-T -t9 = Y1^4 -t10 = 8*t9 -t11 = M*t8 -Y3 = t11-t10 -t12 = Y1*Z1 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm deleted file mode 100644 index 67375ba..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm +++ /dev/null @@ -1,29 +0,0 @@ -source 1998 Hasegawa--Nakajima--Matsui, page 188 -parameter half -assume half*2=1 -compute R1 = X1 -compute R2 = Y1 -compute R3 = Z1 -compute R4 = R3^2 -compute R3 = R2 R3 -compute R3 = 2 R3 -compute R4 = R4^2 -compute R4 = a R4 -compute R5 = R1^2 -compute R4 = R4+R5 -compute R5 = 2 R5 -compute R4 = R4+R5 -compute R2 = 2 R2 -compute R2 = R2^2 -compute R5 = R2^2 -compute R5 = half R5 -compute R2 = R2 R1 -compute R1 = R4^2 -compute R1 = R1-R2 -compute R1 = R1-R2 -compute R2 = R2-R1 -compute R2 = R2 R4 -compute R2 = R2-R5 -compute X3 = R1 -compute Y3 = R2 -compute Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm.op3 deleted file mode 100644 index 003affc..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-1998-hnm.op3 +++ /dev/null @@ -1,26 +0,0 @@ -R1 = X1 -R2 = Y1 -R3 = Z1 -R4 = R3^2 -R3 = R2*R3 -R3 = 2*R3 -R4 = R4^2 -R4 = a*R4 -R5 = R1^2 -R4 = R4+R5 -R5 = 2*R5 -R4 = R4+R5 -R2 = 2*R2 -R2 = R2^2 -R5 = R2^2 -R5 = half*R5 -R2 = R2*R1 -R1 = R4^2 -R1 = R1-R2 -R1 = R1-R2 -R2 = R2-R1 -R2 = R2*R4 -R2 = R2-R5 -X3 = R1 -Y3 = R2 -Z3 = R3 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl deleted file mode 100644 index e6ae5c6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute ZZ = Z1^2 -compute S = 2 ((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a ZZ^2 -compute T = M^2-2 S -compute X3 = T -compute Y3 = M (S-T)-8 YYYY -compute Z3 = (Y1+Z1)^2-YY-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 7f76b36..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,25 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -ZZ = Z1^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = ZZ^2 -t5 = a*t4 -t6 = 3*XX -M = t6+t5 -t7 = M^2 -t8 = 2*S -T = t7-t8 -X3 = T -t9 = S-T -t10 = 8*YYYY -t11 = M*t9 -Y3 = t11-t10 -t12 = Y1+Z1 -t13 = t12^2 -t14 = t13-YY -Z3 = t14-ZZ diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl deleted file mode 100644 index 5e3e22e..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1=1 -compute XX = X1^2 -compute YY = Y1^2 -compute YYYY = YY^2 -compute S = 2((X1+YY)^2-XX-YYYY) -compute M = 3 XX+a -compute T = M^2-2 S -compute X3 = T -compute Y3 = M(S-T)-8 YYYY -compute Z3 = 2 Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index df25bc2..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,19 +0,0 @@ -XX = X1^2 -YY = Y1^2 -YYYY = YY^2 -t0 = X1+YY -t1 = t0^2 -t2 = t1-XX -t3 = t2-YYYY -S = 2*t3 -t4 = 3*XX -M = t4+a -t5 = M^2 -t6 = 2*S -T = t5-t6 -X3 = T -t7 = S-T -t8 = 8*YYYY -t9 = M*t7 -Y3 = t9-t8 -Z3 = 2*Y1 diff --git a/pyecsca/ec/efd/shortw/jacobian/negation/neg b/pyecsca/ec/efd/shortw/jacobian/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian/negation/neg.op3 b/pyecsca/ec/efd/shortw/jacobian/negation/neg.op3 deleted file mode 100644 index a0d0b56..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1 -T3 = T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/jacobian/scaling/z b/pyecsca/ec/efd/shortw/jacobian/scaling/z deleted file mode 100644 index 1e19284..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/scaling/z +++ /dev/null @@ -1,5 +0,0 @@ -compute A = 1/Z1 -compute AA = A^2 -compute X3 = X1*AA -compute Y3 = Y1*AA*A -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian/scaling/z.op3 b/pyecsca/ec/efd/shortw/jacobian/scaling/z.op3 deleted file mode 100644 index 61856ec..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/scaling/z.op3 +++ /dev/null @@ -1,6 +0,0 @@ -A = 1/Z1 -AA = A^2 -X3 = X1*AA -t0 = AA*A -Y3 = Y1*t0 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim deleted file mode 100644 index a9c6d71..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim +++ /dev/null @@ -1,7 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra -compute M = 3 X1^2+a Z1^4 -compute E = 12 X1 Y1^2-M^2 -compute T = 8 Y1^4 -compute X3 = 8 Y1^2 (T-M E)+X1 E^2 -compute Y3 = Y1 (4 (M E-T) (2 T-M E)-E^3) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2 b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2 deleted file mode 100644 index 9eb1356..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2005 Dimitrov--Imbert--Mishra, plus common-subexpression elimination -compute ZZ = Z1^2 -compute YY = Y1^2 -compute C = 2 YY -compute M = 3 X1^2+a ZZ^2 -compute E = 6 X1 C-M^2 -compute EE = E^2 -compute T = 2 C^2 -compute U = M E-T -compute U4 = 4 U -compute X3 = X1 EE-C U4 -compute Y3 = Y1 (U4 (T-U)-E EE) -compute Z3 = Z1 E diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2.op3 b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2.op3 deleted file mode 100644 index 3d3ae16..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim-2.op3 +++ /dev/null @@ -1,27 +0,0 @@ -ZZ = Z1^2 -YY = Y1^2 -C = 2*YY -t0 = X1^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = M^2 -t5 = X1*C -t6 = 6*t5 -E = t6-t4 -EE = E^2 -t7 = C^2 -T = 2*t7 -t8 = M*E -U = t8-T -U4 = 4*U -t9 = C*U4 -t10 = X1*EE -X3 = t10-t9 -t11 = T-U -t12 = E*EE -t13 = U4*t11 -t14 = t13-t12 -Y3 = Y1*t14 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim.op3 b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim.op3 deleted file mode 100644 index a20c4fd..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2005-dim.op3 +++ /dev/null @@ -1,31 +0,0 @@ -t0 = X1^2 -t1 = Z1^4 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = Y1^2 -t5 = M^2 -t6 = X1*t4 -t7 = 12*t6 -E = t7-t5 -t8 = Y1^4 -T = 8*t8 -t9 = M*E -t10 = T-t9 -t11 = Y1^2 -t12 = E^2 -t13 = X1*t12 -t14 = t11*t10 -t15 = 8*t14 -X3 = t15+t13 -t16 = M*E -t17 = 2*T -t18 = M*E -t19 = t18-T -t20 = t17-t16 -t21 = E^3 -t22 = t19*t20 -t23 = 4*t22 -t24 = t23-t21 -Y3 = Y1*t24 -Z3 = Z1*E diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl deleted file mode 100644 index ad53ad1..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute YY = Y1^2 -compute ZZ = Z1^2 -compute YYYY = YY^2 -compute M = 3 XX+a ZZ^2 -compute MM = M^2 -compute E = 6 ((X1+YY)^2-XX-YYYY)-MM -compute EE = E^2 -compute T = 16 YYYY -compute U = (M+E)^2-MM-EE-T -compute X3 = 4 (X1 EE-4 YY U) -compute Y3 = 8 Y1 (U (T-U)-E EE) -compute Z3 = (Z1+E)^2-ZZ-EE diff --git a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl.op3 b/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl.op3 deleted file mode 100644 index 5a1cda6..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/tripling/tpl-2007-bl.op3 +++ /dev/null @@ -1,37 +0,0 @@ -XX = X1^2 -YY = Y1^2 -ZZ = Z1^2 -YYYY = YY^2 -t0 = ZZ^2 -t1 = a*t0 -t2 = 3*XX -M = t2+t1 -MM = M^2 -t3 = X1+YY -t4 = t3^2 -t5 = t4-XX -t6 = t5-YYYY -t7 = 6*t6 -E = t7-MM -EE = E^2 -T = 16*YYYY -t8 = M+E -t9 = t8^2 -t10 = t9-MM -t11 = t10-EE -U = t11-T -t12 = YY*U -t13 = 4*t12 -t14 = X1*EE -t15 = t14-t13 -X3 = 4*t15 -t16 = T-U -t17 = E*EE -t18 = U*t16 -t19 = t18-t17 -t20 = Y1*t19 -Y3 = 8*t20 -t21 = Z1+E -t22 = t21^2 -t23 = t22-ZZ -Z3 = t23-EE diff --git a/pyecsca/ec/efd/shortw/jacobian/variables b/pyecsca/ec/efd/shortw/jacobian/variables deleted file mode 100644 index 86123a8..0000000 --- a/pyecsca/ec/efd/shortw/jacobian/variables +++ /dev/null @@ -1,11 +0,0 @@ -name Jacobian coordinates -variable X -variable Y -variable Z -neutral X = 1 -neutral Y = 1 -neutral Z = 0 -satisfying ZZ = Z^2 -satisfying ZZZ = ZZ*Z -satisfying x = X/ZZ -satisfying y = Y/ZZZ diff --git a/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2 deleted file mode 100644 index a21fc64..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2 +++ /dev/null @@ -1,18 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (9), plus common-subexpression elimination -unified -compute ZZ1 = Z1^2 -compute ZZ2 = Z2^2 -compute U1 = X1 ZZ2 -compute U2 = X2 ZZ1 -compute S1 = Y1 Z2 ZZ2 -compute S2 = Y2 Z1 ZZ1 -compute H = U2-U1 -compute HH = H^2 -compute HHH = H HH -compute r = S2-S1 -compute V = U1 HH -compute X3 = r^2-HHH-2 V -compute Y3 = r(V-X3)-S1 HHH -compute Z3 = Z1 Z2 H -compute ZZ3 = Z3^2 -compute T3 = a ZZ3^2 diff --git a/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 4a5447e..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,26 +0,0 @@ -ZZ1 = Z1^2 -ZZ2 = Z2^2 -U1 = X1*ZZ2 -U2 = X2*ZZ1 -t0 = Z2*ZZ2 -S1 = Y1*t0 -t1 = Z1*ZZ1 -S2 = Y2*t1 -H = U2-U1 -HH = H^2 -HHH = H*HH -r = S2-S1 -V = U1*HH -t2 = r^2 -t3 = 2*V -t4 = t2-HHH -X3 = t4-t3 -t5 = V-X3 -t6 = S1*HHH -t7 = r*t5 -Y3 = t7-t6 -t8 = Z2*H -Z3 = Z1*t8 -ZZ3 = Z3^2 -t9 = ZZ3^2 -T3 = a*t9 diff --git a/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl b/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl deleted file mode 100644 index 1f9edb0..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl +++ /dev/null @@ -1,18 +0,0 @@ -source 2009.04.01 Bernstein--Lange -unified -compute ZZ1 = Z1^2 -compute ZZ2 = Z2^2 -compute U1 = X1 ZZ2 -compute U2 = X2 ZZ1 -compute S1 = Y1 Z2 ZZ2 -compute S2 = Y2 Z1 ZZ1 -compute H = U2-U1 -compute I = (2 H)^2 -compute J = H I -compute r = 2(S2-S1) -compute V = U1 I -compute X3 = r^2-J-2 V -compute Y3 = r(V-X3)-2 S1 J -compute Z3 = ((Z1+Z2)^2-ZZ1-ZZ2) H -compute ZZ3 = Z3^2 -compute T3 = a ZZ3^2 diff --git a/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl.op3 b/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl.op3 deleted file mode 100644 index 01e4981..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/add-2009-bl.op3 +++ /dev/null @@ -1,32 +0,0 @@ -ZZ1 = Z1^2 -ZZ2 = Z2^2 -U1 = X1*ZZ2 -U2 = X2*ZZ1 -t0 = Z2*ZZ2 -S1 = Y1*t0 -t1 = Z1*ZZ1 -S2 = Y2*t1 -H = U2-U1 -t2 = 2*H -I = t2^2 -J = H*I -t3 = S2-S1 -r = 2*t3 -V = U1*I -t4 = r^2 -t5 = 2*V -t6 = t4-J -X3 = t6-t5 -t7 = V-X3 -t8 = S1*J -t9 = 2*t8 -t10 = r*t7 -Y3 = t10-t9 -t11 = Z1+Z2 -t12 = t11^2 -t13 = t12-ZZ1 -t14 = t13-ZZ2 -Z3 = t14*H -ZZ3 = Z3^2 -t15 = ZZ3^2 -T3 = a*t15 diff --git a/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl b/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl deleted file mode 100644 index fc0a386..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl +++ /dev/null @@ -1,15 +0,0 @@ -source 2009.04.27 Bernstein--Lange -unified -assume Z2 = 1 -compute ZZ1 = Z1^2 -compute H = X2 ZZ1-X1 -compute HH = H^2 -compute I = 4 HH -compute J = H I -compute r = 2(Y2 Z1 ZZ1-Y1) -compute V = X1 I -compute X3 = r^2-J-2 V -compute Y3 = r(V-X3)-2 Y1 J -compute Z3 = (Z1+H)^2 - ZZ1 - HH -compute ZZ3 = Z3^2 -compute T3 = a ZZ3^2 diff --git a/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl.op3 b/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl.op3 deleted file mode 100644 index 0df3bad..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/madd-2009-bl.op3 +++ /dev/null @@ -1,27 +0,0 @@ -ZZ1 = Z1^2 -t0 = X2*ZZ1 -H = t0-X1 -HH = H^2 -I = 4*HH -J = H*I -t1 = Z1*ZZ1 -t2 = Y2*t1 -t3 = t2-Y1 -r = 2*t3 -V = X1*I -t4 = r^2 -t5 = 2*V -t6 = t4-J -X3 = t6-t5 -t7 = V-X3 -t8 = Y1*J -t9 = 2*t8 -t10 = r*t7 -Y3 = t10-t9 -t11 = Z1+H -t12 = t11^2 -t13 = t12-ZZ1 -Z3 = t13-HH -ZZ3 = Z3^2 -t14 = ZZ3^2 -T3 = a*t14 diff --git a/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl b/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl deleted file mode 100644 index b87ffd4..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl +++ /dev/null @@ -1,15 +0,0 @@ -source 2009.04.27 Bernstein--Lange -unified -assume Z1 = 1 -assume Z2 = 1 -compute H = X2-X1 -compute HH = H^2 -compute HHHH = HH^2 -compute Z3 = 2 H -compute ZZ3 = 4 HH -compute J = 2 ((H+HH)^2-HH-HHHH) -compute r = 2(Y2-Y1) -compute V = X1 ZZ3 -compute X3 = r^2-J-2 V -compute Y3 = r(V-X3)-2 Y1 J -compute T3 = 16 a HHHH diff --git a/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl.op3 b/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl.op3 deleted file mode 100644 index c02e86d..0000000 --- a/pyecsca/ec/efd/shortw/modified/addition/mmadd-2009-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -H = X2-X1 -HH = H^2 -HHHH = HH^2 -Z3 = 2*H -ZZ3 = 4*HH -t0 = H+HH -t1 = t0^2 -t2 = t1-HH -t3 = t2-HHHH -J = 2*t3 -t4 = Y2-Y1 -r = 2*t4 -V = X1*ZZ3 -t5 = r^2 -t6 = 2*V -t7 = t5-J -X3 = t7-t6 -t8 = V-X3 -t9 = Y1*J -t10 = 2*t9 -t11 = r*t8 -Y3 = t11-t10 -t12 = a*HHHH -T3 = 16*t12 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 98649fa..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (10), plus common-subexpression elimination -compute XX = X1^2 -compute YY = Y1^2 -compute U = 8 YY^2 -compute S = 4 X1 YY -compute M = 3 XX + T1 -compute X3 = M^2 - 2 S -compute Y3 = M(S-X3)-U -compute Z3 = 2 Y1 Z1 -compute T3 = 2 U T1 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index 4dd1108..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,18 +0,0 @@ -XX = X1^2 -YY = Y1^2 -t0 = YY^2 -U = 8*t0 -t1 = X1*YY -S = 4*t1 -t2 = 3*XX -M = t2+T1 -t3 = M^2 -t4 = 2*S -X3 = t3-t4 -t5 = S-X3 -t6 = M*t5 -Y3 = t6-U -t7 = Y1*Z1 -Z3 = 2*t7 -t8 = U*T1 -T3 = 2*t8 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl b/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl deleted file mode 100644 index 37d2d62..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl +++ /dev/null @@ -1,11 +0,0 @@ -source 2009.04.01 Bernstein--Lange -compute XX = X1^2 -compute A = 2 Y1^2 -compute AA = A^2 -compute U = 2 AA -compute S = (X1+A)^2-XX-AA -compute M = 3 XX + T1 -compute X3 = M^2 - 2 S -compute Y3 = M(S-X3)-U -compute Z3 = 2 Y1 Z1 -compute T3 = 2 U T1 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl.op3 b/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl.op3 deleted file mode 100644 index 76e93f3..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/dbl-2009-bl.op3 +++ /dev/null @@ -1,21 +0,0 @@ -XX = X1^2 -t0 = Y1^2 -A = 2*t0 -AA = A^2 -U = 2*AA -t1 = X1+A -t2 = t1^2 -t3 = t2-XX -S = t3-AA -t4 = 3*XX -M = t4+T1 -t5 = M^2 -t6 = 2*S -X3 = t5-t6 -t7 = S-X3 -t8 = M*t7 -Y3 = t8-U -t9 = Y1*Z1 -Z3 = 2*t9 -t10 = U*T1 -T3 = 2*t10 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl b/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl deleted file mode 100644 index 5bab0c6..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl +++ /dev/null @@ -1,12 +0,0 @@ -source 2009.04.27 Bernstein--Lange -assume Z1 = 1 -compute XX = X1^2 -compute A = 2 Y1^2 -compute AA = A^2 -compute U = 2 AA -compute S = (X1+A)^2-XX-AA -compute M = 3 XX + T1 -compute X3 = M^2 - 2 S -compute Y3 = M(S-X3)-U -compute Z3 = 2 Y1 -compute T3 = 2 U T1 diff --git a/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl.op3 b/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl.op3 deleted file mode 100644 index 315b4e9..0000000 --- a/pyecsca/ec/efd/shortw/modified/doubling/mdbl-2009-bl.op3 +++ /dev/null @@ -1,20 +0,0 @@ -XX = X1^2 -t0 = Y1^2 -A = 2*t0 -AA = A^2 -U = 2*AA -t1 = X1+A -t2 = t1^2 -t3 = t2-XX -S = t3-AA -t4 = 3*XX -M = t4+T1 -t5 = M^2 -t6 = 2*S -X3 = t5-t6 -t7 = S-X3 -t8 = M*t7 -Y3 = t8-U -Z3 = 2*Y1 -t9 = U*T1 -T3 = 2*t9 diff --git a/pyecsca/ec/efd/shortw/modified/negation/neg b/pyecsca/ec/efd/shortw/modified/negation/neg deleted file mode 100644 index 3fa5633..0000000 --- a/pyecsca/ec/efd/shortw/modified/negation/neg +++ /dev/null @@ -1,4 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1 -compute T3 = T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/modified/negation/neg.op3 b/pyecsca/ec/efd/shortw/modified/negation/neg.op3 deleted file mode 100644 index 8cf3a56..0000000 --- a/pyecsca/ec/efd/shortw/modified/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1 -T3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/modified/variables b/pyecsca/ec/efd/shortw/modified/variables deleted file mode 100644 index d97d2ff..0000000 --- a/pyecsca/ec/efd/shortw/modified/variables +++ /dev/null @@ -1,10 +0,0 @@ -name modified Jacobian coordinates -variable X -variable Y -variable Z -variable T -satisfying ZZ = Z^2 -satisfying ZZZ = ZZ*Z -satisfying x = X/ZZ -satisfying y = Y/ZZZ -satisfying T = a*Z^4 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo deleted file mode 100644 index c16503b..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3) -unified -compute u = Y2 Z1-Y1 Z2 -compute v = X2 Z1-X1 Z2 -compute A = u^2 Z1 Z2-v^3-2 v^2 X1 Z2 -compute X3 = v A -compute Y3 = u(v^2 X1 Z2-A)-v^3 Y1 Z2 -compute Z3 = v^3 Z1 Z2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2 deleted file mode 100644 index 882e46c..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2 +++ /dev/null @@ -1,15 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination -unified -compute Y1Z2 = Y1 Z2 -compute X1Z2 = X1 Z2 -compute Z1Z2 = Z1 Z2 -compute u = Y2 Z1-Y1Z2 -compute uu = u^2 -compute v = X2 Z1-X1Z2 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1Z2 -compute A = uu Z1Z2-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1Z2 -compute Z3 = vvv Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 8bce53b..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,21 +0,0 @@ -Y1Z2 = Y1*Z2 -X1Z2 = X1*Z2 -Z1Z2 = Z1*Z2 -t0 = Y2*Z1 -u = t0-Y1Z2 -uu = u^2 -t1 = X2*Z1 -v = t1-X1Z2 -vv = v^2 -vvv = v*vv -R = vv*X1Z2 -t2 = 2*R -t3 = uu*Z1Z2 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1Z2 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo.op3 deleted file mode 100644 index 636efb8..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,29 +0,0 @@ -t0 = Y1*Z2 -t1 = Y2*Z1 -u = t1-t0 -t2 = X1*Z2 -t3 = X2*Z1 -v = t3-t2 -t4 = u^2 -t5 = v^3 -t6 = v^2 -t7 = X1*Z2 -t8 = t6*t7 -t9 = 2*t8 -t10 = Z1*Z2 -t11 = t4*t10 -t12 = t11-t5 -A = t12-t9 -X3 = v*A -t13 = v^2 -t14 = X1*Z2 -t15 = t13*t14 -t16 = t15-A -t17 = v^3 -t18 = Y1*Z2 -t19 = t17*t18 -t20 = u*t16 -Y3 = t20-t19 -t21 = v^3 -t22 = Z1*Z2 -Z3 = t21*t22 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj b/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj deleted file mode 100644 index dcb3c31..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj +++ /dev/null @@ -1,17 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", page 339 -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute M = S1+S2 -compute R = T^2-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute G = T L -compute W = R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-L^2 -compute Z3 = 2 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2 b/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2 deleted file mode 100644 index 262f9f5..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2 +++ /dev/null @@ -1,18 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", page 340 -unified -appliesto projective-1 -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute M = S1+S2 -compute R = (T-ZZ)(T+ZZ)-U1 U2 -compute F = ZZ M -compute L = M F -compute G = T L -compute W = R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-L^2 -compute Z3 = 2 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2.op3 deleted file mode 100644 index d7c6b7f..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj-2.op3 +++ /dev/null @@ -1,27 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -M = S1+S2 -t0 = T-ZZ -t1 = T+ZZ -t2 = U1*U2 -t3 = t0*t1 -R = t3-t2 -F = ZZ*M -L = M*F -G = T*L -t4 = R^2 -W = t4-G -t5 = F*W -X3 = 2*t5 -t6 = 2*W -t7 = G-t6 -t8 = L^2 -t9 = R*t7 -Y3 = t9-t8 -t10 = F^2 -t11 = F*t10 -Z3 = 2*t11 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj.op3 deleted file mode 100644 index 106050d..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2002-bj.op3 +++ /dev/null @@ -1,28 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -M = S1+S2 -t0 = T^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = U1*U2 -t4 = t0-t3 -R = t4+t2 -F = ZZ*M -L = M*F -G = T*L -t5 = R^2 -W = t5-G -t6 = F*W -X3 = 2*t6 -t7 = 2*W -t8 = G-t7 -t9 = L^2 -t10 = R*t8 -Y3 = t10-t9 -t11 = F^2 -t12 = F*t11 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl b/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl deleted file mode 100644 index 8995c9c..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl +++ /dev/null @@ -1,19 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute TT = T^2 -compute M = S1+S2 -compute R = TT-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute LL = L^2 -compute G = (T+L)^2-TT-LL -compute W = 2 R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-2 LL -compute Z3 = 4 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl.op3 deleted file mode 100644 index c0ef8ae..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/add-2007-bl.op3 +++ /dev/null @@ -1,33 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -TT = T^2 -M = S1+S2 -t0 = ZZ^2 -t1 = a*t0 -t2 = U1*U2 -t3 = TT-t2 -R = t3+t1 -F = ZZ*M -L = M*F -LL = L^2 -t4 = T+L -t5 = t4^2 -t6 = t5-TT -G = t6-LL -t7 = R^2 -t8 = 2*t7 -W = t8-G -t9 = F*W -X3 = 2*t9 -t10 = 2*W -t11 = G-t10 -t12 = 2*LL -t13 = R*t11 -Y3 = t13-t12 -t14 = F^2 -t15 = F*t14 -Z3 = 4*t15 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo b/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo deleted file mode 100644 index 36fa78a..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo +++ /dev/null @@ -1,13 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination, plus Z2=1 -unified -assume Z2 = 1 -compute u = Y2 Z1-Y1 -compute uu = u^2 -compute v = X2 Z1-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu Z1-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv Z1 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo.op3 deleted file mode 100644 index 01c5120..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/madd-1998-cmo.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Y2*Z1 -u = t0-Y1 -uu = u^2 -t1 = X2*Z1 -v = t1-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t2 = 2*R -t3 = uu*Z1 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1 diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo b/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo deleted file mode 100644 index a62c90b..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo +++ /dev/null @@ -1,14 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", plus Z1=1, plus Z2=1, plus common-subexpression elimination -unified -assume Z1 = 1 -assume Z2 = 1 -compute u = Y2-Y1 -compute uu = u^2 -compute v = X2-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo.op3 deleted file mode 100644 index 81c18df..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/addition/mmadd-1998-cmo.op3 +++ /dev/null @@ -1,15 +0,0 @@ -u = Y2-Y1 -uu = u^2 -v = X2-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t0 = 2*R -t1 = uu-vvv -A = t1-t0 -X3 = v*A -t2 = R-A -t3 = vvv*Y1 -t4 = u*t2 -Y3 = t4-t3 -Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo deleted file mode 100644 index 3e4fa95..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4) -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute B = X1 Y1 s -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 Y1^2 s^2 -compute Z3 = 8 s^3 diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 8434d52..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4), plus common-subexpression elimination -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute B = X1 R -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 R^2 -compute Z3 = 8 sss diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index efd0f9d..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -ss = s^2 -sss = s*ss -R = Y1*s -B = X1*R -t4 = w^2 -t5 = 8*B -h = t4-t5 -t6 = h*s -X3 = 2*t6 -t7 = 4*B -t8 = t7-h -t9 = R^2 -t10 = 8*t9 -t11 = w*t8 -Y3 = t11-t10 -Z3 = 8*sss diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index ab986d6..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -t4 = Y1*s -B = X1*t4 -t5 = w^2 -t6 = 8*B -h = t5-t6 -t7 = h*s -X3 = 2*t7 -t8 = 4*B -t9 = t8-h -t10 = Y1^2 -t11 = s^2 -t12 = t10*t11 -t13 = 8*t12 -t14 = w*t9 -Y3 = t14-t13 -t15 = s^3 -Z3 = 8*t15 diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl deleted file mode 100644 index e962f44..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute ZZ = Z1^2 -compute w = a ZZ+3 XX -compute s = 2 Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = h s -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 76c96f6..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -XX = X1^2 -ZZ = Z1^2 -t0 = 3*XX -t1 = a*ZZ -w = t1+t0 -t2 = Y1*Z1 -s = 2*t2 -ss = s^2 -sss = s*ss -R = Y1*s -RR = R^2 -t3 = X1+R -t4 = t3^2 -t5 = t4-XX -B = t5-RR -t6 = w^2 -t7 = 2*B -h = t6-t7 -X3 = h*s -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl deleted file mode 100644 index 2f5508a..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1 = 1 -compute XX = X1^2 -compute w = a+3 XX -compute Y1Y1 = Y1^2 -compute R = 2 Y1Y1 -compute sss = 4 Y1 R -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = 2 h Y1 -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index 193dc77..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,22 +0,0 @@ -XX = X1^2 -t0 = 3*XX -w = a+t0 -Y1Y1 = Y1^2 -R = 2*Y1Y1 -t1 = Y1*R -sss = 4*t1 -RR = R^2 -t2 = X1+R -t3 = t2^2 -t4 = t3-XX -B = t4-RR -t5 = w^2 -t6 = 2*B -h = t5-t6 -t7 = h*Y1 -X3 = 2*t7 -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-1/negation/neg b/pyecsca/ec/efd/shortw/projective-1/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-1/negation/neg.op3 b/pyecsca/ec/efd/shortw/projective-1/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-1/scaling/z b/pyecsca/ec/efd/shortw/projective-1/scaling/z deleted file mode 100644 index 668bd3b..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/scaling/z +++ /dev/null @@ -1,4 +0,0 @@ -compute A = 1/Z1 -compute X3 = A X1 -compute Y3 = A Y1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective-1/scaling/z.op3 b/pyecsca/ec/efd/shortw/projective-1/scaling/z.op3 deleted file mode 100644 index c6e9140..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/scaling/z.op3 +++ /dev/null @@ -1,4 +0,0 @@ -A = 1/Z1 -X3 = A*X1 -Y3 = A*Y1 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective-1/variables b/pyecsca/ec/efd/shortw/projective-1/variables deleted file mode 100644 index f807365..0000000 --- a/pyecsca/ec/efd/shortw/projective-1/variables +++ /dev/null @@ -1,10 +0,0 @@ -name projective coordinates with a4=-1 -assume a = -1 -variable X -variable Y -variable Z -neutral X = 0 -neutral Y = 1 -neutral Z = 0 -satisfying x = X/Z -satisfying y = Y/Z diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo deleted file mode 100644 index c16503b..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3) -unified -compute u = Y2 Z1-Y1 Z2 -compute v = X2 Z1-X1 Z2 -compute A = u^2 Z1 Z2-v^3-2 v^2 X1 Z2 -compute X3 = v A -compute Y3 = u(v^2 X1 Z2-A)-v^3 Y1 Z2 -compute Z3 = v^3 Z1 Z2 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2 deleted file mode 100644 index 882e46c..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2 +++ /dev/null @@ -1,15 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination -unified -compute Y1Z2 = Y1 Z2 -compute X1Z2 = X1 Z2 -compute Z1Z2 = Z1 Z2 -compute u = Y2 Z1-Y1Z2 -compute uu = u^2 -compute v = X2 Z1-X1Z2 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1Z2 -compute A = uu Z1Z2-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1Z2 -compute Z3 = vvv Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 8bce53b..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,21 +0,0 @@ -Y1Z2 = Y1*Z2 -X1Z2 = X1*Z2 -Z1Z2 = Z1*Z2 -t0 = Y2*Z1 -u = t0-Y1Z2 -uu = u^2 -t1 = X2*Z1 -v = t1-X1Z2 -vv = v^2 -vvv = v*vv -R = vv*X1Z2 -t2 = 2*R -t3 = uu*Z1Z2 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1Z2 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo.op3 deleted file mode 100644 index 636efb8..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,29 +0,0 @@ -t0 = Y1*Z2 -t1 = Y2*Z1 -u = t1-t0 -t2 = X1*Z2 -t3 = X2*Z1 -v = t3-t2 -t4 = u^2 -t5 = v^3 -t6 = v^2 -t7 = X1*Z2 -t8 = t6*t7 -t9 = 2*t8 -t10 = Z1*Z2 -t11 = t4*t10 -t12 = t11-t5 -A = t12-t9 -X3 = v*A -t13 = v^2 -t14 = X1*Z2 -t15 = t13*t14 -t16 = t15-A -t17 = v^3 -t18 = Y1*Z2 -t19 = t17*t18 -t20 = u*t16 -Y3 = t20-t19 -t21 = v^3 -t22 = Z1*Z2 -Z3 = t21*t22 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj b/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj deleted file mode 100644 index dcb3c31..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj +++ /dev/null @@ -1,17 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", page 339 -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute M = S1+S2 -compute R = T^2-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute G = T L -compute W = R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-L^2 -compute Z3 = 2 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj.op3 deleted file mode 100644 index 106050d..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2002-bj.op3 +++ /dev/null @@ -1,28 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -M = S1+S2 -t0 = T^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = U1*U2 -t4 = t0-t3 -R = t4+t2 -F = ZZ*M -L = M*F -G = T*L -t5 = R^2 -W = t5-G -t6 = F*W -X3 = 2*t6 -t7 = 2*W -t8 = G-t7 -t9 = L^2 -t10 = R*t8 -Y3 = t10-t9 -t11 = F^2 -t12 = F*t11 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl b/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl deleted file mode 100644 index 8995c9c..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl +++ /dev/null @@ -1,19 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute TT = T^2 -compute M = S1+S2 -compute R = TT-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute LL = L^2 -compute G = (T+L)^2-TT-LL -compute W = 2 R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-2 LL -compute Z3 = 4 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl.op3 deleted file mode 100644 index c0ef8ae..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2007-bl.op3 +++ /dev/null @@ -1,33 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -TT = T^2 -M = S1+S2 -t0 = ZZ^2 -t1 = a*t0 -t2 = U1*U2 -t3 = TT-t2 -R = t3+t1 -F = ZZ*M -L = M*F -LL = L^2 -t4 = T+L -t5 = t4^2 -t6 = t5-TT -G = t6-LL -t7 = R^2 -t8 = 2*t7 -W = t8-G -t9 = F*W -X3 = 2*t9 -t10 = 2*W -t11 = G-t10 -t12 = 2*LL -t13 = R*t11 -Y3 = t13-t12 -t14 = F^2 -t15 = F*t14 -Z3 = 4*t15 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb deleted file mode 100644 index e4d0c32..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb +++ /dev/null @@ -1,45 +0,0 @@ -source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (4) -unified -compute t0 = X1 X2 -compute t1 = Y1 Y2 -compute t2 = Z1 Z2 -compute t3 = X1 + Y1 -compute t4 = X2 + Y2 -compute t3 = t3 t4 -compute t4 = t0 + t1 -compute t3 = t3 - t4 -compute t4 = Y1 + Z1 -compute X3 = Y2 + Z2 -compute t4 = t4 * X3 -compute X3 = t1 + t2 -compute t4 = t4 - X3 -compute X3 = X1 + Z1 -compute Y3 = X2 + Z2 -compute X3 = X3 Y3 -compute Y3 = t0 + t2 -compute Y3 = X3 - Y3 -compute Z3 = b t2 -compute X3 = Y3 - Z3 -compute Z3 = X3 + X3 -compute X3 = X3 + Z3 -compute Z3 = t1 - X3 -compute X3 = t1 + X3 -compute Y3 = b Y3 -compute t1 = t2 + t2 -compute t2 = t1 + t2 -compute Y3 = Y3 - t2 -compute Y3 = Y3 - t0 -compute t1 = Y3 + Y3 -compute Y3 = t1 + Y3 -compute t1 = t0 + t0 -compute t0 = t1 + t0 -compute t0 = t0 - t2 -compute t1 = t4 Y3 -compute t2 = t0 Y3 -compute Y3 = X3 Z3 -compute Y3 = Y3 + t2 -compute X3 = t3 X3 -compute X3 = X3 - t1 -compute Z3 = t4 Z3 -compute t1 = t3 t0 -compute Z3 = Z3 + t1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3 deleted file mode 100644 index 0cd47b3..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3 +++ /dev/null @@ -1,43 +0,0 @@ -t0 = X1*X2 -t1 = Y1*Y2 -t2 = Z1*Z2 -t3 = X1+Y1 -t4 = X2+Y2 -t3 = t3*t4 -t4 = t0+t1 -t3 = t3-t4 -t4 = Y1+Z1 -X3 = Y2+Z2 -t4 = t4*X3 -X3 = t1+t2 -t4 = t4-X3 -X3 = X1+Z1 -Y3 = X2+Z2 -X3 = X3*Y3 -Y3 = t0+t2 -Y3 = X3-Y3 -Z3 = b*t2 -X3 = Y3-Z3 -Z3 = X3+X3 -X3 = X3+Z3 -Z3 = t1-X3 -X3 = t1+X3 -Y3 = b*Y3 -t1 = t2+t2 -t2 = t1+t2 -Y3 = Y3-t2 -Y3 = Y3-t0 -t1 = Y3+Y3 -Y3 = t1+Y3 -t1 = t0+t0 -t0 = t1+t0 -t0 = t0-t2 -t1 = t4*Y3 -t2 = t0*Y3 -Y3 = X3*Z3 -Y3 = Y3+t2 -X3 = t3*X3 -X3 = X3-t1 -Z3 = t4*Z3 -t1 = t3*t0 -Z3 = Z3+t1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo b/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo deleted file mode 100644 index 36fa78a..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo +++ /dev/null @@ -1,13 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination, plus Z2=1 -unified -assume Z2 = 1 -compute u = Y2 Z1-Y1 -compute uu = u^2 -compute v = X2 Z1-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu Z1-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv Z1 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo.op3 deleted file mode 100644 index 01c5120..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/madd-1998-cmo.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Y2*Z1 -u = t0-Y1 -uu = u^2 -t1 = X2*Z1 -v = t1-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t2 = 2*R -t3 = uu*Z1 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1 diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo b/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo deleted file mode 100644 index a62c90b..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo +++ /dev/null @@ -1,14 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", plus Z1=1, plus Z2=1, plus common-subexpression elimination -unified -assume Z1 = 1 -assume Z2 = 1 -compute u = Y2-Y1 -compute uu = u^2 -compute v = X2-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo.op3 deleted file mode 100644 index 81c18df..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/addition/mmadd-1998-cmo.op3 +++ /dev/null @@ -1,15 +0,0 @@ -u = Y2-Y1 -uu = u^2 -v = X2-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t0 = 2*R -t1 = uu-vvv -A = t1-t0 -X3 = v*A -t2 = R-A -t3 = vvv*Y1 -t4 = u*t2 -Y3 = t4-t3 -Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo deleted file mode 100644 index 3e4fa95..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4) -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute B = X1 Y1 s -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 Y1^2 s^2 -compute Z3 = 8 s^3 diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 8434d52..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4), plus common-subexpression elimination -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute B = X1 R -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 R^2 -compute Z3 = 8 sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index efd0f9d..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -ss = s^2 -sss = s*ss -R = Y1*s -B = X1*R -t4 = w^2 -t5 = 8*B -h = t4-t5 -t6 = h*s -X3 = 2*t6 -t7 = 4*B -t8 = t7-h -t9 = R^2 -t10 = 8*t9 -t11 = w*t8 -Y3 = t11-t10 -Z3 = 8*sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index ab986d6..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -t4 = Y1*s -B = X1*t4 -t5 = w^2 -t6 = 8*B -h = t5-t6 -t7 = h*s -X3 = 2*t7 -t8 = 4*B -t9 = t8-h -t10 = Y1^2 -t11 = s^2 -t12 = t10*t11 -t13 = 8*t12 -t14 = w*t9 -Y3 = t14-t13 -t15 = s^3 -Z3 = 8*t15 diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl deleted file mode 100644 index e962f44..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute ZZ = Z1^2 -compute w = a ZZ+3 XX -compute s = 2 Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = h s -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2 deleted file mode 100644 index d84e116..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -appliesto projective-3 -compute w = 3(X1-Z1)(X1+Z1) -compute s = 2 Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute RR = R^2 -compute B = 2 X1 R -compute h = w^2-2 B -compute X3 = h s -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2.op3 deleted file mode 100644 index 8e2f540..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl-2.op3 +++ /dev/null @@ -1,21 +0,0 @@ -t0 = X1-Z1 -t1 = X1+Z1 -t2 = t0*t1 -w = 3*t2 -t3 = Y1*Z1 -s = 2*t3 -ss = s^2 -sss = s*ss -R = Y1*s -RR = R^2 -t4 = X1*R -B = 2*t4 -t5 = w^2 -t6 = 2*B -h = t5-t6 -X3 = h*s -t7 = B-h -t8 = 2*RR -t9 = w*t7 -Y3 = t9-t8 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 76c96f6..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -XX = X1^2 -ZZ = Z1^2 -t0 = 3*XX -t1 = a*ZZ -w = t1+t0 -t2 = Y1*Z1 -s = 2*t2 -ss = s^2 -sss = s*ss -R = Y1*s -RR = R^2 -t3 = X1+R -t4 = t3^2 -t5 = t4-XX -B = t5-RR -t6 = w^2 -t7 = 2*B -h = t6-t7 -X3 = h*s -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb deleted file mode 100644 index 2147637..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb +++ /dev/null @@ -1,35 +0,0 @@ -source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (6) -compute t0 = X1^2 -compute t1 = Y1^2 -compute t2 = Z1^2 -compute t3 = X1 Y1 -compute t3 = t3 + t3 -compute Z3 = X1 Z1 -compute Z3 = Z3 + Z3 -compute Y3 = b t2 -compute Y3 = Y3 - Z3 -compute X3 = Y3 + Y3 -compute Y3 = Y3 + X3 -compute X3 = t1 - Y3 -compute Y3 = t1 + Y3 -compute Y3 = X3 Y3 -compute X3 = X3 t3 -compute t3 = t2 + t2 -compute t2 = t2 + t3 -compute Z3 = b Z3 -compute Z3 = Z3 - t2 -compute Z3 = Z3 - t0 -compute t3 = Z3 + Z3 -compute Z3 = Z3 + t3 -compute t3 = t0 + t0 -compute t0 = t3 + t0 -compute t0 = t0 - t2 -compute t0 = t0 Z3 -compute Y3 = Y3 + t0 -compute t0 = Y1 Z1 -compute t0 = t0 + t0 -compute Z3 = t0 Z3 -compute X3 = X3 - Z3 -compute Z3 = t0 t1 -compute Z3 = Z3 + Z3 -compute Z3 = Z3 + Z3
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3 deleted file mode 100644 index afc2056..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3 +++ /dev/null @@ -1,34 +0,0 @@ -t0 = X1^2 -t1 = Y1^2 -t2 = Z1^2 -t3 = X1*Y1 -t3 = t3+t3 -Z3 = X1*Z1 -Z3 = Z3+Z3 -Y3 = b*t2 -Y3 = Y3-Z3 -X3 = Y3+Y3 -Y3 = Y3+X3 -X3 = t1-Y3 -Y3 = t1+Y3 -Y3 = X3*Y3 -X3 = X3*t3 -t3 = t2+t2 -t2 = t2+t3 -Z3 = b*Z3 -Z3 = Z3-t2 -Z3 = Z3-t0 -t3 = Z3+Z3 -Z3 = Z3+t3 -t3 = t0+t0 -t0 = t3+t0 -t0 = t0-t2 -t0 = t0*Z3 -Y3 = Y3+t0 -t0 = Y1*Z1 -t0 = t0+t0 -Z3 = t0*Z3 -X3 = X3-Z3 -Z3 = t0*t1 -Z3 = Z3+Z3 -Z3 = Z3+Z3
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl deleted file mode 100644 index 2f5508a..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1 = 1 -compute XX = X1^2 -compute w = a+3 XX -compute Y1Y1 = Y1^2 -compute R = 2 Y1Y1 -compute sss = 4 Y1 R -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = 2 h Y1 -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index 193dc77..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,22 +0,0 @@ -XX = X1^2 -t0 = 3*XX -w = a+t0 -Y1Y1 = Y1^2 -R = 2*Y1Y1 -t1 = Y1*R -sss = 4*t1 -RR = R^2 -t2 = X1+R -t3 = t2^2 -t4 = t3-XX -B = t4-RR -t5 = w^2 -t6 = 2*B -h = t5-t6 -t7 = h*Y1 -X3 = 2*t7 -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective-3/negation/neg b/pyecsca/ec/efd/shortw/projective-3/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/negation/neg.op3 b/pyecsca/ec/efd/shortw/projective-3/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective-3/scaling/z b/pyecsca/ec/efd/shortw/projective-3/scaling/z deleted file mode 100644 index 668bd3b..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/scaling/z +++ /dev/null @@ -1,4 +0,0 @@ -compute A = 1/Z1 -compute X3 = A X1 -compute Y3 = A Y1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective-3/scaling/z.op3 b/pyecsca/ec/efd/shortw/projective-3/scaling/z.op3 deleted file mode 100644 index c6e9140..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/scaling/z.op3 +++ /dev/null @@ -1,4 +0,0 @@ -A = 1/Z1 -X3 = A*X1 -Y3 = A*Y1 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective-3/variables b/pyecsca/ec/efd/shortw/projective-3/variables deleted file mode 100644 index 2458576..0000000 --- a/pyecsca/ec/efd/shortw/projective-3/variables +++ /dev/null @@ -1,10 +0,0 @@ -name projective coordinates with a4=-3 -assume a = -3 -variable X -variable Y -variable Z -neutral X = 0 -neutral Y = 1 -neutral Z = 0 -satisfying x = X/Z -satisfying y = Y/Z diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo b/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo deleted file mode 100644 index c16503b..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3) -unified -compute u = Y2 Z1-Y1 Z2 -compute v = X2 Z1-X1 Z2 -compute A = u^2 Z1 Z2-v^3-2 v^2 X1 Z2 -compute X3 = v A -compute Y3 = u(v^2 X1 Z2-A)-v^3 Y1 Z2 -compute Z3 = v^3 Z1 Z2 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2 deleted file mode 100644 index 882e46c..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2 +++ /dev/null @@ -1,15 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination -unified -compute Y1Z2 = Y1 Z2 -compute X1Z2 = X1 Z2 -compute Z1Z2 = Z1 Z2 -compute u = Y2 Z1-Y1Z2 -compute uu = u^2 -compute v = X2 Z1-X1Z2 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1Z2 -compute A = uu Z1Z2-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1Z2 -compute Z3 = vvv Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2.op3 deleted file mode 100644 index 8bce53b..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo-2.op3 +++ /dev/null @@ -1,21 +0,0 @@ -Y1Z2 = Y1*Z2 -X1Z2 = X1*Z2 -Z1Z2 = Z1*Z2 -t0 = Y2*Z1 -u = t0-Y1Z2 -uu = u^2 -t1 = X2*Z1 -v = t1-X1Z2 -vv = v^2 -vvv = v*vv -R = vv*X1Z2 -t2 = 2*R -t3 = uu*Z1Z2 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1Z2 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1Z2 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo.op3 deleted file mode 100644 index 636efb8..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-1998-cmo.op3 +++ /dev/null @@ -1,29 +0,0 @@ -t0 = Y1*Z2 -t1 = Y2*Z1 -u = t1-t0 -t2 = X1*Z2 -t3 = X2*Z1 -v = t3-t2 -t4 = u^2 -t5 = v^3 -t6 = v^2 -t7 = X1*Z2 -t8 = t6*t7 -t9 = 2*t8 -t10 = Z1*Z2 -t11 = t4*t10 -t12 = t11-t5 -A = t12-t9 -X3 = v*A -t13 = v^2 -t14 = X1*Z2 -t15 = t13*t14 -t16 = t15-A -t17 = v^3 -t18 = Y1*Z2 -t19 = t17*t18 -t20 = u*t16 -Y3 = t20-t19 -t21 = v^3 -t22 = Z1*Z2 -Z3 = t21*t22 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj b/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj deleted file mode 100644 index dcb3c31..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj +++ /dev/null @@ -1,17 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", page 339 -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute M = S1+S2 -compute R = T^2-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute G = T L -compute W = R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-L^2 -compute Z3 = 2 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj.op3 deleted file mode 100644 index 106050d..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2002-bj.op3 +++ /dev/null @@ -1,28 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -M = S1+S2 -t0 = T^2 -t1 = ZZ^2 -t2 = a*t1 -t3 = U1*U2 -t4 = t0-t3 -R = t4+t2 -F = ZZ*M -L = M*F -G = T*L -t5 = R^2 -W = t5-G -t6 = F*W -X3 = 2*t6 -t7 = 2*W -t8 = G-t7 -t9 = L^2 -t10 = R*t8 -Y3 = t10-t9 -t11 = F^2 -t12 = F*t11 -Z3 = 2*t12 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl b/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl deleted file mode 100644 index 8995c9c..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl +++ /dev/null @@ -1,19 +0,0 @@ -source 2007 Bernstein--Lange -unified -compute U1 = X1 Z2 -compute U2 = X2 Z1 -compute S1 = Y1 Z2 -compute S2 = Y2 Z1 -compute ZZ = Z1 Z2 -compute T = U1+U2 -compute TT = T^2 -compute M = S1+S2 -compute R = TT-U1 U2+a ZZ^2 -compute F = ZZ M -compute L = M F -compute LL = L^2 -compute G = (T+L)^2-TT-LL -compute W = 2 R^2-G -compute X3 = 2 F W -compute Y3 = R(G-2 W)-2 LL -compute Z3 = 4 F F^2 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl.op3 deleted file mode 100644 index c0ef8ae..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2007-bl.op3 +++ /dev/null @@ -1,33 +0,0 @@ -U1 = X1*Z2 -U2 = X2*Z1 -S1 = Y1*Z2 -S2 = Y2*Z1 -ZZ = Z1*Z2 -T = U1+U2 -TT = T^2 -M = S1+S2 -t0 = ZZ^2 -t1 = a*t0 -t2 = U1*U2 -t3 = TT-t2 -R = t3+t1 -F = ZZ*M -L = M*F -LL = L^2 -t4 = T+L -t5 = t4^2 -t6 = t5-TT -G = t6-LL -t7 = R^2 -t8 = 2*t7 -W = t8-G -t9 = F*W -X3 = 2*t9 -t10 = 2*W -t11 = G-t10 -t12 = 2*LL -t13 = R*t11 -Y3 = t13-t12 -t14 = F^2 -t15 = F*t14 -Z3 = 4*t15 diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb deleted file mode 100644 index 400228b..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb +++ /dev/null @@ -1,43 +0,0 @@ -source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (1) -unified -compute b3 = 3 b -compute t0 = X1 X2 -compute t1 = Y1 Y2 -compute t2 = Z1 Z2 -compute t3 = X1 + Y1 -compute t4 = X2 + Y2 -compute t3 = t3 t4 -compute t4 = t0 + t1 -compute t3 = t3 - t4 -compute t4 = X1 + Z1 -compute t5 = X2 + Z2 -compute t4 = t4 * t5 -compute t5 = t0 + t2 -compute t4 = t4 - t5 -compute t5 = Y1 + Z1 -compute X3 = Y2 + Z2 -compute t5 = t5 X3 -compute X3 = t1 + t2 -compute t5 = t5 - X3 -compute Z3 = a t4 -compute X3 = b3 t2 -compute Z3 = X3 + Z3 -compute X3 = t1 - Z3 -compute Z3 = t1 + Z3 -compute Y3 = X3 Z3 -compute t1 = t0 + t0 -compute t1 = t1 + t0 -compute t2 = a t2 -compute t4 = b3 t4 -compute t1 = t1 + t2 -compute t2 = t0 - t2 -compute t2 = a t2 -compute t4 = t4 + t2 -compute t0 = t1 t4 -compute Y3 = Y3 + t0 -compute t0 = t5 t4 -compute X3 = t3 X3 -compute X3 = X3 - t0 -compute t0 = t3 t1 -compute Z3 = t5 Z3 -compute Z3 = Z3 + t0
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3 deleted file mode 100644 index 7e4a236..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3 +++ /dev/null @@ -1,41 +0,0 @@ -b3 = 3*b -t0 = X1*X2 -t1 = Y1*Y2 -t2 = Z1*Z2 -t3 = X1+Y1 -t4 = X2+Y2 -t3 = t3*t4 -t4 = t0+t1 -t3 = t3-t4 -t4 = X1+Z1 -t5 = X2+Z2 -t4 = t4*t5 -t5 = t0+t2 -t4 = t4-t5 -t5 = Y1+Z1 -X3 = Y2+Z2 -t5 = t5*X3 -X3 = t1+t2 -t5 = t5-X3 -Z3 = a*t4 -X3 = b3*t2 -Z3 = X3+Z3 -X3 = t1-Z3 -Z3 = t1+Z3 -Y3 = X3*Z3 -t1 = t0+t0 -t1 = t1+t0 -t2 = a*t2 -t4 = b3*t4 -t1 = t1+t2 -t2 = t0-t2 -t2 = a*t2 -t4 = t4+t2 -t0 = t1*t4 -Y3 = Y3+t0 -t0 = t5*t4 -X3 = t3*X3 -X3 = X3-t0 -t0 = t3*t1 -Z3 = t5*Z3 -Z3 = Z3+t0
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo b/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo deleted file mode 100644 index 36fa78a..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo +++ /dev/null @@ -1,13 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (3), plus common-subexpression elimination, plus Z2=1 -unified -assume Z2 = 1 -compute u = Y2 Z1-Y1 -compute uu = u^2 -compute v = X2 Z1-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu Z1-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv Z1 diff --git a/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo.op3 deleted file mode 100644 index 01c5120..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/madd-1998-cmo.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Y2*Z1 -u = t0-Y1 -uu = u^2 -t1 = X2*Z1 -v = t1-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t2 = 2*R -t3 = uu*Z1 -t4 = t3-vvv -A = t4-t2 -X3 = v*A -t5 = R-A -t6 = vvv*Y1 -t7 = u*t5 -Y3 = t7-t6 -Z3 = vvv*Z1 diff --git a/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo b/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo deleted file mode 100644 index a62c90b..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo +++ /dev/null @@ -1,14 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", plus Z1=1, plus Z2=1, plus common-subexpression elimination -unified -assume Z1 = 1 -assume Z2 = 1 -compute u = Y2-Y1 -compute uu = u^2 -compute v = X2-X1 -compute vv = v^2 -compute vvv = v vv -compute R = vv X1 -compute A = uu-vvv-2 R -compute X3 = v A -compute Y3 = u(R-A)-vvv Y1 -compute Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo.op3 deleted file mode 100644 index 81c18df..0000000 --- a/pyecsca/ec/efd/shortw/projective/addition/mmadd-1998-cmo.op3 +++ /dev/null @@ -1,15 +0,0 @@ -u = Y2-Y1 -uu = u^2 -v = X2-X1 -vv = v^2 -vvv = v*vv -R = vv*X1 -t0 = 2*R -t1 = uu-vvv -A = t1-t0 -X3 = v*A -t2 = R-A -t3 = vvv*Y1 -t4 = u*t2 -Y3 = t4-t3 -Z3 = vvv diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo b/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo deleted file mode 100644 index 3e4fa95..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo +++ /dev/null @@ -1,8 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4) -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute B = X1 Y1 s -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 Y1^2 s^2 -compute Z3 = 8 s^3 diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2 deleted file mode 100644 index 8434d52..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2 +++ /dev/null @@ -1,11 +0,0 @@ -source 1998 Cohen--Miyaji--Ono "Efficient elliptic curve exponentiation using mixed coordinates", formula (4), plus common-subexpression elimination -compute w = a Z1^2+3 X1^2 -compute s = Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute B = X1 R -compute h = w^2-8 B -compute X3 = 2 h s -compute Y3 = w(4 B-h)-8 R^2 -compute Z3 = 8 sss diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2.op3 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2.op3 deleted file mode 100644 index efd0f9d..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -ss = s^2 -sss = s*ss -R = Y1*s -B = X1*R -t4 = w^2 -t5 = 8*B -h = t4-t5 -t6 = h*s -X3 = 2*t6 -t7 = 4*B -t8 = t7-h -t9 = R^2 -t10 = 8*t9 -t11 = w*t8 -Y3 = t11-t10 -Z3 = 8*sss diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo.op3 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo.op3 deleted file mode 100644 index ab986d6..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-1998-cmo.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z1^2 -t1 = X1^2 -t2 = 3*t1 -t3 = a*t0 -w = t3+t2 -s = Y1*Z1 -t4 = Y1*s -B = X1*t4 -t5 = w^2 -t6 = 8*B -h = t5-t6 -t7 = h*s -X3 = 2*t7 -t8 = 4*B -t9 = t8-h -t10 = Y1^2 -t11 = s^2 -t12 = t10*t11 -t13 = 8*t12 -t14 = w*t9 -Y3 = t14-t13 -t15 = s^3 -Z3 = 8*t15 diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl deleted file mode 100644 index e962f44..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl +++ /dev/null @@ -1,14 +0,0 @@ -source 2007 Bernstein--Lange -compute XX = X1^2 -compute ZZ = Z1^2 -compute w = a ZZ+3 XX -compute s = 2 Y1 Z1 -compute ss = s^2 -compute sss = s ss -compute R = Y1 s -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = h s -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl.op3 deleted file mode 100644 index 76c96f6..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2007-bl.op3 +++ /dev/null @@ -1,24 +0,0 @@ -XX = X1^2 -ZZ = Z1^2 -t0 = 3*XX -t1 = a*ZZ -w = t1+t0 -t2 = Y1*Z1 -s = 2*t2 -ss = s^2 -sss = s*ss -R = Y1*s -RR = R^2 -t3 = X1+R -t4 = t3^2 -t5 = t4-XX -B = t5-RR -t6 = w^2 -t7 = 2*B -h = t6-t7 -X3 = h*s -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb deleted file mode 100644 index a031579..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb +++ /dev/null @@ -1,33 +0,0 @@ -source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (3) -compute b3 = 3 b -compute t0 = X1^2 -compute t1 = Y1^2 -compute t2 = Z1^2 -compute t3 = X1 Y1 -compute t3 = t3 + t3 -compute Z3 = X1 Z1 -compute Z3 = Z3 + Z3 -compute X3 = a Z3 -compute Y3 = b3 t2 -compute Y3 = X3 + Y3 -compute X3 = t1 - Y3 -compute Y3 = t1 + Y3 -compute Y3 = X3 Y3 -compute X3 = t3 X3 -compute Z3 = b3 Z3 -compute t2 = a t2 -compute t3 = t0 - t2 -compute t3 = a t3 -compute t3 = t3 + Z3 -compute Z3 = t0 + t0 -compute t0 = Z3 + t0 -compute t0 = t0 + t2 -compute t0 = t0 t3 -compute Y3 = Y3 + t0 -compute t2 = Y1 Z1 -compute t2 = t2 + t2 -compute t0 = t2 t3 -compute X3 = X3 - t0 -compute Z3 = t2 t1 -compute Z3 = Z3 + Z3 -compute Z3 = Z3 + Z3
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3 deleted file mode 100644 index 8b933ac..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3 +++ /dev/null @@ -1,32 +0,0 @@ -b3 = 3*b -t0 = X1^2 -t1 = Y1^2 -t2 = Z1^2 -t3 = X1*Y1 -t3 = t3+t3 -Z3 = X1*Z1 -Z3 = Z3+Z3 -X3 = a*Z3 -Y3 = b3*t2 -Y3 = X3+Y3 -X3 = t1-Y3 -Y3 = t1+Y3 -Y3 = X3*Y3 -X3 = t3*X3 -Z3 = b3*Z3 -t2 = a*t2 -t3 = t0-t2 -t3 = a*t3 -t3 = t3+Z3 -Z3 = t0+t0 -t0 = Z3+t0 -t0 = t0+t2 -t0 = t0*t3 -Y3 = Y3+t0 -t2 = Y1*Z1 -t2 = t2+t2 -t0 = t2*t3 -X3 = X3-t0 -Z3 = t2*t1 -Z3 = Z3+Z3 -Z3 = Z3+Z3
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl b/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl deleted file mode 100644 index 2f5508a..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl +++ /dev/null @@ -1,13 +0,0 @@ -source 2007 Bernstein--Lange -assume Z1 = 1 -compute XX = X1^2 -compute w = a+3 XX -compute Y1Y1 = Y1^2 -compute R = 2 Y1Y1 -compute sss = 4 Y1 R -compute RR = R^2 -compute B = (X1+R)^2-XX-RR -compute h = w^2-2 B -compute X3 = 2 h Y1 -compute Y3 = w(B-h)-2 RR -compute Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl.op3 b/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl.op3 deleted file mode 100644 index 193dc77..0000000 --- a/pyecsca/ec/efd/shortw/projective/doubling/mdbl-2007-bl.op3 +++ /dev/null @@ -1,22 +0,0 @@ -XX = X1^2 -t0 = 3*XX -w = a+t0 -Y1Y1 = Y1^2 -R = 2*Y1Y1 -t1 = Y1*R -sss = 4*t1 -RR = R^2 -t2 = X1+R -t3 = t2^2 -t4 = t3-XX -B = t4-RR -t5 = w^2 -t6 = 2*B -h = t5-t6 -t7 = h*Y1 -X3 = 2*t7 -t8 = B-h -t9 = 2*RR -t10 = w*t8 -Y3 = t10-t9 -Z3 = sss diff --git a/pyecsca/ec/efd/shortw/projective/negation/neg b/pyecsca/ec/efd/shortw/projective/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/projective/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/negation/neg.op3 b/pyecsca/ec/efd/shortw/projective/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/projective/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/projective/scaling/z b/pyecsca/ec/efd/shortw/projective/scaling/z deleted file mode 100644 index 668bd3b..0000000 --- a/pyecsca/ec/efd/shortw/projective/scaling/z +++ /dev/null @@ -1,4 +0,0 @@ -compute A = 1/Z1 -compute X3 = A X1 -compute Y3 = A Y1 -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective/scaling/z.op3 b/pyecsca/ec/efd/shortw/projective/scaling/z.op3 deleted file mode 100644 index c6e9140..0000000 --- a/pyecsca/ec/efd/shortw/projective/scaling/z.op3 +++ /dev/null @@ -1,4 +0,0 @@ -A = 1/Z1 -X3 = A*X1 -Y3 = A*Y1 -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/projective/variables b/pyecsca/ec/efd/shortw/projective/variables deleted file mode 100644 index 4ba1c7b..0000000 --- a/pyecsca/ec/efd/shortw/projective/variables +++ /dev/null @@ -1,9 +0,0 @@ -name projective coordinates -variable X -variable Y -variable Z -neutral X = 0 -neutral Y = 1 -neutral Z = 0 -satisfying x = X/Z -satisfying y = Y/Z diff --git a/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln b/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln deleted file mode 100644 index 80de216..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln +++ /dev/null @@ -1,18 +0,0 @@ -source 2010 Costello--Lange--Naehrig -unified -compute A = Z1^2 -compute B = Z2^2 -compute C = (Z1 + Z2)^2-A-B -compute D = X1 Z2 -compute E = X2 Z1 -compute F = Y1 B -compute G = Y2 A -compute H = D - E -compute I = 2 (F - G) -compute II = I^2 -compute J = C H -compute K = 4 J H -compute X3 = 2 II - (D + E) K -compute JJ = J^2 -compute Y3 = ((J + I)^2 - JJ - II) (D K - X3) - F K^2 -compute Z3 = 2 JJ diff --git a/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln.op3 b/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln.op3 deleted file mode 100644 index 63ebd7c..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/addition/add-2010-cln.op3 +++ /dev/null @@ -1,33 +0,0 @@ -A = Z1^2 -B = Z2^2 -t0 = Z1+Z2 -t1 = t0^2 -t2 = t1-A -C = t2-B -D = X1*Z2 -E = X2*Z1 -F = Y1*B -G = Y2*A -H = D-E -t3 = F-G -I = 2*t3 -II = I^2 -J = C*H -t4 = J*H -K = 4*t4 -t5 = D+E -t6 = t5*K -t7 = 2*II -X3 = t7-t6 -JJ = J^2 -t8 = J+I -t9 = t8^2 -t10 = D*K -t11 = t9-JJ -t12 = t11-II -t13 = t10-X3 -t14 = K^2 -t15 = F*t14 -t16 = t12*t13 -Y3 = t16-t15 -Z3 = 2*JJ diff --git a/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln b/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln deleted file mode 100644 index ee5fa5b..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln +++ /dev/null @@ -1,15 +0,0 @@ -source 2010 Costello--Lange--Naehrig -unified -assume Z2 = 1 -compute A = Z1^2 -compute E = X2 Z1 -compute G = Y2 A -compute H = (X1 - E) -compute I = (Y1 - G) -compute II = I^2 -compute J = Z1 H -compute K = 2 J H -compute X3 = 2 II - (X1 + E) K -compute JJ = J^2 -compute Y3 = ((J+ I)^2 - JJ - II) (X1 K - X3) - Y1 K^2 -compute Z3 = 2 JJ diff --git a/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln.op3 b/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln.op3 deleted file mode 100644 index ecc98f1..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/addition/madd-2010-cln.op3 +++ /dev/null @@ -1,25 +0,0 @@ -A = Z1^2 -E = X2*Z1 -G = Y2*A -H = X1-E -I = Y1-G -II = I^2 -J = Z1*H -t0 = J*H -K = 2*t0 -t1 = X1+E -t2 = t1*K -t3 = 2*II -X3 = t3-t2 -JJ = J^2 -t4 = J+I -t5 = t4^2 -t6 = X1*K -t7 = t5-JJ -t8 = t7-II -t9 = t6-X3 -t10 = K^2 -t11 = Y1*t10 -t12 = t8*t9 -Y3 = t12-t11 -Z3 = 2*JJ diff --git a/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln b/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln deleted file mode 100644 index 1113227..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln +++ /dev/null @@ -1,10 +0,0 @@ -source 2010 Costello--Lange--Naehrig -compute A = X1^2 -compute B = Y1^2 -compute C = Z1^2 -compute D = a C -compute X3 = (A-D)^2 -compute E = 2 (A+D)^2-X3 -compute F = ((A-D+Y1)^2-B-X3) -compute Y3 = E F -compute Z3 = 4 B diff --git a/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln.op3 b/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln.op3 deleted file mode 100644 index 07b4f92..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/doubling/dbl-2010-cln.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1^2 -B = Y1^2 -C = Z1^2 -D = a*C -t0 = A-D -X3 = t0^2 -t1 = A+D -t2 = t1^2 -t3 = 2*t2 -E = t3-X3 -t4 = A-D -t5 = t4+Y1 -t6 = t5^2 -t7 = t6-B -F = t7-X3 -Y3 = E*F -Z3 = 4*B diff --git a/pyecsca/ec/efd/shortw/w12-0/negation/neg b/pyecsca/ec/efd/shortw/w12-0/negation/neg deleted file mode 100644 index 32352f0..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/w12-0/negation/neg.op3 b/pyecsca/ec/efd/shortw/w12-0/negation/neg.op3 deleted file mode 100644 index cce5d21..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = X1 -Y3 = -Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/w12-0/scaling/z b/pyecsca/ec/efd/shortw/w12-0/scaling/z deleted file mode 100644 index 02907a4..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/scaling/z +++ /dev/null @@ -1,5 +0,0 @@ -compute A = 1/Z1 -compute AA = A^2 -compute X3 = X1*A -compute Y3 = Y1*AA -compute Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/w12-0/scaling/z.op3 b/pyecsca/ec/efd/shortw/w12-0/scaling/z.op3 deleted file mode 100644 index 67652e5..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/scaling/z.op3 +++ /dev/null @@ -1,5 +0,0 @@ -A = 1/Z1 -AA = A^2 -X3 = X1*A -Y3 = Y1*AA -Z3 = 1 diff --git a/pyecsca/ec/efd/shortw/w12-0/variables b/pyecsca/ec/efd/shortw/w12-0/variables deleted file mode 100644 index 5a0ec46..0000000 --- a/pyecsca/ec/efd/shortw/w12-0/variables +++ /dev/null @@ -1,8 +0,0 @@ -name W12 coordinates with a6=0 -assume b = 0 -variable X -variable Y -variable Z -satisfying ZZ = Z^2 -satisfying x = X/Z -satisfying y = Y/ZZ diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s b/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s deleted file mode 100644 index ffa7bf0..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -compute U1 = X1 ZZ2 -compute U2 = X2 ZZ1 -compute S1 = Y1 ZZZ2 -compute S2 = Y2 ZZZ1 -compute P = U2-U1 -compute R = S2-S1 -compute PP = P^2 -compute PPP = P PP -compute Q = U1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-S1 PPP -compute ZZ3 = ZZ1 ZZ2 PP -compute ZZZ3 = ZZZ1 ZZZ2 PPP diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s.op3 deleted file mode 100644 index 88540c8..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/add-2008-s.op3 +++ /dev/null @@ -1,21 +0,0 @@ -U1 = X1*ZZ2 -U2 = X2*ZZ1 -S1 = Y1*ZZZ2 -S2 = Y2*ZZZ1 -P = U2-U1 -R = S2-S1 -PP = P^2 -PPP = P*PP -Q = U1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = S1*PPP -t5 = R*t3 -Y3 = t5-t4 -t6 = ZZ2*PP -ZZ3 = ZZ1*t6 -t7 = ZZZ2*PPP -ZZZ3 = ZZZ1*t7 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s b/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s deleted file mode 100644 index 61b2db9..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -assume ZZ2 = 1 -assume ZZZ2 = 1 -compute U2 = X2 ZZ1 -compute S2 = Y2 ZZZ1 -compute P = U2-X1 -compute R = S2-Y1 -compute PP = P^2 -compute PPP = P PP -compute Q = X1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-Y1 PPP -compute ZZ3 = ZZ1 PP -compute ZZZ3 = ZZZ1 PPP diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s.op3 deleted file mode 100644 index a1bc5ed..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/madd-2008-s.op3 +++ /dev/null @@ -1,17 +0,0 @@ -U2 = X2*ZZ1 -S2 = Y2*ZZZ1 -P = U2-X1 -R = S2-Y1 -PP = P^2 -PPP = P*PP -Q = X1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = Y1*PPP -t5 = R*t3 -Y3 = t5-t4 -ZZ3 = ZZ1*PP -ZZZ3 = ZZZ1*PPP diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s b/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s deleted file mode 100644 index 621b6e1..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -assume ZZ1 = 1 -assume ZZZ1 = 1 -assume ZZ2 = 1 -assume ZZZ2 = 1 -compute P = X2-X1 -compute R = Y2-Y1 -compute PP = P^2 -compute PPP = P PP -compute Q = X1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-Y1 PPP -compute ZZ3 = PP -compute ZZZ3 = PPP diff --git a/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s.op3 deleted file mode 100644 index 34d8e9b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/addition/mmadd-2008-s.op3 +++ /dev/null @@ -1,15 +0,0 @@ -P = X2-X1 -R = Y2-Y1 -PP = P^2 -PPP = P*PP -Q = X1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = Y1*PPP -t5 = R*t3 -Y3 = t5-t4 -ZZ3 = PP -ZZZ3 = PPP diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1 deleted file mode 100644 index 55cc4be..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1 +++ /dev/null @@ -1,10 +0,0 @@ -source 2008 Sutherland -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 X1^2+a ZZ1^2 -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V ZZ1 -compute ZZZ3 = W ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1.op3 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1.op3 deleted file mode 100644 index 99993c5..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-1.op3 +++ /dev/null @@ -1,18 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1^2 -t1 = ZZ1^2 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = M^2 -t5 = 2*S -X3 = t4-t5 -t6 = S-X3 -t7 = W*Y1 -t8 = M*t6 -Y3 = t8-t7 -ZZ3 = V*ZZ1 -ZZZ3 = W*ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2 deleted file mode 100644 index 78e9f03..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2 +++ /dev/null @@ -1,11 +0,0 @@ -source 2008 Sutherland -appliesto xyzz-3 -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 (X1-ZZ1) (X1+ZZ1) -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V ZZ1 -compute ZZZ3 = W ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2.op3 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2.op3 deleted file mode 100644 index f8fe113..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/dbl-2008-s-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1-ZZ1 -t1 = X1+ZZ1 -t2 = t0*t1 -M = 3*t2 -t3 = M^2 -t4 = 2*S -X3 = t3-t4 -t5 = S-X3 -t6 = W*Y1 -t7 = M*t5 -Y3 = t7-t6 -ZZ3 = V*ZZ1 -ZZZ3 = W*ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1 deleted file mode 100644 index 2047d86..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1 +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Sutherland -assume ZZ1 = 1 -assume ZZZ1 = 1 -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 X1^2+a -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V -compute ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1.op3 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1.op3 deleted file mode 100644 index c6d2c3b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-1.op3 +++ /dev/null @@ -1,16 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1^2 -t1 = 3*t0 -M = t1+a -t2 = M^2 -t3 = 2*S -X3 = t2-t3 -t4 = S-X3 -t5 = W*Y1 -t6 = M*t4 -Y3 = t6-t5 -ZZ3 = V -ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2 deleted file mode 100644 index af8e81c..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2 +++ /dev/null @@ -1,13 +0,0 @@ -source 2008 Sutherland -appliesto xyzz-3 -assume ZZ1 = 1 -assume ZZZ1 = 1 -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 (X1^2-1) -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V -compute ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2.op3 b/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2.op3 deleted file mode 100644 index b762b4b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/doubling/mdbl-2008-s-2.op3 +++ /dev/null @@ -1,16 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1^2 -t1 = t0-1 -M = 3*t1 -t2 = M^2 -t3 = 2*S -X3 = t2-t3 -t4 = S-X3 -t5 = W*Y1 -t6 = M*t4 -Y3 = t6-t5 -ZZ3 = V -ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz-3/negation/neg b/pyecsca/ec/efd/shortw/xyzz-3/negation/neg deleted file mode 100644 index fb1dcd5..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/negation/neg +++ /dev/null @@ -1,4 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute ZZ3 = ZZ1 -compute ZZZ3 = ZZZ1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/xyzz-3/negation/neg.op3 b/pyecsca/ec/efd/shortw/xyzz-3/negation/neg.op3 deleted file mode 100644 index 12c129b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = X1 -Y3 = -Y1 -ZZ3 = ZZ1 -ZZZ3 = ZZZ1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/xyzz-3/scaling/z b/pyecsca/ec/efd/shortw/xyzz-3/scaling/z deleted file mode 100644 index ae4c2e1..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/scaling/z +++ /dev/null @@ -1,6 +0,0 @@ -compute A = 1/ZZZ1 -compute B = (ZZ1 A)^2 -compute X3 = X1 B -compute Y3 = Y1 A -compute ZZ3 = 1 -compute ZZZ3 = 1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/scaling/z.op3 b/pyecsca/ec/efd/shortw/xyzz-3/scaling/z.op3 deleted file mode 100644 index 1e076c3..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/scaling/z.op3 +++ /dev/null @@ -1,7 +0,0 @@ -A = 1/ZZZ1 -t0 = ZZ1*A -B = t0^2 -X3 = X1*B -Y3 = Y1*A -ZZ3 = 1 -ZZZ3 = 1 diff --git a/pyecsca/ec/efd/shortw/xyzz-3/variables b/pyecsca/ec/efd/shortw/xyzz-3/variables deleted file mode 100644 index 1b1c2d7..0000000 --- a/pyecsca/ec/efd/shortw/xyzz-3/variables +++ /dev/null @@ -1,9 +0,0 @@ -name XYZZ coordinates with a4=-3 -assume a = -3 -variable X -variable Y -variable ZZ -variable ZZZ -satisfying x = X/ZZ -satisfying y = Y/ZZZ -satisfying ZZ^3 = ZZZ^2 diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s b/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s deleted file mode 100644 index ffa7bf0..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -compute U1 = X1 ZZ2 -compute U2 = X2 ZZ1 -compute S1 = Y1 ZZZ2 -compute S2 = Y2 ZZZ1 -compute P = U2-U1 -compute R = S2-S1 -compute PP = P^2 -compute PPP = P PP -compute Q = U1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-S1 PPP -compute ZZ3 = ZZ1 ZZ2 PP -compute ZZZ3 = ZZZ1 ZZZ2 PPP diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s.op3 deleted file mode 100644 index 88540c8..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/add-2008-s.op3 +++ /dev/null @@ -1,21 +0,0 @@ -U1 = X1*ZZ2 -U2 = X2*ZZ1 -S1 = Y1*ZZZ2 -S2 = Y2*ZZZ1 -P = U2-U1 -R = S2-S1 -PP = P^2 -PPP = P*PP -Q = U1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = S1*PPP -t5 = R*t3 -Y3 = t5-t4 -t6 = ZZ2*PP -ZZ3 = ZZ1*t6 -t7 = ZZZ2*PPP -ZZZ3 = ZZZ1*t7 diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s b/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s deleted file mode 100644 index 61b2db9..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -assume ZZ2 = 1 -assume ZZZ2 = 1 -compute U2 = X2 ZZ1 -compute S2 = Y2 ZZZ1 -compute P = U2-X1 -compute R = S2-Y1 -compute PP = P^2 -compute PPP = P PP -compute Q = X1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-Y1 PPP -compute ZZ3 = ZZ1 PP -compute ZZZ3 = ZZZ1 PPP diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s.op3 deleted file mode 100644 index a1bc5ed..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/madd-2008-s.op3 +++ /dev/null @@ -1,17 +0,0 @@ -U2 = X2*ZZ1 -S2 = Y2*ZZZ1 -P = U2-X1 -R = S2-Y1 -PP = P^2 -PPP = P*PP -Q = X1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = Y1*PPP -t5 = R*t3 -Y3 = t5-t4 -ZZ3 = ZZ1*PP -ZZZ3 = ZZZ1*PPP diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s b/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s deleted file mode 100644 index 621b6e1..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Sutherland -unified -assume ZZ1 = 1 -assume ZZZ1 = 1 -assume ZZ2 = 1 -assume ZZZ2 = 1 -compute P = X2-X1 -compute R = Y2-Y1 -compute PP = P^2 -compute PPP = P PP -compute Q = X1 PP -compute X3 = R^2-PPP-2 Q -compute Y3 = R (Q-X3)-Y1 PPP -compute ZZ3 = PP -compute ZZZ3 = PPP diff --git a/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s.op3 b/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s.op3 deleted file mode 100644 index 34d8e9b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/addition/mmadd-2008-s.op3 +++ /dev/null @@ -1,15 +0,0 @@ -P = X2-X1 -R = Y2-Y1 -PP = P^2 -PPP = P*PP -Q = X1*PP -t0 = R^2 -t1 = 2*Q -t2 = t0-PPP -X3 = t2-t1 -t3 = Q-X3 -t4 = Y1*PPP -t5 = R*t3 -Y3 = t5-t4 -ZZ3 = PP -ZZZ3 = PPP diff --git a/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1 b/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1 deleted file mode 100644 index 55cc4be..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1 +++ /dev/null @@ -1,10 +0,0 @@ -source 2008 Sutherland -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 X1^2+a ZZ1^2 -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V ZZ1 -compute ZZZ3 = W ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1.op3 b/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1.op3 deleted file mode 100644 index 99993c5..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/doubling/dbl-2008-s-1.op3 +++ /dev/null @@ -1,18 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1^2 -t1 = ZZ1^2 -t2 = a*t1 -t3 = 3*t0 -M = t3+t2 -t4 = M^2 -t5 = 2*S -X3 = t4-t5 -t6 = S-X3 -t7 = W*Y1 -t8 = M*t6 -Y3 = t8-t7 -ZZ3 = V*ZZ1 -ZZZ3 = W*ZZZ1 diff --git a/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1 b/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1 deleted file mode 100644 index 2047d86..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1 +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Sutherland -assume ZZ1 = 1 -assume ZZZ1 = 1 -compute U = 2 Y1 -compute V = U^2 -compute W = U V -compute S = X1 V -compute M = 3 X1^2+a -compute X3 = M^2-2 S -compute Y3 = M (S-X3)-W Y1 -compute ZZ3 = V -compute ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1.op3 b/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1.op3 deleted file mode 100644 index c6d2c3b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/doubling/mdbl-2008-s-1.op3 +++ /dev/null @@ -1,16 +0,0 @@ -U = 2*Y1 -V = U^2 -W = U*V -S = X1*V -t0 = X1^2 -t1 = 3*t0 -M = t1+a -t2 = M^2 -t3 = 2*S -X3 = t2-t3 -t4 = S-X3 -t5 = W*Y1 -t6 = M*t4 -Y3 = t6-t5 -ZZ3 = V -ZZZ3 = W diff --git a/pyecsca/ec/efd/shortw/xyzz/negation/neg b/pyecsca/ec/efd/shortw/xyzz/negation/neg deleted file mode 100644 index 99b94a8..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/negation/neg +++ /dev/null @@ -1,4 +0,0 @@ -compute X3 = X1 -compute Y3 = -Y1 -compute ZZ3 = Z1 -compute ZZZ3 = ZZZ1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/xyzz/negation/neg.op3 b/pyecsca/ec/efd/shortw/xyzz/negation/neg.op3 deleted file mode 100644 index 12c129b..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = X1 -Y3 = -Y1 -ZZ3 = ZZ1 -ZZZ3 = ZZZ1
\ No newline at end of file diff --git a/pyecsca/ec/efd/shortw/xyzz/scaling/z b/pyecsca/ec/efd/shortw/xyzz/scaling/z deleted file mode 100644 index ae4c2e1..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/scaling/z +++ /dev/null @@ -1,6 +0,0 @@ -compute A = 1/ZZZ1 -compute B = (ZZ1 A)^2 -compute X3 = X1 B -compute Y3 = Y1 A -compute ZZ3 = 1 -compute ZZZ3 = 1 diff --git a/pyecsca/ec/efd/shortw/xyzz/scaling/z.op3 b/pyecsca/ec/efd/shortw/xyzz/scaling/z.op3 deleted file mode 100644 index 1e076c3..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/scaling/z.op3 +++ /dev/null @@ -1,7 +0,0 @@ -A = 1/ZZZ1 -t0 = ZZ1*A -B = t0^2 -X3 = X1*B -Y3 = Y1*A -ZZ3 = 1 -ZZZ3 = 1 diff --git a/pyecsca/ec/efd/shortw/xyzz/variables b/pyecsca/ec/efd/shortw/xyzz/variables deleted file mode 100644 index 526f36c..0000000 --- a/pyecsca/ec/efd/shortw/xyzz/variables +++ /dev/null @@ -1,8 +0,0 @@ -name XYZZ coordinates -variable X -variable Y -variable ZZ -variable ZZZ -satisfying x = X/ZZ -satisfying y = Y/ZZZ -satisfying ZZ^3 = ZZZ^2 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it deleted file mode 100644 index 047a1f9..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it +++ /dev/null @@ -1,3 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formula (8) -compute X4 = Z1 ((X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3(X2 Z3 + X3 Z2)) -compute Z4 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2 deleted file mode 100644 index ca43635..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2 +++ /dev/null @@ -1,5 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formula (9) -compute R = 2(X2 Z3 + X3 Z2)(X2 X3 + a Z2 Z3) + 4 b Z2^2 Z3^2 -compute S = (X2 Z3 - X3 Z2)^2 -compute X4 = R Z1 - S X1 -compute Z4 = S Z1 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2.op3 deleted file mode 100644 index 3052fbc..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-2.op3 +++ /dev/null @@ -1,23 +0,0 @@ -t0 = Z2*Z3 -t1 = a*t0 -t2 = X2*X3 -t3 = X3*Z2 -t4 = X2*Z3 -t5 = t4+t3 -t6 = t2+t1 -t7 = Z2^2 -t8 = Z3^2 -t9 = t7*t8 -t10 = b*t9 -t11 = 4*t10 -t12 = t5*t6 -t13 = 2*t12 -R = t13+t11 -t14 = X3*Z2 -t15 = X2*Z3 -t16 = t15-t14 -S = t16^2 -t17 = S*X1 -t18 = R*Z1 -X4 = t18-t17 -Z4 = S*Z1 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3 deleted file mode 100644 index f0fb438..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3 +++ /dev/null @@ -1,17 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", page 295, Formula 1 -compute T1 = X2 X3 -compute T2 = Z2 Z3 -compute T3 = X2 Z3 -compute T4 = Z2 X3 -compute T5 = a T2 -compute T6 = T1 - T5 -compute T7 = T6^2 -compute T8 = b T2 -compute T9 = 4 T8 -compute T10 = T3 + T4 -compute T11 = T9 T10 -compute T12 = T7 - T11 -compute X4 = Z1 T12 -compute T13 = T3 - T4 -compute T14 = T13^2 -compute Z4 = X1 T14 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3.op3 deleted file mode 100644 index 0dc1e5e..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-3.op3 +++ /dev/null @@ -1,16 +0,0 @@ -T1 = X2*X3 -T2 = Z2*Z3 -T3 = X2*Z3 -T4 = Z2*X3 -T5 = a*T2 -T6 = T1-T5 -T7 = T6^2 -T8 = b*T2 -T9 = 4*T8 -T10 = T3+T4 -T11 = T9*T10 -T12 = T7-T11 -X4 = Z1*T12 -T13 = T3-T4 -T14 = T13^2 -Z4 = X1*T14 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4 deleted file mode 100644 index 9197ae8..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4 +++ /dev/null @@ -1,20 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", page 296, Formula 2 -compute T1 = X2 X3 -compute T2 = Z2 Z3 -compute T3 = X2 Z3 -compute T4 = X3 Z2 -compute T5 = T3 + T4 -compute T6 = a T2 -compute T7 = T1 + T6 -compute T8 = T5 T7 -compute T9 = 2 T8 -compute T10 = T2^2 -compute T11 = b T10 -compute T12 = 4 T11 -compute T13 = T9 + T12 -compute T14 = T3 - T4 -compute T15 = T14^2 -compute T16 = Z1 T13 -compute T17 = X1 T15 -compute X4 = T16 - T17 -compute Z4 = Z1 T15 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4.op3 deleted file mode 100644 index bcd508e..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it-4.op3 +++ /dev/null @@ -1,19 +0,0 @@ -T1 = X2*X3 -T2 = Z2*Z3 -T3 = X2*Z3 -T4 = X3*Z2 -T5 = T3+T4 -T6 = a*T2 -T7 = T1+T6 -T8 = T5*T7 -T9 = 2*T8 -T10 = T2^2 -T11 = b*T10 -T12 = 4*T11 -T13 = T9+T12 -T14 = T3-T4 -T15 = T14^2 -T16 = Z1*T13 -T17 = X1*T15 -X4 = T16-T17 -Z4 = Z1*T15 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it.op3 deleted file mode 100644 index 3e3f735..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/dadd-2002-it.op3 +++ /dev/null @@ -1,19 +0,0 @@ -t0 = X3*Z2 -t1 = X2*Z3 -t2 = Z2*Z3 -t3 = a*t2 -t4 = X2*X3 -t5 = t4-t3 -t6 = t1+t0 -t7 = t5^2 -t8 = Z3*t6 -t9 = Z2*t8 -t10 = b*t9 -t11 = 4*t10 -t12 = t7-t11 -X4 = Z1*t12 -t13 = X3*Z2 -t14 = X2*Z3 -t15 = t14-t13 -t16 = t15^2 -Z4 = X1*t16 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj deleted file mode 100644 index 9539822..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj +++ /dev/null @@ -1,4 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formula (9) accompanied by note "7 multiplications plus 3 multiplications by a constant" -assume Z1 = 1 -compute X4 = (X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3 (X2 Z3 + X3 Z2) -compute Z4 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2 deleted file mode 100644 index 33c0571..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formula (9) accompanied by note "7 multiplications plus 3 multiplications by a constant", plus common-subexpression elimination -assume Z1 = 1 -parameter b4 -assume b4 = 4*b -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = Z2 X3 -compute X4 = (A - a B)^2 - b4 B (C + D) -compute Z4 = X1 (C - D)^2 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2.op3 deleted file mode 100644 index e8dcdf8..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj-2.op3 +++ /dev/null @@ -1,14 +0,0 @@ -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = Z2*X3 -t0 = a*B -t1 = A-t0 -t2 = C+D -t3 = t1^2 -t4 = B*t2 -t5 = b4*t4 -X4 = t3-t5 -t6 = C-D -t7 = t6^2 -Z4 = X1*t7 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj.op3 deleted file mode 100644 index 496f313..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-bj.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = X3*Z2 -t1 = X2*Z3 -t2 = Z2*Z3 -t3 = a*t2 -t4 = X2*X3 -t5 = t4-t3 -t6 = t1+t0 -t7 = t5^2 -t8 = Z3*t6 -t9 = Z2*t8 -t10 = b*t9 -t11 = 4*t10 -X4 = t7-t11 -t12 = X3*Z2 -t13 = X2*Z3 -t14 = t13-t12 -t15 = t14^2 -Z4 = X1*t15 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it deleted file mode 100644 index 4cdcc9f..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it +++ /dev/null @@ -1,4 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formula (8), plus assumption Z1 = 1 -assume Z1 = 1 -compute X4 = (X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3(X2 Z3 + X3 Z2) -compute Z4 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2 deleted file mode 100644 index 6780268..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2 +++ /dev/null @@ -1,6 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formula (9), plus assumption Z1 = 1 -assume Z1 = 1 -compute R = 2(X2 Z3 + X3 Z2)(X2 X3 + a Z2 Z3) + 4 b Z2^2 Z3^2 -compute S = (X2 Z3 - X3 Z2)^2 -compute X4 = R - S X1 -compute Z4 = S diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2.op3 deleted file mode 100644 index e3e1e4f..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-2.op3 +++ /dev/null @@ -1,22 +0,0 @@ -t0 = Z2*Z3 -t1 = a*t0 -t2 = X2*X3 -t3 = X3*Z2 -t4 = X2*Z3 -t5 = t4+t3 -t6 = t2+t1 -t7 = Z2^2 -t8 = Z3^2 -t9 = t7*t8 -t10 = b*t9 -t11 = 4*t10 -t12 = t5*t6 -t13 = 2*t12 -R = t13+t11 -t14 = X3*Z2 -t15 = X2*Z3 -t16 = t15-t14 -S = t16^2 -t17 = S*X1 -X4 = R-t17 -Z4 = S diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3 deleted file mode 100644 index 3ed7f08..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3 +++ /dev/null @@ -1,18 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", page 295, Formula 1, plus assumption Z1 = 1 -assume Z1 = 1 -compute T1 = X2 X3 -compute T2 = Z2 Z3 -compute T3 = X2 Z3 -compute T4 = Z2 X3 -compute T5 = a T2 -compute T6 = T1 - T5 -compute T7 = T6^2 -compute T8 = b T2 -compute T9 = 4 T8 -compute T10 = T3 + T4 -compute T11 = T9 T10 -compute T12 = T7 - T11 -compute X4 = T12 -compute T13 = T3 - T4 -compute T14 = T13^2 -compute Z4 = X1 T14 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3.op3 deleted file mode 100644 index f28599f..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-3.op3 +++ /dev/null @@ -1,16 +0,0 @@ -T1 = X2*X3 -T2 = Z2*Z3 -T3 = X2*Z3 -T4 = Z2*X3 -T5 = a*T2 -T6 = T1-T5 -T7 = T6^2 -T8 = b*T2 -T9 = 4*T8 -T10 = T3+T4 -T11 = T9*T10 -T12 = T7-T11 -X4 = T12 -T13 = T3-T4 -T14 = T13^2 -Z4 = X1*T14 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4 deleted file mode 100644 index add2e0f..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4 +++ /dev/null @@ -1,21 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", page 296, Formula 2, plus assumption Z1 = 1 -assume Z1 = 1 -compute T1 = X2 X3 -compute T2 = Z2 Z3 -compute T3 = X2 Z3 -compute T4 = X3 Z2 -compute T5 = T3 + T4 -compute T6 = a T2 -compute T7 = T1 + T6 -compute T8 = T5 T7 -compute T9 = 2 T8 -compute T10 = T2^2 -compute T11 = b T10 -compute T12 = 4 T11 -compute T13 = T9 + T12 -compute T14 = T3 - T4 -compute T15 = T14^2 -compute T16 = T13 -compute T17 = X1 T15 -compute X4 = T16 - T17 -compute Z4 = T15 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4.op3 deleted file mode 100644 index ef831fc..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it-4.op3 +++ /dev/null @@ -1,19 +0,0 @@ -T1 = X2*X3 -T2 = Z2*Z3 -T3 = X2*Z3 -T4 = X3*Z2 -T5 = T3+T4 -T6 = a*T2 -T7 = T1+T6 -T8 = T5*T7 -T9 = 2*T8 -T10 = T2^2 -T11 = b*T10 -T12 = 4*T11 -T13 = T9+T12 -T14 = T3-T4 -T15 = T14^2 -T16 = T13 -T17 = X1*T15 -X4 = T16-T17 -Z4 = T15 diff --git a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it.op3 b/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it.op3 deleted file mode 100644 index 496f313..0000000 --- a/pyecsca/ec/efd/shortw/xz/diffadd/mdadd-2002-it.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = X3*Z2 -t1 = X2*Z3 -t2 = Z2*Z3 -t3 = a*t2 -t4 = X2*X3 -t5 = t4-t3 -t6 = t1+t0 -t7 = t5^2 -t8 = Z3*t6 -t9 = Z2*t8 -t10 = b*t9 -t11 = 4*t10 -X4 = t7-t11 -t12 = X3*Z2 -t13 = X2*Z3 -t14 = t13-t12 -t15 = t14^2 -Z4 = X1*t15 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj deleted file mode 100644 index 8da1b32..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj +++ /dev/null @@ -1,3 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formula (10) accompanied by note "7 multiplications plus 2 multiplications by a constant" -compute X3 = (X1^2 - a Z1^2)^2 - 8 b X1 Z1^3 -compute Z3 = 4 Z1 (X1^3 + a X1 Z1^2 + b Z1^3) diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2 deleted file mode 100644 index be39e63..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2 +++ /dev/null @@ -1,10 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formula (10) accompanied by note "7 multiplications plus 2 multiplications by a constant", plus common-subexpression elimination -parameter b2 -assume b2 = 2*b -compute XX = X1^2 -compute ZZ = Z1^2 -compute A = 2((X1 + Z1)^2 - XX - ZZ) -compute aZZ = a ZZ -compute b2ZZ = b2 ZZ -compute X3 = (XX - aZZ)^2 - A b2ZZ -compute Z3 = A (XX + aZZ) + 2 b2ZZ ZZ diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2.op3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2.op3 deleted file mode 100644 index d7a6d24..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-2.op3 +++ /dev/null @@ -1,18 +0,0 @@ -XX = X1^2 -ZZ = Z1^2 -t0 = X1+Z1 -t1 = t0^2 -t2 = t1-XX -t3 = t2-ZZ -A = 2*t3 -aZZ = a*ZZ -b2ZZ = b2*ZZ -t4 = XX-aZZ -t5 = t4^2 -t6 = A*b2ZZ -X3 = t5-t6 -t7 = XX+aZZ -t8 = b2ZZ*ZZ -t9 = 2*t8 -t10 = A*t7 -Z3 = t10+t9 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3 deleted file mode 100644 index 92df1c3..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3 +++ /dev/null @@ -1,11 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formula (10) accompanied by note "7 multiplications plus 2 multiplications by a constant", plus common-subexpression elimination emphasizing squaring -parameter b2 -assume b2 = 2*b -parameter b4 -assume b4 = 4*b -compute XX = X1^2 -compute ZZ = Z1^2 -compute A = 2((X1 + Z1)^2 - XX - ZZ) -compute aZZ = a ZZ -compute X3 = (XX - aZZ)^2 - b2 A ZZ -compute Z3 = A (XX + aZZ) + b4 ZZ^2 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3.op3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3.op3 deleted file mode 100644 index 1e1c6d5..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj-3.op3 +++ /dev/null @@ -1,18 +0,0 @@ -XX = X1^2 -ZZ = Z1^2 -t0 = X1+Z1 -t1 = t0^2 -t2 = t1-XX -t3 = t2-ZZ -A = 2*t3 -aZZ = a*ZZ -t4 = XX-aZZ -t5 = t4^2 -t6 = A*ZZ -t7 = b2*t6 -X3 = t5-t7 -t8 = XX+aZZ -t9 = ZZ^2 -t10 = b4*t9 -t11 = A*t8 -Z3 = t11+t10 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj.op3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj.op3 deleted file mode 100644 index 7f00d4b..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-bj.op3 +++ /dev/null @@ -1,20 +0,0 @@ -t0 = X1^2 -t1 = Z1^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z1^3 -t6 = X1*t5 -t7 = b*t6 -t8 = 8*t7 -X3 = t4-t8 -t9 = X1^3 -t10 = Z1^2 -t11 = Z1^3 -t12 = b*t11 -t13 = X1*t10 -t14 = a*t13 -t15 = t9+t14 -t16 = t15+t12 -t17 = Z1*t16 -Z3 = 4*t17 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it deleted file mode 100644 index 710ad0f..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it +++ /dev/null @@ -1,3 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formula (10) -compute X3 = (X1^2 - a Z1^2)^2 - 8 b X1 Z1^3 -compute Z3 = 4(X1 Z1(X1^2 + a Z1^2) + b Z1^4) diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2 deleted file mode 100644 index a47af40..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", page 296, Formula 3 -compute T1 = X1^2 -compute T2 = Z1^2 -compute T3 = a T2 -compute T4 = T1 - T3 -compute T5 = T4^2 -compute T6 = b T2 -compute T7 = X1 Z1 -compute T8 = T6 T7 -compute T9 = 8 T8 -compute X3 = T5 - T9 -compute T10 = T1 + T3 -compute T11 = T7 T10 -compute T12 = T6 T2 -compute T13 = T11 + T12 -compute Z3 = 4 T13 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2.op3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2.op3 deleted file mode 100644 index 78a9b84..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it-2.op3 +++ /dev/null @@ -1,15 +0,0 @@ -T1 = X1^2 -T2 = Z1^2 -T3 = a*T2 -T4 = T1-T3 -T5 = T4^2 -T6 = b*T2 -T7 = X1*Z1 -T8 = T6*T7 -T9 = 8*T8 -X3 = T5-T9 -T10 = T1+T3 -T11 = T7*T10 -T12 = T6*T2 -T13 = T11+T12 -Z3 = 4*T13 diff --git a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it.op3 b/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it.op3 deleted file mode 100644 index d0dd925..0000000 --- a/pyecsca/ec/efd/shortw/xz/doubling/dbl-2002-it.op3 +++ /dev/null @@ -1,20 +0,0 @@ -t0 = X1^2 -t1 = Z1^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z1^3 -t6 = X1*t5 -t7 = b*t6 -t8 = 8*t7 -X3 = t4-t8 -t9 = X1^2 -t10 = Z1^2 -t11 = a*t10 -t12 = t9+t11 -t13 = Z1^4 -t14 = b*t13 -t15 = Z1*t12 -t16 = X1*t15 -t17 = t16+t14 -Z3 = 4*t17 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it deleted file mode 100644 index 8706cdc..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it +++ /dev/null @@ -1,5 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (8) and (10) -compute X4 = (X2^2 - a Z2^2)^2 - 8 b X2 Z2^3 -compute Z4 = 4(X2 Z2(X2^2 + a Z2^2) + b Z2^4) -compute X5 = Z1 ((X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3(X2 Z3 + X3 Z2)) -compute Z5 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2 deleted file mode 100644 index 801b39d..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2 +++ /dev/null @@ -1,7 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10) -compute X4 = (X2^2 - a Z2^2)^2 - 8 b X2 Z2^3 -compute Z4 = 4(X2 Z2(X2^2 + a Z2^2) + b Z2^4) -compute R = 2(X2 Z3 + X3 Z2)(X2 X3 + a Z2 Z3) + 4 b Z2^2 Z3^2 -compute S = (X2 Z3 - X3 Z2)^2 -compute X5 = R Z1 - S X1 -compute Z5 = S Z1 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2.op3 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2.op3 deleted file mode 100644 index 24b1621..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-2.op3 +++ /dev/null @@ -1,43 +0,0 @@ -t0 = X2^2 -t1 = Z2^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z2^3 -t6 = X2*t5 -t7 = b*t6 -t8 = 8*t7 -X4 = t4-t8 -t9 = X2^2 -t10 = Z2^2 -t11 = a*t10 -t12 = t9+t11 -t13 = Z2^4 -t14 = b*t13 -t15 = Z2*t12 -t16 = X2*t15 -t17 = t16+t14 -Z4 = 4*t17 -t18 = Z2*Z3 -t19 = a*t18 -t20 = X2*X3 -t21 = X3*Z2 -t22 = X2*Z3 -t23 = t22+t21 -t24 = t20+t19 -t25 = Z2^2 -t26 = Z3^2 -t27 = t25*t26 -t28 = b*t27 -t29 = 4*t28 -t30 = t23*t24 -t31 = 2*t30 -R = t31+t29 -t32 = X3*Z2 -t33 = X2*Z3 -t34 = t33-t32 -S = t34^2 -t35 = S*X1 -t36 = R*Z1 -X5 = t36-t35 -Z5 = S*Z1 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3 deleted file mode 100644 index 666fbde..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3 +++ /dev/null @@ -1,15 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (8) and (10), plus common-subexpression elimination -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute aZZ = a ZZ -compute E = (X2 + Z2)^2 - XX - ZZ -compute X4 = (XX - aZZ)^2 - b4 E ZZ -compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = X3 Z2 -compute X5 = Z1 ((A - a B)^2 - b4 B(C + D)) -compute Z5 = X1 (C - D)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3.op3 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3.op3 deleted file mode 100644 index edb336f..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-3.op3 +++ /dev/null @@ -1,33 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -aZZ = a*ZZ -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -E = t2-ZZ -t3 = XX-aZZ -t4 = t3^2 -t5 = E*ZZ -t6 = b4*t5 -X4 = t4-t6 -t7 = XX+aZZ -t8 = ZZ^2 -t9 = b4*t8 -t10 = E*t7 -t11 = 2*t10 -Z4 = t11+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = X3*Z2 -t12 = a*B -t13 = A-t12 -t14 = C+D -t15 = t13^2 -t16 = B*t14 -t17 = b4*t16 -t18 = t15-t17 -X5 = Z1*t18 -t19 = C-D -t20 = t19^2 -Z5 = X1*t20 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4 deleted file mode 100644 index 1eeadc1..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4 +++ /dev/null @@ -1,17 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10), plus common-subexpression elimination -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute aZZ = a ZZ -compute E = (X2 + Z2)^2 - XX - ZZ -compute X4 = (XX - aZZ)^2 - b4 E ZZ -compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = X3 Z2 -compute R = 2(C + D)(A + a B) + b4 B^2 -compute S = (C - D)^2 -compute X5 = R Z1 - S X1 -compute Z5 = S Z1 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4.op3 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4.op3 deleted file mode 100644 index a6f7646..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it-4.op3 +++ /dev/null @@ -1,36 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -aZZ = a*ZZ -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -E = t2-ZZ -t3 = XX-aZZ -t4 = t3^2 -t5 = E*ZZ -t6 = b4*t5 -X4 = t4-t6 -t7 = XX+aZZ -t8 = ZZ^2 -t9 = b4*t8 -t10 = E*t7 -t11 = 2*t10 -Z4 = t11+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = X3*Z2 -t12 = a*B -t13 = C+D -t14 = A+t12 -t15 = B^2 -t16 = b4*t15 -t17 = t13*t14 -t18 = 2*t17 -R = t18+t16 -t19 = C-D -S = t19^2 -t20 = S*X1 -t21 = R*Z1 -X5 = t21-t20 -Z5 = S*Z1 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it.op3 b/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it.op3 deleted file mode 100644 index 35167e1..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/ladd-2002-it.op3 +++ /dev/null @@ -1,39 +0,0 @@ -t0 = X2^2 -t1 = Z2^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z2^3 -t6 = X2*t5 -t7 = b*t6 -t8 = 8*t7 -X4 = t4-t8 -t9 = X2^2 -t10 = Z2^2 -t11 = a*t10 -t12 = t9+t11 -t13 = Z2^4 -t14 = b*t13 -t15 = Z2*t12 -t16 = X2*t15 -t17 = t16+t14 -Z4 = 4*t17 -t18 = X3*Z2 -t19 = X2*Z3 -t20 = Z2*Z3 -t21 = a*t20 -t22 = X2*X3 -t23 = t22-t21 -t24 = t19+t18 -t25 = t23^2 -t26 = Z3*t24 -t27 = Z2*t26 -t28 = b*t27 -t29 = 4*t28 -t30 = t25-t29 -X5 = Z1*t30 -t31 = X3*Z2 -t32 = X2*Z3 -t33 = t32-t31 -t34 = t33^2 -Z5 = X1*t34 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj deleted file mode 100644 index 2a79093..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj +++ /dev/null @@ -1,6 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formulas (9) and (10) -assume Z1 = 1 -compute X4 = (X2^2 - a Z2^2)^2 - 8 b X2 Z2^3 -compute Z4 = 4 Z2 (X2^3 + a X2 Z2^2 + b Z2^3) -compute X5 = (X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3 (X2 Z3 + X3 Z2) -compute Z5 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2 deleted file mode 100644 index 1f40019..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2 +++ /dev/null @@ -1,19 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formulas (9) and (10), plus common-subexpression elimination -assume Z1 = 1 -parameter b2 -assume b2 = 2*b -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute E = 2((X2 + Z2)^2 - XX - ZZ) -compute aZZ = a ZZ -compute b2ZZ = b2 ZZ -compute X4 = (XX - aZZ)^2 - E b2ZZ -compute Z4 = E (XX + aZZ) + 2 b2ZZ ZZ -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = Z2 X3 -compute X5 = (A - a B)^2 - b4 B (C + D) -compute Z5 = X1 (C - D)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2.op3 deleted file mode 100644 index ae68dbf..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-2.op3 +++ /dev/null @@ -1,32 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -t3 = t2-ZZ -E = 2*t3 -aZZ = a*ZZ -b2ZZ = b2*ZZ -t4 = XX-aZZ -t5 = t4^2 -t6 = E*b2ZZ -X4 = t5-t6 -t7 = XX+aZZ -t8 = b2ZZ*ZZ -t9 = 2*t8 -t10 = E*t7 -Z4 = t10+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = Z2*X3 -t11 = a*B -t12 = A-t11 -t13 = C+D -t14 = t12^2 -t15 = B*t13 -t16 = b4*t15 -X5 = t14-t16 -t17 = C-D -t18 = t17^2 -Z5 = X1*t18 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3 deleted file mode 100644 index 29838e8..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3 +++ /dev/null @@ -1,18 +0,0 @@ -source 2002 Brier--Joye "Weierstrass elliptic curves and side-channel attacks", formulas (9) and (10), plus common-subexpression elimination emphasizing squarings -assume Z1 = 1 -parameter b2 -assume b2 = 2*b -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute E = 2((X2 + Z2)^2 - XX - ZZ) -compute aZZ = a ZZ -compute X4 = (XX - aZZ)^2 - b2 E ZZ -compute Z4 = E (XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = Z2 X3 -compute X5 = (A - a B)^2 - b4 B (C + D) -compute Z5 = X1 (C - D)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3.op3 deleted file mode 100644 index 05c5847..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj-3.op3 +++ /dev/null @@ -1,32 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -t3 = t2-ZZ -E = 2*t3 -aZZ = a*ZZ -t4 = XX-aZZ -t5 = t4^2 -t6 = E*ZZ -t7 = b2*t6 -X4 = t5-t7 -t8 = XX+aZZ -t9 = ZZ^2 -t10 = b4*t9 -t11 = E*t8 -Z4 = t11+t10 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = Z2*X3 -t12 = a*B -t13 = A-t12 -t14 = C+D -t15 = t13^2 -t16 = B*t14 -t17 = b4*t16 -X5 = t15-t17 -t18 = C-D -t19 = t18^2 -Z5 = X1*t19 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj.op3 deleted file mode 100644 index 676a9d1..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-bj.op3 +++ /dev/null @@ -1,38 +0,0 @@ -t0 = X2^2 -t1 = Z2^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z2^3 -t6 = X2*t5 -t7 = b*t6 -t8 = 8*t7 -X4 = t4-t8 -t9 = X2^3 -t10 = Z2^2 -t11 = Z2^3 -t12 = b*t11 -t13 = X2*t10 -t14 = a*t13 -t15 = t9+t14 -t16 = t15+t12 -t17 = Z2*t16 -Z4 = 4*t17 -t18 = X3*Z2 -t19 = X2*Z3 -t20 = Z2*Z3 -t21 = a*t20 -t22 = X2*X3 -t23 = t22-t21 -t24 = t19+t18 -t25 = t23^2 -t26 = Z3*t24 -t27 = Z2*t26 -t28 = b*t27 -t29 = 4*t28 -X5 = t25-t29 -t30 = X3*Z2 -t31 = X2*Z3 -t32 = t31-t30 -t33 = t32^2 -Z5 = X1*t33 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it deleted file mode 100644 index d42d303..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it +++ /dev/null @@ -1,6 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (8) and (10), plus assumption Z1 = 1 -assume Z1 = 1 -compute X4 = (X2^2 - a Z2^2)^2 - 8 b X2 Z2^3 -compute Z4 = 4(X2 Z2(X2^2 + a Z2^2) + b Z2^4) -compute X5 = ((X2 X3 - a Z2 Z3)^2 - 4 b Z2 Z3(X2 Z3 + X3 Z2)) -compute Z5 = X1 (X2 Z3 - X3 Z2)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2 deleted file mode 100644 index be1e142..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2 +++ /dev/null @@ -1,8 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10), plus assumption Z1 = 1 -assume Z1 = 1 -compute X4 = (X2^2 - a Z2^2)^2 - 8 b X2 Z2^3 -compute Z4 = 4(X2 Z2(X2^2 + a Z2^2) + b Z2^4) -compute R = 2(X2 Z3 + X3 Z2)(X2 X3 + a Z2 Z3) + 4 b Z2^2 Z3^2 -compute S = (X2 Z3 - X3 Z2)^2 -compute X5 = R - S X1 -compute Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2.op3 deleted file mode 100644 index d17f4fe..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-2.op3 +++ /dev/null @@ -1,42 +0,0 @@ -t0 = X2^2 -t1 = Z2^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z2^3 -t6 = X2*t5 -t7 = b*t6 -t8 = 8*t7 -X4 = t4-t8 -t9 = X2^2 -t10 = Z2^2 -t11 = a*t10 -t12 = t9+t11 -t13 = Z2^4 -t14 = b*t13 -t15 = Z2*t12 -t16 = X2*t15 -t17 = t16+t14 -Z4 = 4*t17 -t18 = Z2*Z3 -t19 = a*t18 -t20 = X2*X3 -t21 = X3*Z2 -t22 = X2*Z3 -t23 = t22+t21 -t24 = t20+t19 -t25 = Z2^2 -t26 = Z3^2 -t27 = t25*t26 -t28 = b*t27 -t29 = 4*t28 -t30 = t23*t24 -t31 = 2*t30 -R = t31+t29 -t32 = X3*Z2 -t33 = X2*Z3 -t34 = t33-t32 -S = t34^2 -t35 = S*X1 -X5 = R-t35 -Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3 deleted file mode 100644 index 71a49ee..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3 +++ /dev/null @@ -1,16 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (8) and (10), plus common-subexpression elimination, plus assumption Z1=1 -assume Z1 = 1 -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute aZZ = a ZZ -compute E = (X2 + Z2)^2 - XX - ZZ -compute X4 = (XX - aZZ)^2 - b4 E ZZ -compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = X3 Z2 -compute X5 = (A - a B)^2 - b4 B(C + D) -compute Z5 = X1 (C - D)^2 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3.op3 deleted file mode 100644 index d15c7ce..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-3.op3 +++ /dev/null @@ -1,32 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -aZZ = a*ZZ -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -E = t2-ZZ -t3 = XX-aZZ -t4 = t3^2 -t5 = E*ZZ -t6 = b4*t5 -X4 = t4-t6 -t7 = XX+aZZ -t8 = ZZ^2 -t9 = b4*t8 -t10 = E*t7 -t11 = 2*t10 -Z4 = t11+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = X3*Z2 -t12 = a*B -t13 = A-t12 -t14 = C+D -t15 = t13^2 -t16 = B*t14 -t17 = b4*t16 -X5 = t15-t17 -t18 = C-D -t19 = t18^2 -Z5 = X1*t19 diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4 deleted file mode 100644 index 96b421c..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4 +++ /dev/null @@ -1,18 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10), plus common-subexpression elimination, plus assumption Z1=1 -assume Z1 = 1 -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute aZZ = a ZZ -compute E = (X2 + Z2)^2 - XX - ZZ -compute X4 = (XX - aZZ)^2 - b4 E ZZ -compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = X3 Z2 -compute R = 2(C + D)(A + a B) + b4 B^2 -compute S = (C - D)^2 -compute X5 = R - S X1 -compute Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4.op3 deleted file mode 100644 index ec7381a..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-4.op3 +++ /dev/null @@ -1,35 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -aZZ = a*ZZ -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -E = t2-ZZ -t3 = XX-aZZ -t4 = t3^2 -t5 = E*ZZ -t6 = b4*t5 -X4 = t4-t6 -t7 = XX+aZZ -t8 = ZZ^2 -t9 = b4*t8 -t10 = E*t7 -t11 = 2*t10 -Z4 = t11+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = X3*Z2 -t12 = a*B -t13 = C+D -t14 = A+t12 -t15 = B^2 -t16 = b4*t15 -t17 = t13*t14 -t18 = 2*t17 -R = t18+t16 -t19 = C-D -S = t19^2 -t20 = S*X1 -X5 = R-t20 -Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5 deleted file mode 100644 index 96b421c..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5 +++ /dev/null @@ -1,18 +0,0 @@ -source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10), plus common-subexpression elimination, plus assumption Z1=1 -assume Z1 = 1 -parameter b4 -assume b4 = 4*b -compute XX = X2^2 -compute ZZ = Z2^2 -compute aZZ = a ZZ -compute E = (X2 + Z2)^2 - XX - ZZ -compute X4 = (XX - aZZ)^2 - b4 E ZZ -compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2 -compute A = X2 X3 -compute B = Z2 Z3 -compute C = X2 Z3 -compute D = X3 Z2 -compute R = 2(C + D)(A + a B) + b4 B^2 -compute S = (C - D)^2 -compute X5 = R - S X1 -compute Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5.op3 deleted file mode 100644 index ec7381a..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it-5.op3 +++ /dev/null @@ -1,35 +0,0 @@ -XX = X2^2 -ZZ = Z2^2 -aZZ = a*ZZ -t0 = X2+Z2 -t1 = t0^2 -t2 = t1-XX -E = t2-ZZ -t3 = XX-aZZ -t4 = t3^2 -t5 = E*ZZ -t6 = b4*t5 -X4 = t4-t6 -t7 = XX+aZZ -t8 = ZZ^2 -t9 = b4*t8 -t10 = E*t7 -t11 = 2*t10 -Z4 = t11+t9 -A = X2*X3 -B = Z2*Z3 -C = X2*Z3 -D = X3*Z2 -t12 = a*B -t13 = C+D -t14 = A+t12 -t15 = B^2 -t16 = b4*t15 -t17 = t13*t14 -t18 = 2*t17 -R = t18+t16 -t19 = C-D -S = t19^2 -t20 = S*X1 -X5 = R-t20 -Z5 = S diff --git a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it.op3 b/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it.op3 deleted file mode 100644 index 57b3f80..0000000 --- a/pyecsca/ec/efd/shortw/xz/ladder/mladd-2002-it.op3 +++ /dev/null @@ -1,38 +0,0 @@ -t0 = X2^2 -t1 = Z2^2 -t2 = a*t1 -t3 = t0-t2 -t4 = t3^2 -t5 = Z2^3 -t6 = X2*t5 -t7 = b*t6 -t8 = 8*t7 -X4 = t4-t8 -t9 = X2^2 -t10 = Z2^2 -t11 = a*t10 -t12 = t9+t11 -t13 = Z2^4 -t14 = b*t13 -t15 = Z2*t12 -t16 = X2*t15 -t17 = t16+t14 -Z4 = 4*t17 -t18 = X3*Z2 -t19 = X2*Z3 -t20 = Z2*Z3 -t21 = a*t20 -t22 = X2*X3 -t23 = t22-t21 -t24 = t19+t18 -t25 = t23^2 -t26 = Z3*t24 -t27 = Z2*t26 -t28 = b*t27 -t29 = 4*t28 -X5 = t25-t29 -t30 = X3*Z2 -t31 = X2*Z3 -t32 = t31-t30 -t33 = t32^2 -Z5 = X1*t33 diff --git a/pyecsca/ec/efd/shortw/xz/variables b/pyecsca/ec/efd/shortw/xz/variables deleted file mode 100644 index 9863a08..0000000 --- a/pyecsca/ec/efd/shortw/xz/variables +++ /dev/null @@ -1,4 +0,0 @@ -name XZ coordinates -variable X -variable Z -satisfying x = X/Z diff --git a/pyecsca/ec/efd/twisted/coordinates b/pyecsca/ec/efd/twisted/coordinates deleted file mode 100644 index bf62fff..0000000 --- a/pyecsca/ec/efd/twisted/coordinates +++ /dev/null @@ -1,25 +0,0 @@ -name twisted Edwards curves -parameter a -parameter d -coordinate x -coordinate y -satisfying a*x^2+y^2 == 1+d*x^2*y^2 -ysquared (a*x^2-1)/(d*x^2-1) -addition x = (x1*y2+y1*x2)/(1+d*x1*x2*y1*y2) -addition y = (y1*y2-a*x1*x2)/(1-d*x1*x2*y1*y2) -doubling x = (x1*y1+y1*x1)/(1+d*x1*x1*y1*y1) -doubling y = (y1*y1-a*x1*x1)/(1-d*x1*x1*y1*y1) -negation x = -x1 -negation y = y1 -neutral x = 0 -neutral y = 1 -toweierstrass u = (1+y)/(1-y) -toweierstrass v = 2*(1+y)/(x(1-y)) -a0 = 1/(a-d) -a1 = 0 -a2 = 4*a/(a-d)-2 -a3 = 0 -a4 = 1 -a6 = 0 -fromweierstrass x = 2*u/v -fromweierstrass y = (u-1)/(u+1) diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd deleted file mode 100644 index 69ebdf3..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd +++ /dev/null @@ -1,14 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute D = Z1 Z2 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = D - C -compute G = D + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2 deleted file mode 100644 index 6f1848d..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2 +++ /dev/null @@ -1,14 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -compute A = X1 X2 -compute B = Y1 Y2 -compute C = Z1 T2 -compute D = T1 Z2 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2.op3 deleted file mode 100644 index 41269cf..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = Z1*T2 -D = T1*Z2 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3 deleted file mode 100644 index 8a95b77..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3 +++ /dev/null @@ -1,17 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -appliesto extended-1 -parameter k -assume k = 2*d -compute A = (Y1-X1)(Y2-X2) -compute B = (Y1+X1)(Y2+X2) -compute C = T1 k T2 -compute D = Z1 2 Z2 -compute E = B - A -compute F = D - C -compute G = D + C -compute H = B + A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3.op3 deleted file mode 100644 index 497c151..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-3.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Y1-X1 -t1 = Y2-X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2+X2 -B = t2*t3 -t4 = k*T2 -C = T1*t4 -t5 = 2*Z2 -D = Z1*t5 -E = B-A -F = D-C -G = D+C -H = B+A -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4 deleted file mode 100644 index f65e73d..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4 +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -appliesto extended-1 -compute A = (Y1-X1)(Y2+X2) -compute B = (Y1+X1)(Y2-X2) -compute C = Z1 2 T2 -compute D = T1 2 Z2 -compute E = D + C -compute F = B - A -compute G = B + A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4.op3 deleted file mode 100644 index af4280c..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd-4.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Y1-X1 -t1 = Y2+X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2-X2 -B = t2*t3 -t4 = 2*T2 -C = Z1*t4 -t5 = 2*Z2 -D = T1*t5 -E = D+C -F = B-A -G = B+A -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd.op3 deleted file mode 100644 index 9374a58..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/add-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -D = Z1*Z2 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = D-C -G = D+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd deleted file mode 100644 index 43efa01..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute D = Z1 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = D - C -compute G = D + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2 deleted file mode 100644 index 410ca20..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2 +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = Z1 T2 -compute D = T1 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2.op3 deleted file mode 100644 index bff3029..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = Z1*T2 -D = T1 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3 deleted file mode 100644 index ea5191d..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3 +++ /dev/null @@ -1,18 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -appliesto extended-1 -assume Z2 = 1 -parameter k -assume k = 2*d -compute A = (Y1-X1)(Y2-X2) -compute B = (Y1+X1)(Y2+X2) -compute C = T1 k T2 -compute D = 2 Z1 -compute E = B - A -compute F = D - C -compute G = D + C -compute H = B + A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3.op3 deleted file mode 100644 index 3ac949e..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-3.op3 +++ /dev/null @@ -1,17 +0,0 @@ -t0 = Y1-X1 -t1 = Y2-X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2+X2 -B = t2*t3 -t4 = k*T2 -C = T1*t4 -D = 2*Z1 -E = B-A -F = D-C -G = D+C -H = B+A -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4 deleted file mode 100644 index 0433523..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4 +++ /dev/null @@ -1,16 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -appliesto extended-1 -assume Z2 = 1 -compute A = (Y1-X1)(Y2+X2) -compute B = (Y1+X1)(Y2-X2) -compute C = Z1 2 T2 -compute D = 2 T1 -compute E = D + C -compute F = B - A -compute G = B + A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4.op3 deleted file mode 100644 index b321c5c..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd-4.op3 +++ /dev/null @@ -1,17 +0,0 @@ -t0 = Y1-X1 -t1 = Y2+X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2-X2 -B = t2*t3 -t4 = 2*T2 -C = Z1*t4 -D = 2*T1 -E = D+C -F = B-A -G = B+A -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd.op3 deleted file mode 100644 index 9c4b5fd..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/madd-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -D = Z1 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = D-C -G = D+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd deleted file mode 100644 index 77f2ef7..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1, plus assumption Z1=1, plus standard simplification -unified -assume Z1 = 1 -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = 1 - C -compute G = 1 + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = 1 - C^2 diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2 deleted file mode 100644 index e8bcf9a..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2, plus assumption Z1=1 -unified -assume Z1 = 1 -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T2 -compute D = T1 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2.op3 deleted file mode 100644 index 66fa350..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = T2 -D = T1 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3 deleted file mode 100644 index 65f488e..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3 +++ /dev/null @@ -1,18 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1, plus assumption Z1=1, plus standard simplification -unified -appliesto extended-1 -assume Z1 = 1 -assume Z2 = 1 -parameter k -assume k = 2*d -compute A = (Y1-X1)(Y2-X2) -compute B = (Y1+X1)(Y2+X2) -compute C = T1 k T2 -compute E = B - A -compute F = 2 - C -compute G = 2 + C -compute H = B + A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = 4 - C^2 diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3.op3 deleted file mode 100644 index 9818971..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-3.op3 +++ /dev/null @@ -1,17 +0,0 @@ -t0 = Y1-X1 -t1 = Y2-X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2+X2 -B = t2*t3 -t4 = k*T2 -C = T1*t4 -E = B-A -F = 2-C -G = 2+C -H = B+A -X3 = E*F -Y3 = G*H -T3 = E*H -t5 = C^2 -Z3 = 4-t5 diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4 deleted file mode 100644 index 1497e39..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4 +++ /dev/null @@ -1,17 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2, plus assumption Z1=1 -unified -appliesto extended-1 -assume Z1 = 1 -assume Z2 = 1 -compute A = (Y1-X1)(Y2+X2) -compute B = (Y1+X1)(Y2-X2) -compute C = 2 T2 -compute D = 2 T1 -compute E = D + C -compute F = B - A -compute G = B + A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4.op3 deleted file mode 100644 index 9b5e383..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd-4.op3 +++ /dev/null @@ -1,16 +0,0 @@ -t0 = Y1-X1 -t1 = Y2+X2 -A = t0*t1 -t2 = Y1+X1 -t3 = Y2-X2 -B = t2*t3 -C = 2*T2 -D = 2*T1 -E = D+C -F = B-A -G = B+A -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd.op3 deleted file mode 100644 index f4bc7f6..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/addition/mmadd-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = 1-C -G = 1+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -t6 = C^2 -Z3 = 1-t6 diff --git a/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd b/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd deleted file mode 100644 index 1c37c7f..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd +++ /dev/null @@ -1,13 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.3 -compute A = X1^2 -compute B = Y1^2 -compute C = 2 Z1^2 -compute D = a A -compute E = (X1+Y1)^2-A-B -compute G = D + B -compute F = G - C -compute H = D - B -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd.op3 deleted file mode 100644 index dc3d945..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/doubling/dbl-2008-hwcd.op3 +++ /dev/null @@ -1,16 +0,0 @@ -A = X1^2 -B = Y1^2 -t0 = Z1^2 -C = 2*t0 -D = a*A -t1 = X1+Y1 -t2 = t1^2 -t3 = t2-A -E = t3-B -G = D+B -F = G-C -H = D-B -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd b/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd deleted file mode 100644 index faf5c42..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.3, plus assumption Z1=1, plus standard simplification -assume Z1 = 1 -compute A = X1^2 -compute B = Y1^2 -compute D = a A -compute E = (X1+Y1)^2-A-B -compute G = D + B -compute H = D - B -compute X3 = E (G - 2) -compute Y3 = G H -compute T3 = E H -compute Z3 = G^2 - 2 G diff --git a/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd.op3 deleted file mode 100644 index c36ded1..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/doubling/mdbl-2008-hwcd.op3 +++ /dev/null @@ -1,16 +0,0 @@ -A = X1^2 -B = Y1^2 -D = a*A -t0 = X1+Y1 -t1 = t0^2 -t2 = t1-A -E = t2-B -G = D+B -H = D-B -t3 = G-2 -X3 = E*t3 -Y3 = G*H -T3 = E*H -t4 = G^2 -t5 = 2*G -Z3 = t4-t5 diff --git a/pyecsca/ec/efd/twisted/extended-1/negation/neg b/pyecsca/ec/efd/twisted/extended-1/negation/neg deleted file mode 100644 index 600f95e..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/negation/neg +++ /dev/null @@ -1,4 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1 -compute T3 = -T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/extended-1/negation/neg.op3 b/pyecsca/ec/efd/twisted/extended-1/negation/neg.op3 deleted file mode 100644 index 7e7a4c1..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1 -T3 = -T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c b/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c deleted file mode 100644 index 7de3ef9..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c +++ /dev/null @@ -1,18 +0,0 @@ -source 2015 Chuengsatiansup -compute YY = Y1^2 -compute aXX = a X1^2 -compute Ap = YY + aXX -compute B = 2(2 Z1^2 - Ap) -compute xB = aXX B -compute yB = YY B -compute AA = Ap (YY - aXX) -compute F = AA - yB -compute G = AA + xB -compute xE = X1 (yB + AA) -compute yH = Y1 (xB - AA) -compute zF = Z1 F -compute zG = Z1 G -compute X3 = xE zF -compute Y3 = yH zG -compute Z3 = zF zG -compute T3 = xE yH diff --git a/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c.op3 b/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c.op3 deleted file mode 100644 index 858abf2..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/tripling/tpl-2015-c.op3 +++ /dev/null @@ -1,24 +0,0 @@ -YY = Y1^2 -t0 = X1^2 -aXX = a*t0 -Ap = YY+aXX -t1 = Z1^2 -t2 = 2*t1 -t3 = t2-Ap -B = 2*t3 -xB = aXX*B -yB = YY*B -t4 = YY-aXX -AA = Ap*t4 -F = AA-yB -G = AA+xB -t5 = yB+AA -xE = X1*t5 -t6 = xB-AA -yH = Y1*t6 -zF = Z1*F -zG = Z1*G -X3 = xE*zF -Y3 = yH*zG -Z3 = zF*zG -T3 = xE*yH diff --git a/pyecsca/ec/efd/twisted/extended-1/variables b/pyecsca/ec/efd/twisted/extended-1/variables deleted file mode 100644 index ba9fb1f..0000000 --- a/pyecsca/ec/efd/twisted/extended-1/variables +++ /dev/null @@ -1,9 +0,0 @@ -name extended coordinates with a=-1 -assume a = -1 -variable X -variable Y -variable Z -variable T -satisfying x = X/Z -satisfying y = Y/Z -satisfying x*y = T/Z diff --git a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd b/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd deleted file mode 100644 index 69ebdf3..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd +++ /dev/null @@ -1,14 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute D = Z1 Z2 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = D - C -compute G = D + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2 deleted file mode 100644 index 6f1848d..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2 +++ /dev/null @@ -1,14 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -compute A = X1 X2 -compute B = Y1 Y2 -compute C = Z1 T2 -compute D = T1 Z2 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2.op3 deleted file mode 100644 index 41269cf..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = Z1*T2 -D = T1*Z2 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd.op3 deleted file mode 100644 index 9374a58..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/add-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -D = Z1*Z2 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = D-C -G = D+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd b/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd deleted file mode 100644 index 43efa01..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1 -unified -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute D = Z1 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = D - C -compute G = D + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2 deleted file mode 100644 index 410ca20..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2 +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2 -unified -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = Z1 T2 -compute D = T1 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2.op3 deleted file mode 100644 index bff3029..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = Z1*T2 -D = T1 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd.op3 deleted file mode 100644 index 9c4b5fd..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/madd-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -D = Z1 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = D-C -G = D+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd b/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd deleted file mode 100644 index 77f2ef7..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd +++ /dev/null @@ -1,15 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.1, plus assumption Z1=1, plus standard simplification -unified -assume Z1 = 1 -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T1 d T2 -compute E = (X1+Y1)(X2+Y2)-A-B -compute F = 1 - C -compute G = 1 + C -compute H = B - a A -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = 1 - C^2 diff --git a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2 b/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2 deleted file mode 100644 index e8bcf9a..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2 +++ /dev/null @@ -1,16 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.2, plus assumption Z1=1 -unified -assume Z1 = 1 -assume Z2 = 1 -compute A = X1 X2 -compute B = Y1 Y2 -compute C = T2 -compute D = T1 -compute E = D + C -compute F = (X1-Y1)(X2+Y2)+B-A -compute G = B + a A -compute H = D - C -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2.op3 b/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2.op3 deleted file mode 100644 index 66fa350..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd-2.op3 +++ /dev/null @@ -1,17 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -C = T2 -D = T1 -E = D+C -t0 = X1-Y1 -t1 = X2+Y2 -t2 = t0*t1 -t3 = t2+B -F = t3-A -t4 = a*A -G = B+t4 -H = D-C -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd.op3 deleted file mode 100644 index f4bc7f6..0000000 --- a/pyecsca/ec/efd/twisted/extended/addition/mmadd-2008-hwcd.op3 +++ /dev/null @@ -1,18 +0,0 @@ -A = X1*X2 -B = Y1*Y2 -t0 = d*T2 -C = T1*t0 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-A -E = t4-B -F = 1-C -G = 1+C -t5 = a*A -H = B-t5 -X3 = E*F -Y3 = G*H -T3 = E*H -t6 = C^2 -Z3 = 1-t6 diff --git a/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd b/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd deleted file mode 100644 index 1c37c7f..0000000 --- a/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd +++ /dev/null @@ -1,13 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.3 -compute A = X1^2 -compute B = Y1^2 -compute C = 2 Z1^2 -compute D = a A -compute E = (X1+Y1)^2-A-B -compute G = D + B -compute F = G - C -compute H = D - B -compute X3 = E F -compute Y3 = G H -compute T3 = E H -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd.op3 deleted file mode 100644 index dc3d945..0000000 --- a/pyecsca/ec/efd/twisted/extended/doubling/dbl-2008-hwcd.op3 +++ /dev/null @@ -1,16 +0,0 @@ -A = X1^2 -B = Y1^2 -t0 = Z1^2 -C = 2*t0 -D = a*A -t1 = X1+Y1 -t2 = t1^2 -t3 = t2-A -E = t3-B -G = D+B -F = G-C -H = D-B -X3 = E*F -Y3 = G*H -T3 = E*H -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd b/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd deleted file mode 100644 index faf5c42..0000000 --- a/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Hisil--Wong--Carter--Dawson, http://eprint.iacr.org/2008/522, Section 3.3, plus assumption Z1=1, plus standard simplification -assume Z1 = 1 -compute A = X1^2 -compute B = Y1^2 -compute D = a A -compute E = (X1+Y1)^2-A-B -compute G = D + B -compute H = D - B -compute X3 = E (G - 2) -compute Y3 = G H -compute T3 = E H -compute Z3 = G^2 - 2 G diff --git a/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd.op3 b/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd.op3 deleted file mode 100644 index c36ded1..0000000 --- a/pyecsca/ec/efd/twisted/extended/doubling/mdbl-2008-hwcd.op3 +++ /dev/null @@ -1,16 +0,0 @@ -A = X1^2 -B = Y1^2 -D = a*A -t0 = X1+Y1 -t1 = t0^2 -t2 = t1-A -E = t2-B -G = D+B -H = D-B -t3 = G-2 -X3 = E*t3 -Y3 = G*H -T3 = E*H -t4 = G^2 -t5 = 2*G -Z3 = t4-t5 diff --git a/pyecsca/ec/efd/twisted/extended/negation/neg b/pyecsca/ec/efd/twisted/extended/negation/neg deleted file mode 100644 index 600f95e..0000000 --- a/pyecsca/ec/efd/twisted/extended/negation/neg +++ /dev/null @@ -1,4 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1 -compute T3 = -T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/extended/negation/neg.op3 b/pyecsca/ec/efd/twisted/extended/negation/neg.op3 deleted file mode 100644 index 7e7a4c1..0000000 --- a/pyecsca/ec/efd/twisted/extended/negation/neg.op3 +++ /dev/null @@ -1,4 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1 -T3 = -T1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c b/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c deleted file mode 100644 index 7de3ef9..0000000 --- a/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c +++ /dev/null @@ -1,18 +0,0 @@ -source 2015 Chuengsatiansup -compute YY = Y1^2 -compute aXX = a X1^2 -compute Ap = YY + aXX -compute B = 2(2 Z1^2 - Ap) -compute xB = aXX B -compute yB = YY B -compute AA = Ap (YY - aXX) -compute F = AA - yB -compute G = AA + xB -compute xE = X1 (yB + AA) -compute yH = Y1 (xB - AA) -compute zF = Z1 F -compute zG = Z1 G -compute X3 = xE zF -compute Y3 = yH zG -compute Z3 = zF zG -compute T3 = xE yH diff --git a/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c.op3 b/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c.op3 deleted file mode 100644 index 858abf2..0000000 --- a/pyecsca/ec/efd/twisted/extended/tripling/tpl-2015-c.op3 +++ /dev/null @@ -1,24 +0,0 @@ -YY = Y1^2 -t0 = X1^2 -aXX = a*t0 -Ap = YY+aXX -t1 = Z1^2 -t2 = 2*t1 -t3 = t2-Ap -B = 2*t3 -xB = aXX*B -yB = YY*B -t4 = YY-aXX -AA = Ap*t4 -F = AA-yB -G = AA+xB -t5 = yB+AA -xE = X1*t5 -t6 = xB-AA -yH = Y1*t6 -zF = Z1*F -zG = Z1*G -X3 = xE*zF -Y3 = yH*zG -Z3 = zF*zG -T3 = xE*yH diff --git a/pyecsca/ec/efd/twisted/extended/variables b/pyecsca/ec/efd/twisted/extended/variables deleted file mode 100644 index 44e4865..0000000 --- a/pyecsca/ec/efd/twisted/extended/variables +++ /dev/null @@ -1,8 +0,0 @@ -name extended coordinates -variable X -variable Y -variable Z -variable T -satisfying x = X/Z -satisfying y = Y/Z -satisfying x*y = T/Z diff --git a/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp b/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp deleted file mode 100644 index ed221e4..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, Section 6 -unified -compute A = Z1 Z2 -compute B = d A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C - a D -compute I = (X1 + Y1)(X2 + Y2) - C - D -compute X3 = (E + B) H -compute Y3 = (E - B) I -compute Z3 = A H I diff --git a/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp.op3 deleted file mode 100644 index 236478a..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/add-2008-bbjlp.op3 +++ /dev/null @@ -1,19 +0,0 @@ -A = Z1*Z2 -t0 = A^2 -B = d*t0 -C = X1*X2 -D = Y1*Y2 -E = C*D -t1 = a*D -H = C-t1 -t2 = X1+Y1 -t3 = X2+Y2 -t4 = t2*t3 -t5 = t4-C -I = t5-D -t6 = E+B -X3 = t6*H -t7 = E-B -Y3 = t7*I -t8 = H*I -Z3 = A*t8 diff --git a/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp b/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp deleted file mode 100644 index 66abd07..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, Section 6, plus Z2=1, plus common-subexpression elimination -unified -assume Z2 = 1 -compute B = d Z1^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C - a D -compute I = (X1 + Y1)(X2 + Y2) - C - D -compute X3 = (E + B) H -compute Y3 = (E - B) I -compute Z3 = Z1 H I diff --git a/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp.op3 deleted file mode 100644 index 05075c2..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/madd-2008-bbjlp.op3 +++ /dev/null @@ -1,18 +0,0 @@ -t0 = Z1^2 -B = d*t0 -C = X1*X2 -D = Y1*Y2 -E = C*D -t1 = a*D -H = C-t1 -t2 = X1+Y1 -t3 = X2+Y2 -t4 = t2*t3 -t5 = t4-C -I = t5-D -t6 = E+B -X3 = t6*H -t7 = E-B -Y3 = t7*I -t8 = H*I -Z3 = Z1*t8 diff --git a/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp b/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp deleted file mode 100644 index 5a0685e..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, Section 6, plus Z2=1, plus Z1=1, plus common-subexpression elimination -unified -assume Z1 = 1 -assume Z2 = 1 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = C D -compute H = C - a D -compute I = (X1 + Y1)(X2 + Y2) - C - D -compute X3 = (E + d) H -compute Y3 = (E - d) I -compute Z3 = H I diff --git a/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp.op3 deleted file mode 100644 index fe012af..0000000 --- a/pyecsca/ec/efd/twisted/inverted/addition/mmadd-2008-bbjlp.op3 +++ /dev/null @@ -1,15 +0,0 @@ -C = X1*X2 -D = Y1*Y2 -E = C*D -t0 = a*D -H = C-t0 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -I = t4-D -t5 = E+d -X3 = t5*H -t6 = E-d -Y3 = t6*I -Z3 = H*I diff --git a/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp b/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp deleted file mode 100644 index ca82407..0000000 --- a/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, Section 6 -parameter d2 -assume d2 = 2*d -compute A = X1^2 -compute B = Y1^2 -compute U = a B -compute C = A + U -compute D = A - U -compute E = (X1 + Y1)^2 - A - B -compute X3 = C D -compute Y3 = E (C - d2 Z1^2) -compute Z3 = D E diff --git a/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp.op3 deleted file mode 100644 index 0a19ffe..0000000 --- a/pyecsca/ec/efd/twisted/inverted/doubling/dbl-2008-bbjlp.op3 +++ /dev/null @@ -1,15 +0,0 @@ -A = X1^2 -B = Y1^2 -U = a*B -C = A+U -D = A-U -t0 = X1+Y1 -t1 = t0^2 -t2 = t1-A -E = t2-B -X3 = C*D -t3 = Z1^2 -t4 = d2*t3 -t5 = C-t4 -Y3 = E*t5 -Z3 = D*E diff --git a/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp b/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp deleted file mode 100644 index b3fbf0b..0000000 --- a/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp +++ /dev/null @@ -1,13 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, Section 6, plus Z1=1 -assume Z1 = 1 -parameter d2 -assume d2 = 2*d -compute A = X1^2 -compute B = Y1^2 -compute U = a B -compute C = A + U -compute D = A - U -compute E = (X1 + Y1)^2 - A - B -compute X3 = C D -compute Y3 = E (C - d2) -compute Z3 = D E diff --git a/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp.op3 deleted file mode 100644 index 659aaf4..0000000 --- a/pyecsca/ec/efd/twisted/inverted/doubling/mdbl-2008-bbjlp.op3 +++ /dev/null @@ -1,13 +0,0 @@ -A = X1^2 -B = Y1^2 -U = a*B -C = A+U -D = A-U -t0 = X1+Y1 -t1 = t0^2 -t2 = t1-A -E = t2-B -X3 = C*D -t3 = C-d2 -Y3 = E*t3 -Z3 = D*E diff --git a/pyecsca/ec/efd/twisted/inverted/negation/neg b/pyecsca/ec/efd/twisted/inverted/negation/neg deleted file mode 100644 index b0e7acd..0000000 --- a/pyecsca/ec/efd/twisted/inverted/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/inverted/negation/neg.op3 b/pyecsca/ec/efd/twisted/inverted/negation/neg.op3 deleted file mode 100644 index 36cb8c8..0000000 --- a/pyecsca/ec/efd/twisted/inverted/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/inverted/variables b/pyecsca/ec/efd/twisted/inverted/variables deleted file mode 100644 index 97014ad..0000000 --- a/pyecsca/ec/efd/twisted/inverted/variables +++ /dev/null @@ -1,6 +0,0 @@ -name inverted coordinates -variable X -variable Y -variable Z -satisfying x = Z/X -satisfying y = Z/Y diff --git a/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp b/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp deleted file mode 100644 index 01be983..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013 Section 6 -unified -compute A = Z1 Z2 -compute B = A^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute F = B-E -compute G = B+E -compute X3 = A F ((X1+Y1)(X2+Y2)-C-D) -compute Y3 = A G (D-a C) -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp.op3 deleted file mode 100644 index 6ea2404..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/add-2008-bbjlp.op3 +++ /dev/null @@ -1,20 +0,0 @@ -A = Z1*Z2 -B = A^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -F = B-E -G = B+E -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -t5 = t4-D -t6 = F*t5 -X3 = A*t6 -t7 = a*C -t8 = D-t7 -t9 = G*t8 -Y3 = A*t9 -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp b/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp deleted file mode 100644 index f13cf42..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp +++ /dev/null @@ -1,12 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013 Section 6, plus Z2=1, plus common-subexpression elimination -unified -assume Z2 = 1 -compute B = Z1^2 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute F = B-E -compute G = B+E -compute X3 = Z1 F ((X1+Y1)(X2+Y2)-C-D) -compute Y3 = Z1 G (D-a C) -compute Z3 = F G diff --git a/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp.op3 deleted file mode 100644 index 68e4356..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/madd-2008-bbjlp.op3 +++ /dev/null @@ -1,19 +0,0 @@ -B = Z1^2 -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -F = B-E -G = B+E -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = t3-C -t5 = t4-D -t6 = F*t5 -X3 = Z1*t6 -t7 = a*C -t8 = D-t7 -t9 = G*t8 -Y3 = Z1*t9 -Z3 = F*G diff --git a/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp b/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp deleted file mode 100644 index 85d2f8b..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp +++ /dev/null @@ -1,10 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013 Section 6, plus Z2=1, plus Z1=1, plus standard simplification -unified -assume Z1 = 1 -assume Z2 = 1 -compute C = X1 X2 -compute D = Y1 Y2 -compute E = d C D -compute X3 = (1-E) ((X1+Y1)(X2+Y2)-C-D) -compute Y3 = (1+E) (D-a C) -compute Z3 = 1-E^2 diff --git a/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp.op3 deleted file mode 100644 index dc0a2a1..0000000 --- a/pyecsca/ec/efd/twisted/projective/addition/mmadd-2008-bbjlp.op3 +++ /dev/null @@ -1,17 +0,0 @@ -C = X1*X2 -D = Y1*Y2 -t0 = C*D -E = d*t0 -t1 = X1+Y1 -t2 = X2+Y2 -t3 = t1*t2 -t4 = 1-E -t5 = t3-C -t6 = t5-D -X3 = t4*t6 -t7 = a*C -t8 = 1+E -t9 = D-t7 -Y3 = t8*t9 -t10 = E^2 -Z3 = 1-t10 diff --git a/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp b/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp deleted file mode 100644 index 1177262..0000000 --- a/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp +++ /dev/null @@ -1,11 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013 -compute B = (X1+Y1)^2 -compute C = X1^2 -compute D = Y1^2 -compute E = a C -compute F = E + D -compute H = Z1^2 -compute J = F - 2 H -compute X3 = (B-C-D)J -compute Y3 = F(E-D) -compute Z3 = F J diff --git a/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp.op3 deleted file mode 100644 index ac265b5..0000000 --- a/pyecsca/ec/efd/twisted/projective/doubling/dbl-2008-bbjlp.op3 +++ /dev/null @@ -1,15 +0,0 @@ -t0 = X1+Y1 -B = t0^2 -C = X1^2 -D = Y1^2 -E = a*C -F = E+D -H = Z1^2 -t1 = 2*H -J = F-t1 -t2 = B-C -t3 = t2-D -X3 = t3*J -t4 = E-D -Y3 = F*t4 -Z3 = F*J diff --git a/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp b/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp deleted file mode 100644 index a057621..0000000 --- a/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp +++ /dev/null @@ -1,10 +0,0 @@ -source 2008 Bernstein--Birkner--Joye--Lange--Peters http://eprint.iacr.org/2008/013, plus Z1=1, plus standard simplification -assume Z1 = 1 -compute B = (X1+Y1)^2 -compute C = X1^2 -compute D = Y1^2 -compute E = a C -compute F = E + D -compute X3 = (B-C-D)(F-2) -compute Y3 = F(E-D) -compute Z3 = F^2-2 F diff --git a/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp.op3 b/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp.op3 deleted file mode 100644 index dff3391..0000000 --- a/pyecsca/ec/efd/twisted/projective/doubling/mdbl-2008-bbjlp.op3 +++ /dev/null @@ -1,15 +0,0 @@ -t0 = X1+Y1 -B = t0^2 -C = X1^2 -D = Y1^2 -E = a*C -F = E+D -t1 = B-C -t2 = t1-D -t3 = F-2 -X3 = t2*t3 -t4 = E-D -Y3 = F*t4 -t5 = F^2 -t6 = 2*F -Z3 = t5-t6 diff --git a/pyecsca/ec/efd/twisted/projective/negation/neg b/pyecsca/ec/efd/twisted/projective/negation/neg deleted file mode 100644 index b0e7acd..0000000 --- a/pyecsca/ec/efd/twisted/projective/negation/neg +++ /dev/null @@ -1,3 +0,0 @@ -compute X3 = -X1 -compute Y3 = Y1 -compute Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/projective/negation/neg.op3 b/pyecsca/ec/efd/twisted/projective/negation/neg.op3 deleted file mode 100644 index 36cb8c8..0000000 --- a/pyecsca/ec/efd/twisted/projective/negation/neg.op3 +++ /dev/null @@ -1,3 +0,0 @@ -X3 = -X1 -Y3 = Y1 -Z3 = Z1
\ No newline at end of file diff --git a/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c b/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c deleted file mode 100644 index c3870d2..0000000 --- a/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c +++ /dev/null @@ -1,13 +0,0 @@ -source 2015 Chuengsatiansup -compute YY = Y1^2 -compute aXX = a X1^2 -compute Ap = YY + aXX -compute B = 2(2 Z1^2 - Ap) -compute xB = aXX B -compute yB = YY B -compute AA = Ap (YY - aXX) -compute F = AA - yB -compute G = AA + xB -compute X3 = X1 (yB + AA) F -compute Y3 = Y1 (xB - AA) G -compute Z3 = Z1 F G diff --git a/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c.op3 b/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c.op3 deleted file mode 100644 index fadf02f..0000000 --- a/pyecsca/ec/efd/twisted/projective/tripling/tpl-2015-c.op3 +++ /dev/null @@ -1,22 +0,0 @@ -YY = Y1^2 -t0 = X1^2 -aXX = a*t0 -Ap = YY+aXX -t1 = Z1^2 -t2 = 2*t1 -t3 = t2-Ap -B = 2*t3 -xB = aXX*B -yB = YY*B -t4 = YY-aXX -AA = Ap*t4 -F = AA-yB -G = AA+xB -t5 = yB+AA -t6 = t5*F -X3 = X1*t6 -t7 = xB-AA -t8 = t7*G -Y3 = Y1*t8 -t9 = F*G -Z3 = Z1*t9 diff --git a/pyecsca/ec/efd/twisted/projective/variables b/pyecsca/ec/efd/twisted/projective/variables deleted file mode 100644 index 9c6045b..0000000 --- a/pyecsca/ec/efd/twisted/projective/variables +++ /dev/null @@ -1,6 +0,0 @@ -name projective coordinates -variable X -variable Y -variable Z -satisfying x = X/Z -satisfying y = Y/Z |