diff options
| -rw-r--r-- | docs/libraries.rst | 16 | ||||
| -rw-r--r-- | test/data/formulas/ladd-botan-x25519 | 4 | ||||
| -rw-r--r-- | test/data/formulas/ladd-botan-x25519.op3 | 18 | ||||
| -rw-r--r-- | test/sca/test_structural.py | 7 |
4 files changed, 41 insertions, 4 deletions
diff --git a/docs/libraries.rst b/docs/libraries.rst index 74e2051..63a8c66 100644 --- a/docs/libraries.rst +++ b/docs/libraries.rst @@ -315,6 +315,11 @@ X25519 ^^^^^^ Based on curve25519_donna. + - Montgomery + - Montgomery ladder (unrolled several iterations) + - xz + - Unknown formula: `ladd-botan-x25519 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/ladd-botan-x25519.op3>`__ + Ed25519 ^^^^^^^ Based on ref10 of Ed25519. @@ -784,7 +789,7 @@ Derive: - Montgomery - Montgomery ladder via ``ossl_x25519 -> x25519_scalar_mult`` - xz coords - - Unknown ladder formula. + - Unknown ladder formula: `ladd-openssl-x25519 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/ladd-openssl-x25519.op3>`__ Ed25519 ^^^^^^^ @@ -921,7 +926,7 @@ KeyGen: Derive: - Uses GLV decomposition and `interleaving with width-5 NAFs <https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/ecmult_const_impl.h#L133>`__ via ``secp256k1_ecdh -> secp256k1_ecmult_const``. - Addition same as in Keygen. - - Unknown doubling: `dbl-secp256k1-v040 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/dbl-secp256k1-v040>`__ (via ```secp256k1_gej_double`` <https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/group_impl.h#L406>`__) + - Unknown doubling: `dbl-secp256k1-v040 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/dbl-secp256k1-v040>`__ (via `secp256k1_gej_double <https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/group_impl.h#L406>`__) ECDSA ^^^^^ @@ -1149,7 +1154,7 @@ KeyGen: - Twisted-Edwards - Double and add always - Extended coords - - Some HWCD formulas. + - Unknown formulas: `add-sunec-v21-ed25519 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/add-sunec-v21-ed25519.op3>`__, `dbl-sunec-v21-ed25519 <https://github.com/J08nY/pyecsca/blob/master/test/data/formulas/dbl-sunec-v21-ed25519.op3>`__ Sign: - Same as KeyGen. @@ -1174,10 +1179,13 @@ ECDH ^^^^ KeyGen: + - Short-Weierstrass - `Fixed window (w=4) <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L412>`__ (link points to P-224, but others are the same) via ``privateKeyToPublicKey -> ScalarBaseMult`` - - Projective `add-2015-rcb <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L215>`__ + - Projective + - `add-2015-rcb <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L215>`__, `dbl-2015-rcb <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L270>`__ Derive: + - Short-Weierstrass - `Fixed window (w=4) <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L342>`__ via ``ecdh -> ScalarMult``. - Same formulas as in Keygen. diff --git a/test/data/formulas/ladd-botan-x25519 b/test/data/formulas/ladd-botan-x25519 new file mode 100644 index 0000000..ae1571d --- /dev/null +++ b/test/data/formulas/ladd-botan-x25519 @@ -0,0 +1,4 @@ +source Botan 3.2.0 https://github.com/randombit/botan/blob/3.2.0/src/lib/pubkey/curve25519/donna.cpp#L299 +coords xz +parameter am24 +assume am24 = (a-2)/4 diff --git a/test/data/formulas/ladd-botan-x25519.op3 b/test/data/formulas/ladd-botan-x25519.op3 new file mode 100644 index 0000000..b375514 --- /dev/null +++ b/test/data/formulas/ladd-botan-x25519.op3 @@ -0,0 +1,18 @@ +Z1new = X2 - Z2 +X1new = X2 + Z2 +Z2new = X3 - Z3 +X2new = X3 + Z3 +xxprime = X2new * Z1new +zzprime = Z2new * X1new +zzprime_new = xxprime - zzprime +xxprime_new = xxprime + zzprime +X5 = xxprime_new^2 +zzzprime = zzprime_new^2 +Z5 = zzzprime * X1 +xx = X1new^2 +zz = Z1new^2 +X4 = xx * zz +zz = xx - zz +zzz = zz * am24 +zzz = zzz + xx +Z4 = zz * zzz diff --git a/test/sca/test_structural.py b/test/sca/test_structural.py index b323f58..970e4fc 100644 --- a/test/sca/test_structural.py +++ b/test/sca/test_structural.py @@ -238,6 +238,13 @@ def test_formula_similarity(secp128r1): ("other", "Curve25519"), DoublingEFDFormula, ], + [ + "ladd-botan-x25519", + MontgomeryModel, + "xz", + ("other", "Curve25519"), + LadderEFDFormula, + ], ], ) def test_formula_correctness(name, model, coords, param_spec, formula_type): |