12 files changed, 325 insertions, 5 deletions

diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb
new file mode 100644
index 0000000..e4d0c32
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb
@@ -0,0 +1,45 @@
+source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (4)
+unified
+compute t0 = X1 X2
+compute t1 = Y1 Y2
+compute t2 = Z1 Z2
+compute t3 = X1 + Y1
+compute t4 = X2 + Y2
+compute t3 = t3 t4
+compute t4 = t0 + t1
+compute t3 = t3 - t4
+compute t4 = Y1 + Z1
+compute X3 = Y2 + Z2
+compute t4 = t4 * X3
+compute X3 = t1 + t2
+compute t4 = t4 - X3
+compute X3 = X1 + Z1
+compute Y3 = X2 + Z2
+compute X3 = X3 Y3
+compute Y3 = t0 + t2
+compute Y3 = X3 - Y3
+compute Z3 = b t2
+compute X3 = Y3 - Z3
+compute Z3 = X3 + X3
+compute X3 = X3 + Z3
+compute Z3 = t1 - X3
+compute X3 = t1 + X3
+compute Y3 = b Y3
+compute t1 = t2 + t2
+compute t2 = t1 + t2
+compute Y3 = Y3 - t2
+compute Y3 = Y3 - t0
+compute t1 = Y3 + Y3
+compute Y3 = t1 + Y3
+compute t1 = t0 + t0
+compute t0 = t1 + t0
+compute t0 = t0 - t2
+compute t1 = t4 Y3
+compute t2 = t0 Y3
+compute Y3 = X3 Z3
+compute Y3 = Y3 + t2
+compute X3 = t3 X3
+compute X3 = X3 - t1
+compute Z3 = t4 Z3
+compute t1 = t3 t0
+compute Z3 = Z3 + t1
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3
new file mode 100644
index 0000000..0cd47b3
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective-3/addition/add-2016-rcb.op3
@@ -0,0 +1,43 @@
+t0 = X1*X2
+t1 = Y1*Y2
+t2 = Z1*Z2
+t3 = X1+Y1
+t4 = X2+Y2
+t3 = t3*t4
+t4 = t0+t1
+t3 = t3-t4
+t4 = Y1+Z1
+X3 = Y2+Z2
+t4 = t4*X3
+X3 = t1+t2
+t4 = t4-X3
+X3 = X1+Z1
+Y3 = X2+Z2
+X3 = X3*Y3
+Y3 = t0+t2
+Y3 = X3-Y3
+Z3 = b*t2
+X3 = Y3-Z3
+Z3 = X3+X3
+X3 = X3+Z3
+Z3 = t1-X3
+X3 = t1+X3
+Y3 = b*Y3
+t1 = t2+t2
+t2 = t1+t2
+Y3 = Y3-t2
+Y3 = Y3-t0
+t1 = Y3+Y3
+Y3 = t1+Y3
+t1 = t0+t0
+t0 = t1+t0
+t0 = t0-t2
+t1 = t4*Y3
+t2 = t0*Y3
+Y3 = X3*Z3
+Y3 = Y3+t2
+X3 = t3*X3
+X3 = X3-t1
+Z3 = t4*Z3
+t1 = t3*t0
+Z3 = Z3+t1
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb
new file mode 100644
index 0000000..d40242e
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb
@@ -0,0 +1,35 @@
+source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (6)
+compute t0 = X1^2
+compute t1 = Y1^2
+compute t2 = Z1^2
+compute t3 = X1 Y1
+compute t3 = t3 + t3
+compute Z3 = X1 Z1
+compute Z3 = Z3 + Z3
+compute Y3 = b t2
+compute Y3 = Y3 - Z3
+compute X3 = Y3 + Y3
+compute Y3 = Y3 + X3
+compute X3 = t1 - Y3
+compute Y3 = t1 + Y3
+compute Y3 = X3 Y3
+compute X3 = X3 t3
+compute t3 = t2 + t2
+compute t2 = t2 + t3
+compute Z3 = b Z3
+compute Z3 = Z3 - t2
+compute Z3 = Z3 - t0
+compute t3 = Z3 + Z3
+compute Z3 = Z3 + t3
+compute t3 = t0 + t0
+compute t0 = t3 + t0
+compute t0 = t0 - t2
+compute t0 = t0 Z3
+compute Y3 = Y3 + t0
+compute t0 = X1 Z1
+compute t0 = t0 + t0
+compute Z3 = t0 Z3
+compute X3 = X3 - Z3
+compute Z3 = t0 t1
+compute Z3 = Z3 + Z3
+compute Z3 = Z3 + Z3
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3
new file mode 100644
index 0000000..3b75d41
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective-3/doubling/dbl-2016-rcb.op3
@@ -0,0 +1,34 @@
+t0 = X1^2
+t1 = Y1^2
+t2 = Z1^2
+t3 = X1*Y1
+t3 = t3+t3
+Z3 = X1*Z1
+Z3 = Z3+Z3
+Y3 = b*t2
+Y3 = Y3-Z3
+X3 = Y3+Y3
+Y3 = Y3+X3
+X3 = t1-Y3
+Y3 = t1+Y3
+Y3 = X3*Y3
+X3 = X3*t3
+t3 = t2+t2
+t2 = t2+t3
+Z3 = b*Z3
+Z3 = Z3-t2
+Z3 = Z3-t0
+t3 = Z3+Z3
+Z3 = Z3+t3
+t3 = t0+t0
+t0 = t3+t0
+t0 = t0-t2
+t0 = t0*Z3
+Y3 = Y3+t0
+t0 = X1*Z1
+t0 = t0+t0
+Z3 = t0*Z3
+X3 = X3-Z3
+Z3 = t0*t1
+Z3 = Z3+Z3
+Z3 = Z3+Z3
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb
new file mode 100644
index 0000000..400228b
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb
@@ -0,0 +1,43 @@
+source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (1)
+unified
+compute b3 = 3 b
+compute t0 = X1 X2
+compute t1 = Y1 Y2
+compute t2 = Z1 Z2
+compute t3 = X1 + Y1
+compute t4 = X2 + Y2
+compute t3 = t3 t4
+compute t4 = t0 + t1
+compute t3 = t3 - t4
+compute t4 = X1 + Z1
+compute t5 = X2 + Z2
+compute t4 = t4 * t5
+compute t5 = t0 + t2
+compute t4 = t4 - t5
+compute t5 = Y1 + Z1
+compute X3 = Y2 + Z2
+compute t5 = t5 X3
+compute X3 = t1 + t2
+compute t5 = t5 - X3
+compute Z3 = a t4
+compute X3 = b3 t2
+compute Z3 = X3 + Z3
+compute X3 = t1 - Z3
+compute Z3 = t1 + Z3
+compute Y3 = X3 Z3
+compute t1 = t0 + t0
+compute t1 = t1 + t0
+compute t2 = a t2
+compute t4 = b3 t4
+compute t1 = t1 + t2
+compute t2 = t0 - t2
+compute t2 = a t2
+compute t4 = t4 + t2
+compute t0 = t1 t4
+compute Y3 = Y3 + t0
+compute t0 = t5 t4
+compute X3 = t3 X3
+compute X3 = X3 - t0
+compute t0 = t3 t1
+compute Z3 = t5 Z3
+compute Z3 = Z3 + t0
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3
new file mode 100644
index 0000000..7e4a236
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective/addition/add-2016-rcb.op3
@@ -0,0 +1,41 @@
+b3 = 3*b
+t0 = X1*X2
+t1 = Y1*Y2
+t2 = Z1*Z2
+t3 = X1+Y1
+t4 = X2+Y2
+t3 = t3*t4
+t4 = t0+t1
+t3 = t3-t4
+t4 = X1+Z1
+t5 = X2+Z2
+t4 = t4*t5
+t5 = t0+t2
+t4 = t4-t5
+t5 = Y1+Z1
+X3 = Y2+Z2
+t5 = t5*X3
+X3 = t1+t2
+t5 = t5-X3
+Z3 = a*t4
+X3 = b3*t2
+Z3 = X3+Z3
+X3 = t1-Z3
+Z3 = t1+Z3
+Y3 = X3*Z3
+t1 = t0+t0
+t1 = t1+t0
+t2 = a*t2
+t4 = b3*t4
+t1 = t1+t2
+t2 = t0-t2
+t2 = a*t2
+t4 = t4+t2
+t0 = t1*t4
+Y3 = Y3+t0
+t0 = t5*t4
+X3 = t3*X3
+X3 = X3-t0
+t0 = t3*t1
+Z3 = t5*Z3
+Z3 = Z3+t0
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb
new file mode 100644
index 0000000..a031579
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb
@@ -0,0 +1,33 @@
+source 2016 Renes-Costello-Batina "Complete addition formulas for prime order elliptic curves", algorithm (3)
+compute b3 = 3 b
+compute t0 = X1^2
+compute t1 = Y1^2
+compute t2 = Z1^2
+compute t3 = X1 Y1
+compute t3 = t3 + t3
+compute Z3 = X1 Z1
+compute Z3 = Z3 + Z3
+compute X3 = a Z3
+compute Y3 = b3 t2
+compute Y3 = X3 + Y3
+compute X3 = t1 - Y3
+compute Y3 = t1 + Y3
+compute Y3 = X3 Y3
+compute X3 = t3 X3
+compute Z3 = b3 Z3
+compute t2 = a t2
+compute t3 = t0 - t2
+compute t3 = a t3
+compute t3 = t3 + Z3
+compute Z3 = t0 + t0
+compute t0 = Z3 + t0
+compute t0 = t0 + t2
+compute t0 = t0 t3
+compute Y3 = Y3 + t0
+compute t2 = Y1 Z1
+compute t2 = t2 + t2
+compute t0 = t2 t3
+compute X3 = X3 - t0
+compute Z3 = t2 t1
+compute Z3 = Z3 + Z3
+compute Z3 = Z3 + Z3
\ No newline at end of file
diff --git a/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3 b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3
new file mode 100644
index 0000000..8b933ac
--- /dev/null
+++ b/pyecsca/ec/efd/shortw/projective/doubling/dbl-2016-rcb.op3
@@ -0,0 +1,32 @@
+b3 = 3*b
+t0 = X1^2
+t1 = Y1^2
+t2 = Z1^2
+t3 = X1*Y1
+t3 = t3+t3
+Z3 = X1*Z1
+Z3 = Z3+Z3
+X3 = a*Z3
+Y3 = b3*t2
+Y3 = X3+Y3
+X3 = t1-Y3
+Y3 = t1+Y3
+Y3 = X3*Y3
+X3 = t3*X3
+Z3 = b3*Z3
+t2 = a*t2
+t3 = t0-t2
+t3 = a*t3
+t3 = t3+Z3
+Z3 = t0+t0
+t0 = Z3+t0
+t0 = t0+t2
+t0 = t0*t3
+Y3 = Y3+t0
+t2 = Y1*Z1
+t2 = t2+t2
+t0 = t2*t3
+X3 = X3-t0
+Z3 = t2*t1
+Z3 = Z3+Z3
+Z3 = Z3+Z3
\ No newline at end of file
diff --git a/pyecsca/ec/mod.py b/pyecsca/ec/mod.py
index 1fa3f9d..ec5dfe6 100644
--- a/pyecsca/ec/mod.py
+++ b/pyecsca/ec/mod.py
@@ -136,6 +136,9 @@ class Mod(object):
         q, r = divmod(self.x, divisor.x)
         return Mod(q, self.n), Mod(r, self.n)
 
+    def __bytes__(self):
+        return self.x.to_bytes((self.n.bit_length() + 7) // 8, byteorder="big")
+
     @staticmethod
     def random(n: int):
         with RandomModAction(n):
@@ -224,6 +227,9 @@ class Undefined(Mod):
     def __divmod__(self, divisor):
         raise NotImplementedError
 
+    def __bytes__(self):
+        raise NotImplementedError
+
     def __int__(self):
         raise NotImplementedError
 
diff --git a/pyecsca/ec/mult.py b/pyecsca/ec/mult.py
index def7dab..57c034a 100644
--- a/pyecsca/ec/mult.py
+++ b/pyecsca/ec/mult.py
@@ -407,10 +407,10 @@ class WindowNAFMultiplier(ScalarMultiplier):
         self._points_neg = {}
         current_point = point
         double_point = self._dbl(point)
-        for i in range(1, (self.width + 1) // 2 + 1):
-            self._points[2 ** i - 1] = current_point
+        for i in range(0, 2**(self.width - 2)):
+            self._points[2*i + 1] = current_point
             if self.precompute_negation:
-                self._points_neg[2 ** i - 1] = self._neg(current_point)
+                self._points_neg[2*i + 1] = self._neg(current_point)
             current_point = self._add(current_point, double_point)
 
     def multiply(self, scalar: int) -> Point:
diff --git a/pyecsca/ec/point.py b/pyecsca/ec/point.py
index f20d5e0..fe515ae 100644
--- a/pyecsca/ec/point.py
+++ b/pyecsca/ec/point.py
@@ -97,6 +97,12 @@ class Point(object):
             return False
         return self.to_affine() == other.to_affine()
 
+    def __bytes__(self):
+        res = b"\x04"
+        for k in sorted(self.coords.keys()):
+            res += bytes(self.coords[k])
+        return res
+
     def __eq__(self, other):
         if not isinstance(other, Point):
             return False
@@ -133,6 +139,9 @@ class InfinityPoint(Point):
     def equals(self, other) -> bool:
         return self == other
 
+    def __bytes__(self):
+        return b"\x00"
+
     def __eq__(self, other):
         if type(other) is not InfinityPoint:
             return False
diff --git a/pyecsca/sca/trace_set/hdf5.py b/pyecsca/sca/trace_set/hdf5.py
index 01f8303..b8a1ad1 100644
--- a/pyecsca/sca/trace_set/hdf5.py
+++ b/pyecsca/sca/trace_set/hdf5.py
@@ -62,8 +62,7 @@ class HDF5TraceSet(TraceSet):
 
     def append(self, value: Trace):
         if self._file is not None:
-            last = sorted(list(map(int, self._file.keys())))[-1]
-            key = last + 1
+            key = sorted(list(map(int, self._file.keys())))[-1] + 1 if self._file.keys() else 0
             self._file[str(key)] = value.samples
             value.samples = self._file[str(key)]
             if value.meta: