blob: 1eeadc1d5e7cfe00a8a4598605a40ba6e0b8e7ca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
source 2002 Izu--Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", formulas (9) and (10), plus common-subexpression elimination
parameter b4
assume b4 = 4*b
compute XX = X2^2
compute ZZ = Z2^2
compute aZZ = a ZZ
compute E = (X2 + Z2)^2 - XX - ZZ
compute X4 = (XX - aZZ)^2 - b4 E ZZ
compute Z4 = 2 E(XX + aZZ) + b4 ZZ^2
compute A = X2 X3
compute B = Z2 Z3
compute C = X2 Z3
compute D = X3 Z2
compute R = 2(C + D)(A + a B) + b4 B^2
compute S = (C - D)^2
compute X5 = R Z1 - S X1
compute Z5 = S Z1
|
