3 * $Id: ec.h,v 1.4.4.2 2004/03/20 00:13:31 mdw Exp $
5 * Elliptic curve definitions
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.4.4.2 2004/03/20 00:13:31 mdw
34 * Projective coordinates for prime curves
36 * Revision 1.4.4.1 2003/06/10 13:43:53 mdw
37 * Simple (non-projective) curves over prime fields now seem to work.
39 * Revision 1.4 2003/05/15 23:25:59 mdw
40 * Make elliptic curve stuff build.
42 * Revision 1.3 2002/01/13 13:48:44 mdw
45 * Revision 1.2 2001/05/07 17:29:44 mdw
46 * Treat projective coordinates as an internal representation. Various
47 * minor interface changes.
49 * Revision 1.1 2001/04/29 18:12:33 mdw
61 /*----- Header files ------------------------------------------------------*/
66 /*----- Data structures ---------------------------------------------------*/
68 /* --- An elliptic curve representation --- */
70 typedef struct ec_curve {
71 const struct ec_ops *ops; /* Curve operations */
72 field *f; /* Underlying field structure */
75 /* --- An elliptic curve point --- */
78 mp *x, *y; /* Point coordinates */
79 mp *z; /* Common denominator (or null) */
82 /* --- A factor for simultaneous multiplication --- */
84 typedef struct ec_mulfactor {
85 ec base; /* The point */
86 mp *exp; /* The exponent */
89 /* --- Elliptic curve operations --- *
91 * All operations (apart from @destroy@ and @in@) are guaranteed to be
92 * performed on internal representations of points. Moreover, the second
93 * argument to @add@ and @mul@ is guaranteed to be the output of @in@ or
97 typedef struct ec_ops {
98 void (*destroy)(ec_curve */*c*/);
99 ec *(*in)(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
100 ec *(*out)(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
101 ec *(*fix)(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
102 ec *(*find)(ec_curve */*c*/, ec */*d*/, mp */*x*/);
103 ec *(*neg)(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
104 ec *(*add)(ec_curve */*c*/, ec */*d*/, const ec */*p*/, const ec */*q*/);
105 ec *(*sub)(ec_curve */*c*/, ec */*d*/, const ec */*p*/, const ec */*q*/);
106 ec *(*dbl)(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
107 int (*check)(ec_curve */*c*/, const ec */*p*/);
110 #define EC_IN(c, d, p) (c)->ops->in((c), (d), (p))
111 #define EC_OUT(c, d, p) (c)->ops->out((c), (d), (p))
112 #define EC_FIX(c, d, p) (c)->ops->fix((c), (d), (p))
114 #define EC_FIND(c, d, x) (c)->ops->find((c), (d), (x))
115 #define EC_NEG(c, d, x) (c)->ops->neg((c), (d), (x))
116 #define EC_ADD(c, d, p, q) (c)->ops->add((c), (d), (p), (q))
117 #define EC_SUB(c, d, p, q) (c)->ops->sub((c), (d), (p), (q))
118 #define EC_DBL(c, d, p) (c)->ops->dbl((c), (d), (p))
119 #define EC_CHECK(c, p) (c)->ops->check((c), (p))
121 /*----- Simple memory management things -----------------------------------*/
123 /* --- @ec_create@ --- *
125 * Arguments: @ec *p@ = pointer to an elliptic-curve point
127 * Returns: The argument @p@.
129 * Use: Initializes a new point. The initial value is the additive
130 * identity (which is universal for all curves).
133 #define EC_INIT { MP_NEW, MP_NEW, MP_NEW }
135 #define EC_CREATE(p) do { \
137 _p->x = _p->y = _p->z = MP_NEW; \
140 extern ec *ec_create(ec */*p*/);
142 /* --- @ec_destroy@ --- *
144 * Arguments: @ec *p@ = pointer to an elliptic-curve point
148 * Use: Destroys a point, making it invalid.
151 #define EC_DESTROY(p) do { \
153 if (!EC_ATINF(_p)) { \
156 if (_p->z) MP_DROP(_p->z); \
160 extern void ec_destroy(ec */*p*/);
162 /* --- @ec_atinf@ --- *
164 * Arguments: @const ec *p@ = pointer to a point
166 * Returns: Nonzero if %$p = O$% is the point at infinity, zero
170 #define EC_ATINF(p) ((p)->x == MP_NEW || (p)->x == MP_NEWSEC)
172 extern int ec_atinf(const ec */*p*/);
174 /* --- @ec_setinf@ --- *
176 * Arguments: @ec *p@ = pointer to a point
178 * Returns: The argument @p@.
180 * Use: Sets the given point to be the point %$O$% at infinity.
183 #define EC_SETINF(p) do { \
185 if (!EC_ATINF(_p)) { \
188 if (_p->z) MP_DROP(_p->z); \
189 _p->x = _p->y = _p->z = MP_NEW; \
195 extern ec *ec_setinf(ec */*p*/);
197 /* --- @ec_copy@ --- *
199 * Arguments: @ec *d@ = pointer to destination point
200 * @const ec *p@ = pointer to source point
202 * Returns: The destination @d@.
204 * Use: Creates a copy of an elliptic curve point.
207 #define EC_COPY(d, p) do { \
209 const ec *_p = (p); \
213 _d->x = _d->y = _d->z = MP_NEW; \
215 _d->x = MP_COPY(_p->x); \
216 _d->y = MP_COPY(_p->y); \
217 _d->z = _p->z ? MP_COPY(_p->z) : MP_NEW; \
222 extern ec *ec_copy(ec */*d*/, const ec */*p*/);
224 /*----- Interesting arithmetic --------------------------------------------*/
226 /* --- @ec_find@ --- *
228 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
229 * @ec *d@ = pointer to the destination point
230 * @mp *x@ = a possible x-coordinate
232 * Returns: The destination if OK, or null if no point was found.
234 * Use: Finds a point on an elliptic curve with a given
235 * x-coordinate. If there is no point with the given
236 * %$x$%-coordinate, a null pointer is returned and the
237 * destination is left invalid.
240 extern ec *ec_find(ec_curve */*c*/, ec */*d*/, mp */*x*/);
242 /* --- @ec_neg@ --- *
244 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
245 * @ec *d@ = pointer to the destination point
246 * @const ec *p@ = pointer to the operand point
248 * Returns: The destination point.
250 * Use: Computes the negation of the given point.
253 extern ec *ec_neg(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
255 /* --- @ec_add@ --- *
257 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
258 * @ec *d@ = pointer to the destination point
259 * @const ec *p, *q@ = pointers to the operand points
261 * Returns: The destination @d@.
263 * Use: Adds two points on an elliptic curve.
266 extern ec *ec_add(ec_curve */*c*/, ec */*d*/,
267 const ec */*p*/, const ec */*q*/);
269 /* --- @ec_sub@ --- *
271 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
272 * @ec *d@ = pointer to the destination point
273 * @const ec *p, *q@ = pointers to the operand points
275 * Returns: The destination @d@.
277 * Use: Subtracts one point from another on an elliptic curve.
280 extern ec *ec_sub(ec_curve */*c*/, ec */*d*/,
281 const ec */*p*/, const ec */*q*/);
283 /* --- @ec_dbl@ --- *
285 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
286 * @ec *d@ = pointer to the destination point
287 * @const ec *p@ = pointer to the operand point
289 * Returns: The destination @d@.
291 * Use: Doubles a point on an elliptic curve.
294 extern ec *ec_dbl(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
296 /* --- @ec_check@ --- *
298 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
299 * @const ec *p@ = pointer to the point
301 * Returns: Zero if OK, nonzero if this is an invalid point.
303 * Use: Checks that a point is actually on an elliptic curve.
306 extern int ec_check(ec_curve */*c*/, const ec */*p*/);
308 /* --- @ec_mul@, @ec_imul@ --- *
310 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
311 * @ec *d@ = pointer to the destination point
312 * @const ec *p@ = pointer to the generator point
313 * @mp *n@ = integer multiplier
315 * Returns: The destination @d@.
317 * Use: Multiplies a point by a scalar, returning %$n p$%. The
318 * @imul@ variant uses internal representations for argument
322 extern ec *ec_mul(ec_curve */*c*/, ec */*d*/, const ec */*p*/, mp */*n*/);
323 extern ec *ec_imul(ec_curve */*c*/, ec */*d*/, const ec */*p*/, mp */*n*/);
325 /* --- @ec_mmul@, @ec_immul@ --- *
327 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
328 * @ec *d@ = pointer to the destination point
329 * @const ec_mulfactor *f@ = pointer to vector of factors
330 * @size_t n@ = number of factors
332 * Returns: The destination @d@.
334 * Use: Does simultaneous point multiplication. The @immul@ variant
335 * uses internal representations for arguments and result.
338 extern ec *ec_mmul(ec_curve */*c*/, ec */*d*/,
339 const ec_mulfactor */*f*/, size_t /*n*/);
340 extern ec *ec_immul(ec_curve */*c*/, ec */*d*/,
341 const ec_mulfactor */*f*/, size_t /*n*/);
343 /*----- Standard curve operations -----------------------------------------*/
345 /* --- @ec_idin@, @ec_idout@, @ec_idfix@ --- *
347 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
348 * @ec *d@ = pointer to the destination
349 * @const ec *p@ = pointer to a source point
351 * Returns: The destination @d@.
353 * Use: An identity operation if your curve has no internal
354 * representation. (The field internal representation is still
358 extern ec *ec_idin(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
359 extern ec *ec_idout(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
360 extern ec *ec_idfix(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
362 /* --- @ec_projin@, @ec_projout@, @ec_projfix@ --- *
364 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
365 * @ec *d@ = pointer to the destination
366 * @const ec *p@ = pointer to a source point
368 * Returns: The destination @d@.
370 * Use: Conversion functions if your curve operations use a
371 * projective representation.
374 extern ec *ec_projin(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
375 extern ec *ec_projout(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
376 extern ec *ec_projfix(ec_curve */*c*/, ec */*d*/, const ec */*p*/);
378 /* --- @ec_stdsub@ --- *
380 * Arguments: @ec_curve *c@ = pointer to an elliptic curve
381 * @ec *d@ = pointer to the destination
382 * @const ec *p, *q@ = the operand points
384 * Returns: The destination @d@.
386 * Use: Standard point subtraction operation, in terms of negation
387 * and addition. This isn't as efficient as a ready-made
388 * subtraction operator.
391 extern ec *ec_stdsub(ec_curve */*c*/, ec */*d*/,
392 const ec */*p*/, const ec */*q*/);
394 /*----- Creating curves ---------------------------------------------------*/
396 /* --- @ec_destroycurve@ --- *
398 * Arguments: @ec_curve *c@ = pointer to an ellptic curve
402 * Use: Destroys a description of an elliptic curve.
405 extern void ec_destroycurve(ec_curve */*c*/);
407 /* --- @ec_prime@, @ec_primeproj@ --- *
409 * Arguments: @field *f@ = the underlying field for this elliptic curve
410 * @mp *a, *b@ = the coefficients for this curve
412 * Returns: A pointer to the curve.
414 * Use: Creates a curve structure for an elliptic curve defined over
415 * a prime field. The @primeproj@ variant uses projective
416 * coordinates, which can be a win.
419 extern ec_curve *ec_prime(field */*f*/, mp */*a*/, mp */*b*/);
420 extern ec_curve *ec_primeproj(field */*f*/, mp */*a*/, mp */*b*/);
422 /* --- @ec_bin@ --- *
424 * Arguments: @field *f@ = the underlying field for this elliptic curve
425 * @mp *a, *b@ = the coefficients for this curve
427 * Returns: A pointer to the curve.
429 * Use: Creates a curve structure for a non-supersingular elliptic
430 * curve defined over a binary field.
433 extern ec_curve *ec_bin(field */*f*/, mp */*a*/, mp */*b*/);
435 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob