我正在编写一个Python脚本,用于测试爱德华兹椭圆曲线点加法和加倍的C实现。
我按照本文的方法,实现了"统一加法"的公式集(5)。(这意味着任何2个点都可以加),公式集(7)为"专用加倍";(如果两个点相同,这比(5)更有效)。
但是我的代码似乎不能正确地计算翻倍。也许它也是加法,我不知道,因为我没有其他参考来比较。
#!/usr/bin/env python3
import sys, secrets
from functools import reduce
def os2int(v):
ret = 0
for b in v: ret = (ret << 8) | b
return ret
# curve parameters from https://datatracker.ietf.org/doc/html/rfc8032#section-5.1
p = (1 << 255) - 19
a = -1
d_over = -121665
d_under = 121666
d = d_over * pow(d_under, p-2, p) % p # product of d_over with the modular inverse of d_under mod p
def point_add_ref(x1, y1, t1, z1, x2, y2, t2, z2):
x1y2 = x1 * y2 % p
x2y1 = x2 * y1 % p
x1x2 = x1 * x2 % p
y1y2 = y1 * y2 % p
z1z2 = z1 * z2 % p
t1t2 = t1 * t2 % p
x3 = (x1y2 + x2y1) * (z1z2 - d * t1t2) % p
y3 = (y1y2 - a * x1x2) * (z1z2 + d * t1t2) % p
t3 = (y1y2 - a * x1x2) * (x1y2 + x2y1) % p
z3 = (z1z2 - d * t1t2) * (z1z2 + d * t1t2) % p
return (x3, y3, t3, z3)
def point_dbl_ref(x1, y1, t1, z1):
xx = x1 * x1 % p
yy = y1 * y1 % p
zz = z1 * z1 % p
xy = x1 * y1 % p
t = 2 * xy % p
u = (yy + a * xx) % p
v = (yy - a * xx) % p
w = (2 * zz - yy - a * xx) % p
x3 = t * w % p
y3 = u * v % p
t3 = t * v % p
z3 = u * w % p
return (x3, y3, t3, z3)
def xytz_cmp(P,Q):
vec = (P[i] * Q[3] % p != P[3] * Q[i] % p for i in range(3))
return reduce(lambda a, b: a or b, vec)
if __name__ == "__main__":
fails = 0
slen = 12
for i in range(100):
P = (os2int(secrets.token_bytes(slen)),
os2int(secrets.token_bytes(slen)),
os2int(secrets.token_bytes(slen)),
os2int(secrets.token_bytes(slen)))
R3 = point_add_ref(*P, *P)
R4 = point_dbl_ref(*P)
if xytz_cmp(R3, R4): fails += 1
print("{} test(s) failed.".format(fails))
不正确的既不是加法也不是加倍。而是你用随机坐标生成的点不是有效的曲线点