@Test public void testDoubleScalarMultiplyVariableTime() { // Little-endian byte[] zero = Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000"); byte[] one = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000"); byte[] two = Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000"); byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c"); GroupElement A = new GroupElement( curve, Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66")); GroupElement B = ed25519.getB(); GroupElement geZero = curve.getZero(GroupElement.Representation.P3); geZero.precompute(false); // 0 * GE(0) + 0 * GE(0) = GE(0) assertThat(geZero.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero))); // 0 * GE(0) + 0 * B = GE(0) assertThat(B.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero))); // 1 * GE(0) + 0 * B = GE(0) assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, zero), is(equalTo(geZero))); // 1 * GE(0) + 1 * B = B assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, one), is(equalTo(B))); // 1 * B + 1 * B = 2 * B assertThat(B.doubleScalarMultiplyVariableTime(B, one, one), is(equalTo(B.dbl()))); // 1 * B + 2 * B = 3 * B assertThat( B.doubleScalarMultiplyVariableTime(B, one, two), is(equalTo(B.dbl().toP3().add(B.toCached())))); // 2 * B + 2 * B = 4 * B assertThat(B.doubleScalarMultiplyVariableTime(B, two, two), is(equalTo(B.dbl().toP3().dbl()))); // 0 * B + a * B = A assertThat(B.doubleScalarMultiplyVariableTime(B, zero, a), is(equalTo(A))); // a * B + 0 * B = A assertThat(B.doubleScalarMultiplyVariableTime(B, a, zero), is(equalTo(A))); // a * B + a * B = 2 * A assertThat(B.doubleScalarMultiplyVariableTime(B, a, a), is(equalTo(A.dbl()))); }
// This test is slow (~6s) due to math utils using an inferior algorithm to calculate the result. @Test public void doubleScalarMultiplyVariableTimeReturnsExpectedResult() { for (int i = 0; i < 50; i++) { // Arrange: final GroupElement basePoint = ed25519.getB(); final GroupElement g = MathUtils.getRandomGroupElement(); g.precompute(false); final FieldElement f1 = MathUtils.getRandomFieldElement(); final FieldElement f2 = MathUtils.getRandomFieldElement(); // Act: final GroupElement h1 = basePoint.doubleScalarMultiplyVariableTime(g, f2.toByteArray(), f1.toByteArray()); final GroupElement h2 = MathUtils.doubleScalarMultiplyGroupElements(basePoint, f1, g, f2); // Assert: Assert.assertThat(h1, IsEqual.equalTo(h2)); } }