コード例 #1
0
  // This test is slow (~6s) due to math utils using an inferior algorithm to calculate the result.
  @Test
  public void doubleScalarMultiplyVariableTimeReturnsExpectedResult() {
    for (int i = 0; i < 50; i++) {
      // Arrange:
      final GroupElement basePoint = ed25519.getB();
      final GroupElement g = MathUtils.getRandomGroupElement();
      g.precompute(false);
      final FieldElement f1 = MathUtils.getRandomFieldElement();
      final FieldElement f2 = MathUtils.getRandomFieldElement();

      // Act:
      final GroupElement h1 =
          basePoint.doubleScalarMultiplyVariableTime(g, f2.toByteArray(), f1.toByteArray());
      final GroupElement h2 = MathUtils.doubleScalarMultiplyGroupElements(basePoint, f1, g, f2);

      // Assert:
      Assert.assertThat(h1, IsEqual.equalTo(h2));
    }
  }
コード例 #2
0
  @Test
  public void testDoubleScalarMultiplyVariableTime() {
    // Little-endian
    byte[] zero =
        Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000");
    byte[] one =
        Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
    byte[] two =
        Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000");
    byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c");
    GroupElement A =
        new GroupElement(
            curve,
            Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66"));
    GroupElement B = ed25519.getB();
    GroupElement geZero = curve.getZero(GroupElement.Representation.P3);
    geZero.precompute(false);

    // 0 * GE(0) + 0 * GE(0) = GE(0)
    assertThat(geZero.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero)));
    // 0 * GE(0) + 0 * B = GE(0)
    assertThat(B.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero)));
    // 1 * GE(0) + 0 * B = GE(0)
    assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, zero), is(equalTo(geZero)));
    // 1 * GE(0) + 1 * B = B
    assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, one), is(equalTo(B)));
    // 1 * B + 1 * B = 2 * B
    assertThat(B.doubleScalarMultiplyVariableTime(B, one, one), is(equalTo(B.dbl())));
    // 1 * B + 2 * B = 3 * B
    assertThat(
        B.doubleScalarMultiplyVariableTime(B, one, two),
        is(equalTo(B.dbl().toP3().add(B.toCached()))));
    // 2 * B + 2 * B = 4 * B
    assertThat(B.doubleScalarMultiplyVariableTime(B, two, two), is(equalTo(B.dbl().toP3().dbl())));

    // 0 * B + a * B = A
    assertThat(B.doubleScalarMultiplyVariableTime(B, zero, a), is(equalTo(A)));
    // a * B + 0 * B = A
    assertThat(B.doubleScalarMultiplyVariableTime(B, a, zero), is(equalTo(A)));
    // a * B + a * B = 2 * A
    assertThat(B.doubleScalarMultiplyVariableTime(B, a, a), is(equalTo(A.dbl())));
  }