/** Test method for {@link GroupElement#cmov(GroupElement, int)}. */
@Test
public void testCmov() {
GroupElement a = curve.getZero(GroupElement.Representation.PRECOMP);
GroupElement b = GroupElement.precomp(curve, TWO, ZERO, TEN);
assertThat(a.cmov(b, 0), is(equalTo(a)));
assertThat(a.cmov(b, 1), is(equalTo(b)));
}
/**
* Test method for {@link GroupElement#scalarMultiply(byte[])}. Test values generated with Python
* Ed25519 implementation.
*/
@Test
public void testScalarMultiplyByteArray() {
// Little-endian
byte[] zero =
Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000");
byte[] one =
Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
byte[] two =
Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000");
byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c");
GroupElement A =
new GroupElement(
curve,
Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66"));
assertThat(
"scalarMultiply(0) failed",
ed25519.getB().scalarMultiply(zero),
is(equalTo(curve.getZero(GroupElement.Representation.P3))));
assertThat(
"scalarMultiply(1) failed",
ed25519.getB().scalarMultiply(one),
is(equalTo(ed25519.getB())));
assertThat(
"scalarMultiply(2) failed",
ed25519.getB().scalarMultiply(two),
is(equalTo(ed25519.getB().dbl())));
assertThat("scalarMultiply(a) failed", ed25519.getB().scalarMultiply(a), is(equalTo(A)));
}
@Test
public void scalarMultiplyBasePointWithZeroReturnsNeutralElement() {
// Arrange:
final GroupElement basePoint = ed25519.getB();
// Act:
final GroupElement g = basePoint.scalarMultiply(curve.getField().ZERO.toByteArray());
// Assert:
Assert.assertThat(curve.getZero(GroupElement.Representation.P3), IsEqual.equalTo(g));
}
/** Test method for {@link GroupElement#toP2()}. */
@Test
public void testToP2() {
GroupElement p3zero = curve.getZero(GroupElement.Representation.P3);
GroupElement t = p3zero.toP2();
assertThat(t.repr, is(GroupElement.Representation.P2));
assertThat(t.X, is(p3zero.X));
assertThat(t.Y, is(p3zero.Y));
assertThat(t.Z, is(p3zero.Z));
assertThat(t.T, is((FieldElement) null));
GroupElement B = ed25519.getB();
t = B.toP2();
assertThat(t.repr, is(GroupElement.Representation.P2));
assertThat(t.X, is(B.X));
assertThat(t.Y, is(B.Y));
assertThat(t.Z, is(B.Z));
assertThat(t.T, is((FieldElement) null));
}
@Test
public void testDoubleScalarMultiplyVariableTime() {
// Little-endian
byte[] zero =
Utils.hexToBytes("0000000000000000000000000000000000000000000000000000000000000000");
byte[] one =
Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
byte[] two =
Utils.hexToBytes("0200000000000000000000000000000000000000000000000000000000000000");
byte[] a = Utils.hexToBytes("d072f8dd9c07fa7bc8d22a4b325d26301ee9202f6db89aa7c3731529e37e437c");
GroupElement A =
new GroupElement(
curve,
Utils.hexToBytes("d4cf8595571830644bd14af416954d09ab7159751ad9e0f7a6cbd92379e71a66"));
GroupElement B = ed25519.getB();
GroupElement geZero = curve.getZero(GroupElement.Representation.P3);
geZero.precompute(false);
// 0 * GE(0) + 0 * GE(0) = GE(0)
assertThat(geZero.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero)));
// 0 * GE(0) + 0 * B = GE(0)
assertThat(B.doubleScalarMultiplyVariableTime(geZero, zero, zero), is(equalTo(geZero)));
// 1 * GE(0) + 0 * B = GE(0)
assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, zero), is(equalTo(geZero)));
// 1 * GE(0) + 1 * B = B
assertThat(B.doubleScalarMultiplyVariableTime(geZero, one, one), is(equalTo(B)));
// 1 * B + 1 * B = 2 * B
assertThat(B.doubleScalarMultiplyVariableTime(B, one, one), is(equalTo(B.dbl())));
// 1 * B + 2 * B = 3 * B
assertThat(
B.doubleScalarMultiplyVariableTime(B, one, two),
is(equalTo(B.dbl().toP3().add(B.toCached()))));
// 2 * B + 2 * B = 4 * B
assertThat(B.doubleScalarMultiplyVariableTime(B, two, two), is(equalTo(B.dbl().toP3().dbl())));
// 0 * B + a * B = A
assertThat(B.doubleScalarMultiplyVariableTime(B, zero, a), is(equalTo(A)));
// a * B + 0 * B = A
assertThat(B.doubleScalarMultiplyVariableTime(B, a, zero), is(equalTo(A)));
// a * B + a * B = 2 * A
assertThat(B.doubleScalarMultiplyVariableTime(B, a, a), is(equalTo(A.dbl())));
}
