| package org.bouncycastle.math.ec.tools; |
| |
| import java.math.BigInteger; |
| import java.security.SecureRandom; |
| import java.util.ArrayList; |
| import java.util.Enumeration; |
| import java.util.Iterator; |
| import java.util.SortedSet; |
| import java.util.TreeSet; |
| |
| import org.bouncycastle.asn1.x9.ECNamedCurveTable; |
| import org.bouncycastle.asn1.x9.X9ECParameters; |
| import org.bouncycastle.crypto.ec.CustomNamedCurves; |
| import org.bouncycastle.math.ec.ECAlgorithms; |
| import org.bouncycastle.math.ec.ECCurve; |
| import org.bouncycastle.math.ec.ECFieldElement; |
| import org.bouncycastle.util.Integers; |
| |
| public class TraceOptimizer |
| { |
| private static final BigInteger ONE = BigInteger.valueOf(1); |
| |
| private static final SecureRandom R = new SecureRandom(); |
| |
| public static void main(String[] args) |
| { |
| SortedSet names = new TreeSet(enumToList(ECNamedCurveTable.getNames())); |
| names.addAll(enumToList(CustomNamedCurves.getNames())); |
| |
| Iterator it = names.iterator(); |
| while (it.hasNext()) |
| { |
| String name = (String)it.next(); |
| X9ECParameters x9 = CustomNamedCurves.getByName(name); |
| if (x9 == null) |
| { |
| x9 = ECNamedCurveTable.getByName(name); |
| } |
| if (x9 != null && ECAlgorithms.isF2mCurve(x9.getCurve())) |
| { |
| System.out.print(name + ":"); |
| implPrintNonZeroTraceBits(x9); |
| } |
| } |
| } |
| |
| public static void printNonZeroTraceBits(X9ECParameters x9) |
| { |
| if (!ECAlgorithms.isF2mCurve(x9.getCurve())) |
| { |
| throw new IllegalArgumentException("Trace only defined over characteristic-2 fields"); |
| } |
| |
| implPrintNonZeroTraceBits(x9); |
| } |
| |
| public static void implPrintNonZeroTraceBits(X9ECParameters x9) |
| { |
| ECCurve c = x9.getCurve(); |
| int m = c.getFieldSize(); |
| |
| ArrayList nonZeroTraceBits = new ArrayList(); |
| |
| /* |
| * Determine which of the bits contribute to the trace. |
| * |
| * See section 3.6.2 of "Guide to Elliptic Curve Cryptography" (Hankerson, Menezes, Vanstone) |
| */ |
| { |
| for (int i = 0; i < m; ++i) |
| { |
| BigInteger zi = ONE.shiftLeft(i); |
| ECFieldElement fe = c.fromBigInteger(zi); |
| int tr = calculateTrace(fe); |
| if (tr != 0) |
| { |
| nonZeroTraceBits.add(Integers.valueOf(i)); |
| System.out.print(" " + i); |
| } |
| } |
| System.out.println(); |
| } |
| |
| /* |
| * Check calculation based on the non-zero-trace bits against explicit calculation, for random field elements |
| */ |
| { |
| for (int i = 0; i < 1000; ++i) |
| { |
| BigInteger x = new BigInteger(m, R); |
| ECFieldElement fe = c.fromBigInteger(x); |
| int check = calculateTrace(fe); |
| |
| int tr = 0; |
| for (int j = 0; j < nonZeroTraceBits.size(); ++j) |
| { |
| int bit = ((Integer)nonZeroTraceBits.get(j)).intValue(); |
| if (x.testBit(bit)) |
| { |
| tr ^= 1; |
| } |
| } |
| |
| if (check != tr) |
| { |
| throw new IllegalStateException("Optimized-trace sanity check failed"); |
| } |
| } |
| } |
| } |
| |
| private static int calculateTrace(ECFieldElement fe) |
| { |
| int m = fe.getFieldSize(); |
| ECFieldElement tr = fe; |
| for (int i = 1; i < m; ++i) |
| { |
| fe = fe.square(); |
| tr = tr.add(fe); |
| } |
| BigInteger b = tr.toBigInteger(); |
| if (b.bitLength() > 1) |
| { |
| throw new IllegalStateException(); |
| } |
| return b.intValue(); |
| } |
| |
| private static ArrayList enumToList(Enumeration en) |
| { |
| ArrayList rv = new ArrayList(); |
| while (en.hasMoreElements()) |
| { |
| rv.add(en.nextElement()); |
| } |
| return rv; |
| } |
| } |
