pyecsca.ec.mult.comb module

Provides Comb-like scalar multipliers, such as BGMW or Lim-Lee.

class BGMWMultiplier(add, dbl, width, scl=None, direction=ProcessingDirection.LTR, accumulation_order=AccumulationOrder.PeqPR, short_circuit=True)[source]

Bases: AccumulatorMultiplier, PrecompMultiplier, ScalarMultiplier

Brickell, Gordon, McCurley and Wilson (BGMW) scalar multiplier, or rather, its one parametrization.

Algorithm 3.41 from [GECC]

Parameters:

  • width (int) – Window width.

  • direction (ProcessingDirection) – Whether it is LTR or RTL.

  • accumulation_order (AccumulationOrder) – The order of accumulation of points.

  • short_circuit (bool) – Whether the use of formulas will be guarded by short-circuit on inputs of the point at infinity.

requires: ClassVar[Set[Type]] = {<class 'pyecsca.ec.formula.base.AdditionFormula'>, <class 'pyecsca.ec.formula.base.DoublingFormula'>}[source]

The set of formula types that the multiplier requires.

optionals: ClassVar[Set[Type]] = {<class 'pyecsca.ec.formula.base.ScalingFormula'>}[source]

The optional set of formula types that the multiplier can use.

direction: ProcessingDirection[source]

Whether it is LTR or RTL.

width: int[source]

Window width.

init(params, point, bits=None)[source]

Initialize the scalar multiplier with params and a point.

Warning

The point is not verified to be on the curve represented in the domain parameters.

Parameters:

  • params (DomainParameters) – The domain parameters to initialize the multiplier with.

  • point (Point) – The point to initialize the multiplier with.

  • bits (Optional[int]) – The number of bits to use in the scalar multiplication (i.e. no scalar will be larger than 2^bits). The default is the bit length of the full order of the curve (including cofactor).

multiply(scalar)[source]

Multiply the point with the scalar.

Note

The multiplier needs to be initialized by a call to the init() method.

Parameters:

scalar (int) – The scalar to use.

Return type:

Point

Returns:

The resulting multiple.

accumulation_order: AccumulationOrder[source]

The order of accumulation of points.

short_circuit: bool[source]

Whether the formulas will short-circuit upon input of the point at infinity.

formulas: Mapping[str, Formula][source]

All formulas the multiplier was initialized with.

class CombMultiplier(add, dbl, width, scl=None, always=False, accumulation_order=AccumulationOrder.PeqPR, short_circuit=True)[source]

Bases: AccumulatorMultiplier, PrecompMultiplier, ScalarMultiplier

Comb multiplier.

Algorithm 3.44 from [GECC]

Parameters:

  • width (int) – Window width (number of comb teeth).

  • always (bool) – Whether the double and add always method is used.

  • accumulation_order (AccumulationOrder) – The order of accumulation of points.

  • short_circuit (bool) – Whether the use of formulas will be guarded by short-circuit on inputs of the point at infinity.

requires: ClassVar[Set[Type]] = {<class 'pyecsca.ec.formula.base.AdditionFormula'>, <class 'pyecsca.ec.formula.base.DoublingFormula'>}[source]

The set of formula types that the multiplier requires.

optionals: ClassVar[Set[Type]] = {<class 'pyecsca.ec.formula.base.ScalingFormula'>}[source]

The optional set of formula types that the multiplier can use.

accumulation_order: AccumulationOrder[source]

The order of accumulation of points.

short_circuit: bool[source]

Whether the formulas will short-circuit upon input of the point at infinity.

formulas: Mapping[str, Formula][source]

All formulas the multiplier was initialized with.

width: int[source]

Window width.

always: bool[source]

Whether to always accumulate.

init(params, point, bits=None)[source]

Initialize the scalar multiplier with params and a point.

Warning

The point is not verified to be on the curve represented in the domain parameters.

Parameters:

  • params (DomainParameters) – The domain parameters to initialize the multiplier with.

  • point (Point) – The point to initialize the multiplier with.

  • bits (Optional[int]) – The number of bits to use in the scalar multiplication (i.e. no scalar will be larger than 2^bits). The default is the bit length of the full order of the curve (including cofactor).

multiply(scalar)[source]

Multiply the point with the scalar.

Note

The multiplier needs to be initialized by a call to the init() method.

Parameters:

scalar (int) – The scalar to use.

Return type:

Point

Returns:

The resulting multiple.