pyecsca.sca.re.epa module

Provides functionality inspired by the Exceptional Procedure Attack [EPA].

graph_to_check_inputs(precomp_ctx, full_ctx, out, check_condition, precomp_to_affine, use_init=True, use_multiply=True)[source]

Compute the inputs for the checks based on the context and output point. This function traverses the graph of points and collects the inputs for each formula type, in the form of tuples of input multiples. It also adds a special “affine” formula that checks the multiples of the points that need to be converted to affine coordinates. Which points this “affine” formula checks depends on the precomp_to_affine parameter.

Parameters:

  • ctx – The context containing the points and formulas.

  • out (Point) – The output point of the computation.

  • check_condition (Union[Literal['all'], Literal['necessary']]) – Whether to check all points or only those necessary for the output point.

  • precomp_to_affine (bool) – Whether to include the precomputed points in the to-affine checks.

  • use_init (bool) – Whether to consider the point multiples that happen in scalarmult initialization.

  • use_multiply (bool) – Whether to consider the point multiples that happen in scalarmult multiply (after initialization).

Return type:

dict[str, list[tuple[int, ...]]]

Returns:

A dictionary mapping formula names to lists of tuples of input multiples.

Note

The scalar multiplier must not short-circuit.

evaluate_checks(check_funcs, check_inputs)[source]

Evaluate the checks for each formula type based on the provided functions and inputs.

Parameters:

  • check_funcs (dict[str, Callable]) – The functions to apply for each formula type. There are two callable types: - check(k, l, q), that gets applied to binary formulas (like add), where k and l are the input multiples of the base point and q is the base point order. - check(k, q), that gets applied to unary formulas (like conversion to affine affine), where k is the input multiple of the base point and q is the base point order.

  • check_inputs (dict[str, list[tuple[int, ...]]]) – A dictionary mapping formula names to lists of tuples of input multiples. The output of graph_to_check_inputs().

Return type:

bool

Returns:

Whether any of the checks returned True -> whether the computation errors out.

Note

The scalar multiplier must not short-circuit.

errors_out(precomp_ctx, full_ctx, out, check_funcs, check_condition, precomp_to_affine, use_init=True, use_multiply=True)[source]

Check whether the computation errors out based on the provided context, output point, and check functions.

Parameters:

  • ctx – The context containing the points and formulas.

  • out (Point) – The output point of the computation.

  • check_funcs (dict[str, Callable]) – The functions to apply for each formula type. There are two callable types: - check(k, l, q), that gets applied to binary formulas (like add), where k and l are the input multiples of the base point and q is the base point order. - check(k, q), that gets applied to unary formulas (like conversion to affine affine), where k is the input multiple of the base point and q is the base point order.

  • check_condition (Union[Literal['all'], Literal['necessary']]) – Whether to check all points or only those necessary for the output point.

  • precomp_to_affine (bool) – Whether to include the precomputed points in the to-affine checks.

  • use_init (bool) – Whether to consider the point multiples that happen in scalarmult initialization.

  • use_multiply (bool) – Whether to consider the point multiples that happen in scalarmult multiply (after initialization).

Return type:

bool

Returns:

Whether any of the checks returned True -> whether the computation errors out.

Note

The scalar multiplier must not short-circuit.