git.openssl.org Git - openssl.git/commit

author	Nicola Tuveri <nic.tuv@gmail.com>
	Fri, 13 Jul 2018 21:55:01 +0000 (00:55 +0300)
committer	Matt Caswell <matt@openssl.org>
	Mon, 16 Jul 2018 09:17:40 +0000 (10:17 +0100)
commit	f45846f50036343778d7575578e7115e92a3fce1
tree	c799ac47c288635e12cd1175a148b2385748149c	tree \| snapshot
parent	66b0bca887eb4ad1f5758e56c45905fb3fc36667	commit \| diff

EC2M Lopez-Dahab ladder implementation

This commit uses the new ladder scaffold to implement a specialized
ladder step based on differential addition-and-doubling in mixed
Lopez-Dahab projective coordinates, modified to independently blind the
operands.

The arithmetic in `ladder_pre`, `ladder_step` and `ladder_post` is
auto generated with tooling:
- see, e.g., "Guide to ECC" Alg 3.40 for reference about the
  `ladder_pre` implementation;
- see https://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3
  for the differential addition-and-doubling formulas implemented in
  `ladder_step`;
- see, e.g., "Fast Multiplication on Elliptic Curves over GF(2**m)
  without Precomputation" (Lopez and Dahab, CHES 1999) Appendix Alg Mxy
  for the `ladder_post` implementation to recover the `(x,y)` result in
  affine coordinates.

Co-authored-by: Billy Brumley <bbrumley@gmail.com>
Co-authored-by: Sohaib ul Hassan <soh.19.hassan@gmail.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6690)

CHANGES		diff \| blob \| history
crypto/ec/ec2_smpl.c		diff \| blob \| history
crypto/ec/ec_err.c		diff \| blob \| history
crypto/err/openssl.txt		diff \| blob \| history
include/openssl/ecerr.h		diff \| blob \| history