Package org.bouncycastle.crypto.hash2curve.impl

Class MontgomeryCurveProcessor

  • All Implemented Interfaces:
    CurveProcessor
    public class MontgomeryCurveProcessor
extends java.lang.Object
implements CurveProcessor
    Curve processor for Montgomery curves of the form B * y^2 = x^3 + A * x^2 + x Internally we treat this as a long Weierstrass curve y^2 = x^3 + a2 * x^2 + a4 * x + a6 with a2 = A / B, a4 = 1 / B, a6 = 0. All arithmetic is done explicitly in F_p using these formulas, not via the ECPoint group operations, because BouncyCastle's Montgomery implementation does not use this model directly.

    • Constructor Summary

      Constructors 
      Constructor Description
      MontgomeryCurveProcessor​(ECCurve curve, int J, int K, int hEff)
      Constructs a MontgomeryCurveProcessor object for processing elliptic curves represented in the Montgomery model.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      ECPoint add​(ECPoint P, ECPoint Q)
      Adds two elliptic curve points on the Montgomery curve model and returns the resulting point.
      ECPoint clearCofactor​(ECPoint P)
      Clears the cofactor of the given elliptic curve point using the efficient cofactor value.
      AffineXY mapToAffineXY​(ECPoint p)
      Converts an elliptic-curve point into the affine (x, y) coordinate representation defined by the hash-to-curve suite.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • MontgomeryCurveProcessor

        public MontgomeryCurveProcessor​(ECCurve curve,
                                int J,
                                int K,
                                int hEff)
        Constructs a MontgomeryCurveProcessor object for processing elliptic curves represented in the Montgomery model. Computes and initializes curve parameters for use in point operations and transformations.
        Parameters:
        curve - the elliptic curve to be processed, represented using the ECCurve class
        J - parameter J of the Montgomery curve equation, used for internal calculations
        K - parameter K of the Montgomery curve equation, used for internal calculations
        hEff - the effective cofactor value for the curve, utilized in certain operations

    • Method Detail

      • add

        public ECPoint add​(ECPoint P,
                   ECPoint Q)
        Adds two elliptic curve points on the Montgomery curve model and returns the resulting point. The method internally converts Montgomery coordinates to Weierstrass coordinates to perform the group law, then converts the result back to Montgomery coordinates.
        Specified by:
        add in interface CurveProcessor
        Parameters:
        P - the first elliptic curve point on the Montgomery curve model
        Q - the second elliptic curve point on the Montgomery curve model
        Returns:
        the resulting elliptic curve point on the Montgomery curve model after addition

      • clearCofactor

        public ECPoint clearCofactor​(ECPoint P)
        Clears the cofactor of the given elliptic curve point using the efficient cofactor value. If the input point is at infinity, the same point is returned. Otherwise, it transforms the point into the short-Weierstrass model, multiplies by the effective cofactor, and normalizes the resulting point.
        Specified by:
        clearCofactor in interface CurveProcessor
        Parameters:
        P - the elliptic curve point on the Montgomery curve model
        Returns:
        the resulting elliptic curve point in the short-Weierstrass model with the cofactor cleared

      • mapToAffineXY

        public AffineXY mapToAffineXY​(ECPoint p)
        Description copied from interface: CurveProcessor
        Converts an elliptic-curve point into the affine (x, y) coordinate representation defined by the hash-to-curve suite.

        The returned coordinates are intended for serialization, testing, and interoperability with the reference outputs defined in RFC 9380. For most Weierstrass curves, this is simply the affine (x, y) coordinates of the given point. For curves that use a different coordinate model in the specification (e.g. Montgomery curves such as curve25519), this method applies the appropriate coordinate transformation.

        This method does not change the underlying group element represented by the point. It only changes how that point is expressed as field elements. The input point is expected to be a valid point on the curve used by the implementation.

        Specified by:
        mapToAffineXY in interface CurveProcessor
        Parameters:
        p - a valid elliptic-curve point
        Returns:
        the affine (x, y) coordinates corresponding to the suite-specific representation of the given point