3

I already checked similar questions but I couldn't solve my problem. The most relevant one is Elliptic curve addition in Jacobian coordinates but there is no solution.

I have a helper class called Jacobian which will have the three Jacobian coordinates X, Y & X I followed the algorithm published on http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#addition-add-2007-bl

The algorithm is:

Z1Z1 = Z12
Z2Z2 = Z22
U1 = X1*Z2Z2
U2 = X2*Z1Z1
S1 = Y1*Z2*Z2Z2
S2 = Y2*Z1*Z1Z1
H = U2-U1
I = (2*H)2
J = H*I
r = 2*(S2-S1)
V = U1*I
X3 = r2-J-2*V
Y3 = r*(V-X3)-2*S1*J
Z3 = ((Z1+Z2)2-Z1Z1-Z2Z2)*H

When I checked the result it's not on the defined curve. I also checked it with Sage but I got a different result. 

public Jacobian pointAddition(Jacobian jp1, Jacobian jp2){
        /*
        Reference: http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#addition-add-2007-bl
        Z1Z1 = Z12
        Z2Z2 = Z22
        U1 = X1*Z2Z2
        U2 = X2*Z1Z1
        S1 = Y1*Z2*Z2Z2
        S2 = Y2*Z1*Z1Z1
        H = U2-U1
        I = (2*H)2
        J = H*I
        r = 2*(S2-S1)
        V = U1*I
        X3 = r2-J-2*V
        Y3 = r*(V-X3)-2*S1*J
        Z3 = ((Z1+Z2)2-Z1Z1-Z2Z2)*H
        */
        if(arePointsInverse(jp1, jp2)){
            return P0;
        }
        if(arePointsEqual(jp1, jp2)){
            return pointDoubling(jp1);
        }
        if(jp1.isInfinity(getGf())){
            return jp2;
        }
        if(jp2.isInfinity(getGf())){
            return jp1;
        }
        BigInteger X1 = jp1.getX();
        BigInteger Y1 = jp1.getY();
        BigInteger Z1 = jp1.getZ();

        BigInteger X2 = jp2.getX();
        BigInteger Y2 = jp2.getY();
        BigInteger Z2 = jp2.getZ();

        BigInteger X3,Y3,Z3;

        BigInteger Z1Z1 = Z1.multiply(Z1);
        //BigInteger Z1Z1 = Z1.pow(2).mod(getGf());
        BigInteger Z2Z2 = Z2.multiply(Z2);
        //BigInteger Z2Z2 = Z2.pow(2).mod(getGf());
        BigInteger U1 = X1.multiply(Z2Z2);
        BigInteger U2 = X2.multiply(Z1Z1); 
        BigInteger S1 = Y1.multiply(Z2.multiply(Z2Z2));
        BigInteger S2 = Y2.multiply(Z1.multiply(Z1Z1));
        BigInteger H = U2.subtract(U1);
        BigInteger I = (TWO.multiply(H)).pow(2);
        BigInteger J = H.multiply(I);
        BigInteger r = TWO.multiply(S2.subtract(S1));
        BigInteger V = U1.multiply(I);

        X3 = ((r.multiply(r)).subtract(J).subtract(TWO.multiply(V))).mod(getGf());
        Y3 = ((r.multiply(V.subtract(X3))).subtract(TWO.multiply(S1.multiply(J))))
                .mod(getGf());
        Z3 = ((((Z1.add(Z2)).pow(2)).subtract(Z1Z1).subtract(Z2Z2)).multiply(H))
                .mod(getGf());
        return new Jacobian(X3,Y3,Z3);
    }
Community
  • 1
  • 1
Nayef
  • 364
  • 2
  • 8
  • 22
  • Your question will fare better on Computational Science. http://scicomp.stackexchange.com/ – jim mcnamara Dec 22 '14 at 20:15
  • Don't tell us that you have “already checked all [relevant documentation]”. It is probably not even true and it does not help answer you. Tell us what **specific** documents were closest to answering your question and why they didn't. – Pascal Cuoq Dec 22 '14 at 20:17
  • @PascalCuoq At least I claim that I already checked all of them. The most relevant one is http://stackoverflow.com/questions/21463018/elliptic-curve-addition-in-jacobian-coordinates?rq=1 – Nayef Dec 22 '14 at 20:20
  • [On crypto there is also some information](http://crypto.stackexchange.com/questions/8147/adding-and-multiplication-in-jacobian-coordinates) – Maarten Bodewes Dec 23 '14 at 01:34
  • @MaartenBodewes-owlstead I know how to do it in theory but it doesn't work in the implemntation. – Nayef Dec 23 '14 at 05:53
  • @MaartenBodewes-owlstead Check my update above. – Nayef Dec 23 '14 at 05:59

1 Answers1

0

The implementation above is correct there was an error in the Jacobian class (in the constructor) which update Z two times with a wrong value.

Nayef
  • 364
  • 2
  • 8
  • 22