org.cryptimeleon.math.structures.groups.elliptic

Class PairingSourceGroupImpl

java.lang.Object

org.cryptimeleon.math.structures.groups.elliptic.PairingSourceGroupImpl

All Implemented Interfaces:

RepresentationRestorer, Representable, StandaloneRepresentable, EllipticCurve, WeierstrassCurve, GroupImpl

public abstract class PairingSourceGroupImpl
extends java.lang.Object
implements WeierstrassCurve

Implements a subgroup over the Weierstrass Curve. More specifically: The set of Torsion points E[getSize()] = {P\in PairingGroup | P.pow(getSize()) = 1} on an elliptic curve over fieldOfDefinition.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.math.BigInteger	cofactor
protected Field	field
protected PairingSourceGroupElement	generator
protected java.math.BigInteger	size

Constructor Summary

Constructors

Constructor and Description
PairingSourceGroupImpl(java.math.BigInteger size, java.math.BigInteger cofactor, FieldElement a4, FieldElement a6)
PairingSourceGroupImpl(java.math.BigInteger size, java.math.BigInteger cofactor, FieldElement a1, FieldElement a2, FieldElement a3, FieldElement a4, FieldElement a6)
PairingSourceGroupImpl(Representation repr)

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object o)
FieldElement	getA1() Returns \(A1\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA2() Returns \(A2\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA3() Returns \(A3\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA4() Returns \(A4\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA6() Returns \(A6\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
java.math.BigInteger	getCofactor() Returns cofactor of this subgroup.
abstract PairingSourceGroupElement	getElement(FieldElement x, FieldElement y) Construct an point on this curve given the x- and y-coordinates.
Field	getFieldOfDefinition() Returns the base field over which the elliptic curve is defined.
PairingSourceGroupElement	getGenerator() Returns any generator of this group if the group is cyclic and it's feasible to compute a generator.
Representation	getRepresentation() The representation of this object.
java.math.BigInteger	getSize()
PairingSourceGroupElement	getUniformlyRandomElement() Generates a uniformly random element of this group.
java.util.Optional<java.lang.Integer>	getUniqueByteLength() Returns the number of bytes returned by this structure's UniqueByteRepresentable.getUniqueByteRepresentation(), or an empty Optional if this structure's elements do not guarantee a fixed length.
int	hashCode()
boolean	isMember(FieldElement x, FieldElement y) Tests if (x,y) is a member of this (sub)group.
boolean	isOnCurve(FieldElement x, FieldElement y) Tests if (x,y) is on curve that defines this group.
PairingSourceGroupElement	multiplyByCofactor(FieldElement x, FieldElement y) Maps a point (x,y) on the curve into the subgroup represented by this object.
PairingSourceGroupElement	multiplyByCofactor(GroupElementImpl element) Maps a point (x,y) on the curve into the subgroup represented by this object.
PairingSourceGroupElement	restoreElement(Representation repr) Restores a group element from its representation.
void	setGenerator(PairingSourceGroupElement generator)
java.math.BigInteger	size() Retrieves number of elements in the group if possible.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.math.structures.groups.elliptic.WeierstrassCurve

isShortForm

Methods inherited from interface org.cryptimeleon.math.structures.groups.elliptic.EllipticCurve

isCommutative

Methods inherited from interface org.cryptimeleon.math.structures.groups.GroupImpl

estimateCostInvPerOp, exp, getNeutralElement, getUniformlyRandomNonNeutral, hasPrimeSize, implementsOwnExp, implementsOwnMultiExp, multiexp, restoreFromRepresentation

Field Detail

size

protected java.math.BigInteger size

cofactor

protected java.math.BigInteger cofactor

generator

protected PairingSourceGroupElement generator

field

protected Field field

Constructor Detail

PairingSourceGroupImpl

public PairingSourceGroupImpl(java.math.BigInteger size,
                              java.math.BigInteger cofactor,
                              FieldElement a1,
                              FieldElement a2,
                              FieldElement a3,
                              FieldElement a4,
                              FieldElement a6)

PairingSourceGroupImpl

public PairingSourceGroupImpl(java.math.BigInteger size,
                              java.math.BigInteger cofactor,
                              FieldElement a4,
                              FieldElement a6)

PairingSourceGroupImpl

public PairingSourceGroupImpl(Representation repr)

Method Detail

getSize

public java.math.BigInteger getSize()

getA1

public FieldElement getA1()

Description copied from interface: WeierstrassCurve

Returns \(A1\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA1 in interface WeierstrassCurve

getA2

public FieldElement getA2()

Description copied from interface: WeierstrassCurve

Returns \(A2\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA2 in interface WeierstrassCurve

getA3

public FieldElement getA3()

Description copied from interface: WeierstrassCurve

Returns \(A3\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA3 in interface WeierstrassCurve

getA4

public FieldElement getA4()

Description copied from interface: WeierstrassCurve

Returns \(A4\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Specified by:

getA4 in interface WeierstrassCurve

getA6

public FieldElement getA6()

Description copied from interface: WeierstrassCurve

Returns \(A6\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Specified by:

getA6 in interface WeierstrassCurve

getGenerator

public PairingSourceGroupElement getGenerator()

Description copied from interface: GroupImpl

Returns any generator of this group if the group is cyclic and it's feasible to compute a generator.

Repeated calls may or may not always supply the same generator again (i.e. the output is not guaranteed to be random)!

Specified by:

getGenerator in interface GroupImpl

setGenerator

public void setGenerator(PairingSourceGroupElement generator)

getCofactor

public java.math.BigInteger getCofactor()

Returns cofactor of this subgroup.

Returns:

size

public java.math.BigInteger size()
                          throws java.lang.UnsupportedOperationException

Description copied from interface: GroupImpl

Retrieves number of elements in the group if possible.

Specified by:

size in interface GroupImpl

Returns:

size of this group (number of group elements in it) or null if infinite

Throws:

java.lang.UnsupportedOperationException - if the number of elements is unknown or is too expensive to compute

getRepresentation

public Representation getRepresentation()

Description copied from interface: Representable

The representation of this object. Used for serialization. A convenient way to implement this is using @link ReprUtil

Specified by:

getRepresentation in interface Representable

Returns:

a Representation or null if an equal object can be recreated without any information.

See Also:

Representation

isOnCurve

public boolean isOnCurve(FieldElement x,
                         FieldElement y)

Tests if (x,y) is on curve that defines this group. Does not check subgroup membership.

Parameters:

x - - x-coordinate of point that shall be checked

y - - y-coordinate of point that shall be checked

Returns:

true if p fulfills equation of this group

isMember

public boolean isMember(FieldElement x,
                        FieldElement y)

Tests if (x,y) is a member of this (sub)group.

This function first checks of (x,y) defines a point on the curve that defines this group. Then a subgroup membership test is performed by multiplication either with the group order or with the cofactor. If both are large, this is an expensive operation.

For cryptographic protocols where x and y are inputs to the algorithm, a subgroup membership test is mandatory to avoid small subgroup attacks, twist attacks,...

Parameters:

x - x-coordinate of point to be checked

y - y-coordinate of point to be checked

Returns:

true if (x,y) is on curve

getFieldOfDefinition

public Field getFieldOfDefinition()

Description copied from interface: EllipticCurve

Returns the base field over which the elliptic curve is defined.

Specified by:

getFieldOfDefinition in interface EllipticCurve

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

getUniformlyRandomElement

public PairingSourceGroupElement getUniformlyRandomElement()
                                                    throws java.lang.UnsupportedOperationException

Description copied from interface: GroupImpl

Generates a uniformly random element of this group.

Specified by:

getUniformlyRandomElement in interface GroupImpl

Throws:

java.lang.UnsupportedOperationException - if the random generation cannot be done

restoreElement

public PairingSourceGroupElement restoreElement(Representation repr)

Description copied from interface: GroupImpl

Restores a group element from its representation.

Specified by:

restoreElement in interface GroupImpl

getUniqueByteLength

public java.util.Optional<java.lang.Integer> getUniqueByteLength()

Description copied from interface: GroupImpl

Returns the number of bytes returned by this structure's UniqueByteRepresentable.getUniqueByteRepresentation(), or an empty Optional if this structure's elements do not guarantee a fixed length.

For example, elements of Zp will always be represented by ceil(ceil(log(p))/8) bytes, hence getUniqueByteLength() would return ceil(ceil(log(p))/8).

A polynomial ring would return an empty Optional since a polynomial's unique byte representation length depends on its degree.

Specified by:

getUniqueByteLength in interface GroupImpl

Returns:

the guaranteed fixed length of getUniqueByteRepresentation(), or an empty Optional, if no guarantee

getElement

public abstract PairingSourceGroupElement getElement(FieldElement x,
                                                     FieldElement y)

Description copied from interface: WeierstrassCurve

Construct an point on this curve given the x- and y-coordinates.

Specified by:

getElement in interface WeierstrassCurve

Parameters:

x - the x-coordinate

y - the y-coordinate

Returns:

the corresponding elliptic curve point

multiplyByCofactor

public PairingSourceGroupElement multiplyByCofactor(FieldElement x,
                                                    FieldElement y)

Maps a point (x,y) on the curve into the subgroup represented by this object. Note that pow() on a PairingSourceGroupElement does not work if pow() depends on the group size (which it may, e.g., to first reduce the exponent mod size()).

Parameters:

x - first coordinate of the point to map

y - second coordinate of the point to map

Returns:

a point in this subgroup

multiplyByCofactor

public PairingSourceGroupElement multiplyByCofactor(GroupElementImpl element)

Maps a point (x,y) on the curve into the subgroup represented by this object. Note that pow() on a PairingSourceGroupElement does not work if pow() depends on the group size (which it may, e.g., to first reduce the exponent mod size()).

Parameters:

element - the curve element to map to the subgroup

Returns:

a point in this subgroup