org.bouncycastle.crypto.hash2curve

Class H2cUtils

java.lang.Object

org.bouncycastle.crypto.hash2curve.H2cUtils

public class H2cUtils
extends java.lang.Object

Utility functions for hash 2 curve

This implementation follows the straight-line, branch-free algorithmic structure required by RFC 9380, ensuring that all code paths perform the same sequence of mathematical operations regardless of input values. However, it relies on Java’s BigInteger arithmetic and standard JVM execution characteristics, neither of which provides strict guarantees of constant-time behavior at the microarchitectural level. Operations such as modular exponentiation, multiplication, inversion, and even conditional value selection (cmov) may execute in variable time depending on internal optimizations, operand size, and JIT behavior.

For most applications, this is sufficient to avoid the major side-channel pitfalls associated with probabilistic or data-dependent loops (e.g., try-and-increment). But if your threat model requires strong, formally constant-time guarantees, such as protection against local timing attacks or hostile co-tenant environments, you should consider using a lower-level language with fixed-limb field arithmetic and verifiable constant-time primitives. Java cannot practically provide such guarantees with BigInteger-based implementations.

Constructor Summary

Constructors

Constructor and Description
H2cUtils()

Method Summary

Modifier and Type	Method and Description
static java.math.BigInteger	cmov(java.math.BigInteger a, java.math.BigInteger b, boolean condition) Constant time implementation of selection of value based on condition
static byte[]	i2osp(int val, int len) Convert an integer value to a byte array of a specified length.
static java.math.BigInteger	inv0(java.math.BigInteger val, java.math.BigInteger order) Calculates the modular inverse of a BigInteger 'val' with respect to a given BigInteger 'order'.
static boolean	isSquare(java.math.BigInteger val, java.math.BigInteger order) Test if a value is square in a prime field order
static java.math.BigInteger	os2ip(byte[] val) Converts a byte array to a BigInteger.
static int	sgn0(java.math.BigInteger val, ECCurve curve) Returns the sign of the BigInteger 'val' using the given ECCurve 'curve'.
static java.math.BigInteger	sqrt(java.math.BigInteger val, java.math.BigInteger order) Calculate the square root of val in a prime field order
static byte[]	xor(byte[] arg1, byte[] arg2) Performs bitwise XOR operation on two byte arrays.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

H2cUtils

public H2cUtils()

Method Detail

cmov

public static java.math.BigInteger cmov(java.math.BigInteger a,
                                        java.math.BigInteger b,
                                        boolean condition)

Constant time implementation of selection of value based on condition

Parameters:

a - value selected on condition = false

b - value selected on condition = true

condition - condition

Returns:

'a' if condition is false, else 'b'

isSquare

public static boolean isSquare(java.math.BigInteger val,
                               java.math.BigInteger order)

Test if a value is square in a prime field order

Parameters:

val - value to test

order - prime field order

Returns:

true if val is square

sqrt

public static java.math.BigInteger sqrt(java.math.BigInteger val,
                                        java.math.BigInteger order)

Calculate the square root of val in a prime field order

Parameters:

val - value

order - prime field order

Returns:

square root of val in field order

sgn0

public static int sgn0(java.math.BigInteger val,
                       ECCurve curve)

Returns the sign of the BigInteger 'val' using the given ECCurve 'curve'.

Parameters:

val - the BigInteger value

curve - the EC curve specifying the curve field

Returns:

the sign of 'val'

Throws:

java.lang.IllegalArgumentException - if curve.getField().getDimension() != 1

inv0

public static java.math.BigInteger inv0(java.math.BigInteger val,
                                        java.math.BigInteger order)

Calculates the modular inverse of a BigInteger 'val' with respect to a given BigInteger 'order'.

Parameters:

val - the BigInteger value to calculate the inverse for

order - the BigInteger representing the order

Returns:

the modular inverse of 'val' with respect to 'order'

i2osp

public static byte[] i2osp(int val,
                           int len)

Convert an integer value to a byte array of a specified length.

Parameters:

val - the integer value to be converted

len - the length of the resulting byte array

Returns:

the byte array representation of the integer value

Throws:

java.lang.IllegalArgumentException - if the value requires more bytes than the assigned length size

os2ip

public static java.math.BigInteger os2ip(byte[] val)

Converts a byte array to a BigInteger.

Parameters:

val - the byte array to convert

Returns:

the BigInteger representation of the byte array

xor

public static byte[] xor(byte[] arg1,
                         byte[] arg2)

Performs bitwise XOR operation on two byte arrays.

Parameters:

arg1 - the first byte array

arg2 - the second byte array

Returns:

the result of the XOR operation as a new byte array

Throws:

java.lang.NullPointerException - if either arg1 or arg2 is null

java.lang.IllegalArgumentException - if arg1 and arg2 have different lengths