Class MontgomeryCurveProcessor

java.lang.Object
org.bouncycastle.crypto.hash2curve.impl.MontgomeryCurveProcessor
All Implemented Interfaces:
CurveProcessor
public class MontgomeryCurveProcessor extends Object implements CurveProcessor
Curve processor for Montgomery curves of the form B * y^2 = x^3 + A * x^2 + x Internally we treat this as a long Weierstrass curve y^2 = x^3 + a2 * x^2 + a4 * x + a6 with a2 = A / B, a4 = 1 / B, a6 = 0. All arithmetic is done explicitly in F_p using these formulas, not via the ECPoint group operations, because BouncyCastle's Montgomery implementation does not use this model directly.

  • Constructor Details

    • MontgomeryCurveProcessor

      public MontgomeryCurveProcessor(ECCurve curve, int J, int K, int hEff)
      Constructs a MontgomeryCurveProcessor object for processing elliptic curves represented in the Montgomery model. Computes and initializes curve parameters for use in point operations and transformations.
      Parameters:
      curve - the elliptic curve to be processed, represented using the ECCurve class
      J - parameter J of the Montgomery curve equation, used for internal calculations
      K - parameter K of the Montgomery curve equation, used for internal calculations
      hEff - the effective cofactor value for the curve, utilized in certain operations

  • Method Details

    • add

      public ECPoint add(ECPoint P, ECPoint Q)
      Adds two elliptic curve points on the Montgomery curve model and returns the resulting point. The method internally converts Montgomery coordinates to Weierstrass coordinates to perform the group law, then converts the result back to Montgomery coordinates.
      Specified by:
      add in interface CurveProcessor
      Parameters:
      P - the first elliptic curve point on the Montgomery curve model
      Q - the second elliptic curve point on the Montgomery curve model
      Returns:
      the resulting elliptic curve point on the Montgomery curve model after addition

    • clearCofactor

      public ECPoint clearCofactor(ECPoint P)
      Clears the cofactor of the given elliptic curve point using the efficient cofactor value. If the input point is at infinity, the same point is returned. Otherwise, it transforms the point into the short-Weierstrass model, multiplies by the effective cofactor, and normalizes the resulting point.
      Specified by:
      clearCofactor in interface CurveProcessor
      Parameters:
      P - the elliptic curve point on the Montgomery curve model
      Returns:
      the resulting elliptic curve point in the short-Weierstrass model with the cofactor cleared

    • mapToAffineXY

      public AffineXY mapToAffineXY(ECPoint p)
      Description copied from interface: CurveProcessor
      Converts an elliptic-curve point into the affine (x, y) coordinate representation defined by the hash-to-curve suite.

      The returned coordinates are intended for serialization, testing, and interoperability with the reference outputs defined in RFC 9380. For most Weierstrass curves, this is simply the affine (x, y) coordinates of the given point. For curves that use a different coordinate model in the specification (e.g. Montgomery curves such as curve25519), this method applies the appropriate coordinate transformation.

      This method does not change the underlying group element represented by the point. It only changes how that point is expressed as field elements. The input point is expected to be a valid point on the curve used by the implementation.

      Specified by:
      mapToAffineXY in interface CurveProcessor
      Parameters:
      p - a valid elliptic-curve point
      Returns:
      the affine (x, y) coordinates corresponding to the suite-specific representation of the given point