elliptic-lite 0.1.0

data/lib/elliptic-lite.rb

@@ -0,0 +1,9 @@
+require 'elliptic-lite/base'
+
+
+### for convenience auto-include
+##    ECC namespace in top-level
+##   use require 'elliptic-lite/base' for "modular" version
+##    without aut-include
+
+include ECC

data/lib/elliptic-lite/base.rb

@@ -0,0 +1,76 @@
+### stdlibs
+require 'pp'
+require 'securerandom'
+require 'digest'
+
+
+
+## our own code
+require 'elliptic-lite/version'
+
+
+module ECC
+class IntegerOp      ## change to IntegerFieldOp or such - why? why not?
+  def self.add( a, b ) a + b;  end
+  def self.sub( a, b ) a - b;  end
+  def self.mul( a, b ) a * b;  end
+  def self.pow( a, exponent ) a.pow( exponent ); end
+  def self.div( a, b ) a / b;  end
+end
+
+
+class Curve
+  attr_reader :a, :b, :f
+
+  def initialize( a:, b:, f: IntegerOp ) ## field (operations type) class
+    @a  = a
+    @b  = b
+    @f  = f
+  end
+
+
+  def field?( other )   ## matching field (operations type) class?
+    @f == other.f
+  end
+
+  def ==(other)
+    if other.is_a?( Curve ) && field?( other )
+      self.a == other.a && self.b == other.b
+    else
+      false
+    end
+  end
+end  # class Curve
+end # module ECC
+
+
+
+require 'elliptic-lite/field'
+require 'elliptic-lite/point'
+
+
+module ECC
+class Group
+  attr_reader :g, :n
+  ## add generator alias for g - why? why not?
+  ## add order alias for n - why? why not?
+  def initialize( g:, n: )
+    @g, @n = g, n
+
+    ## note: generator point (scalar multiplied by n - group order results in infinity point)
+    ## pp @n*@g  #=> Point(:infinity)
+  end
+
+  ## note: get point class from generator point
+  def point( *args )  @g.class.new( *args );  end
+end # class Group
+end # module ECC
+
+
+require 'elliptic-lite/secp256k1'
+require 'elliptic-lite/signature'
+
+
+
+
+puts ECCLite.banner     ## say hello

data/lib/elliptic-lite/field.rb

@@ -0,0 +1,151 @@
+
+
+module ECC
+
+class FiniteField
+
+###################
+#  meta-programming "macro" - build class (on the fly)
+#
+#   todo/check:  rename max to modulus or prime or ?? - why? why not?
+#   todo/check:  memoize generated classes ( do NOT regenerate duplicates) - why? why not?
+def self.build_class( prime )
+  klass = Class.new( Element )
+
+  klass.class_eval( <<RUBY )
+  def self.prime
+     #{prime}
+  end
+RUBY
+
+  klass
+end
+
+class << self
+  alias_method :old_new, :new           # note: store "old" orginal version of new
+  alias_method :new,     :build_class   #   replace original version with build_class
+end
+
+
+
+class Element   ## FiniteFiledElement base class
+  ###
+  # base functionality
+  attr_reader :num
+
+
+  def self.include?( num )
+     num >=0 && num < prime
+  end
+
+  def self.add( a, b )  ## note: assumes integer as arguments values
+    ( a + b ) % prime
+  end
+
+  def self.sub( a, b )
+    ( a - b ) % prime
+  end
+
+  def self.mul( a, b )
+    ( a * b ) % prime
+  end
+
+  def self.pow( a, exponent )
+    n = exponent % ( prime - 1 )   # note: make possible negative exponent ALWAYS positive
+    a.pow( n, prime ) % prime
+  end
+
+  def self.div( a, b )
+    # use Fermat's little theorem:
+    #      self.num ** (prime-1) % prime == 1
+    #  this means:
+    #      1/num == num.pow( prime-2, prime )
+    ( a * b.pow( prime-2, prime )) % prime
+  end
+
+
+
+  def self.[]( num )
+    new( num )
+  end
+
+
+
+  def initialize( num )
+    raise ArgumentError, "number #{num} not in finite field range 0 to #{self.class.prime}"   unless self.class.include?( num )
+
+    @num  = num
+    self.freeze   ## make "immutable"
+    self
+  end
+
+  def prime() self.class.prime; end   ## convenience helper
+
+  def inspect
+    "#{self.class.name}(#{@num})"
+  end
+
+
+
+  def prime?( other )  ## check for matching prime
+    self.class.prime == other.class.prime
+  end
+
+  def require_prime!( other )
+    raise ArgumentError, "cannot operate on different finite fields; expected #{self.class.prime} got #{other.class.prime}"  unless prime?( other )
+  end
+
+
+  def ==(other)
+    if other.is_a?( Element ) && prime?( other )
+      @num == other.num
+    else
+      false
+    end
+  end
+
+  def add( other )
+    require_prime!( other )
+
+    num = self.class.add( @num, other.num )
+    self.class.new( num )
+  end
+
+  def sub( other )
+    require_prime!( other )
+
+    num = self.class.sub( @num, other.num )
+    self.class.new( num )
+  end
+
+  def mul( other )
+    require_prime!( other )
+
+    num = self.class.mul( @num, other.num )
+    self.class.new( num )
+  end
+
+  def pow( exponent )
+    num = self.class.pow( @num, exponent )
+    self.class.new( num )
+  end
+
+  def div( other )
+    require_prime!( other )
+
+    num = self.class.div( @num, other.num )
+    self.class.new( num )
+  end
+
+
+  alias_method :+,  :add
+  alias_method :-,  :sub
+  alias_method :*,  :mul
+  alias_method :/,  :div
+  alias_method :**, :pow
+end # (nested) class Element
+
+
+end # class FiniteField
+end # module ECC
+

data/lib/elliptic-lite/point.rb

@@ -0,0 +1,179 @@
+
+
+module ECC
+class Point
+
+  ## convenience helpers - field operations
+  def self.add( *nums )   ## note: for convenience allow additions of more than two numbers
+    sum = nums.shift   ## "pop" first item from array
+    nums.reduce( sum ) {|sum, num| curve.f.add( sum, num ) }
+  end
+  def self.sub( *nums )
+    sum = nums.shift   ## "pop" first item from array
+    nums.reduce( sum ) {|sum, num| curve.f.sub( sum, num ) }
+  end
+  def self.mul( a, b )         curve.f.mul( a, b );   end
+  def self.pow( a, exponent )  curve.f.pow( a, exponent ); end
+  def self.div( a, b )         curve.f.div( a, b );  end
+
+  def self.on_curve?( x, y )
+    ## y**2 == x**3 + curve.a*x + curve.b
+    pow( y, 2 ) == add( pow( x, 3),
+                        mul( curve.a, x ),
+                        curve.b )
+  end
+
+
+  def self.[]( *args )
+    new( *args )
+  end
+
+  def self.infinity  ## convenience helper / shortcut for infinity - in use anywhere? keep? why? why not?
+    new( :infinity )
+  end
+
+
+
+  ## convenience helpers
+  def curve() self.class.curve; end
+  ## convenience helpers - field operations
+  def _add( *nums )       self.class.add( *nums ); end
+  def _sub( *nums )       self.class.sub( *nums ); end
+  def _mul( a, b )        self.class.mul( a, b );   end
+  def _pow( a, exponent ) self.class.pow( a, exponent ); end
+  def _div( a, b )        self.class.div( a, b );  end
+
+
+
+  attr_reader :x, :y
+
+  def initialize( *args )
+    ## allow :infinity or :inf for infinity for now - add more? why? why not?
+    if args.size == 1 && [:inf, :infinity].include?( args[0] )
+      @x = nil
+      @y = nil
+    elsif args.size == 2 &&
+          args[0].is_a?( Integer ) &&
+          args[1].is_a?( Integer )
+      @x, @y = args
+      raise ArgumentError, "point (#{@x}/#{@y}) is NOT on the curve"  unless self.class.on_curve?( @x, @y )
+    else
+      raise ArgumentError, "expected two integer numbers or :inf/:infinity; got #{args.inspect}"
+    end
+  end
+
+
+  def infinity?
+    @x.nil? && @y.nil?
+  end
+
+  def inspect
+    if infinity?
+      "#{self.class.name}(:infinity)"
+    else
+      "#{self.class.name}(#{@x},#{@y})"
+    end
+  end
+
+
+  def curve?( other )  ## check for matching curver
+    self.curve == other.curve
+  end
+
+  def require_curve!( other )
+    raise ArgumentError, "cannot operate on different curves; expected #{self.class.curve} got #{other.class.curve}"  unless curve?( other )
+  end
+
+
+  def ==( other )
+    if other.is_a?( Point ) && curve?( other )
+      @x == other.x && @y == other.y
+    else
+      false
+    end
+  end
+
+
+  def coerce(other)
+    args = [self, other]
+    ## puts " coerce(#{other} <#{other.class.name}>):"
+    ## pp args
+    args
+  end
+
+  def mul( coefficient )  ## note: for rmul-style to work needs coerce method to swap s*p to p*s!!
+    raise ArgumentError, "integer expected for mul; got #{other.class.name}"  unless coefficient.is_a?( Integer )
+    ## todo/check/fix: check for negative integer e.g. -1 etc.
+
+
+    ## puts "mul( #{coefficient} <#{coefficient.class.name}>)"
+=begin
+    result = self.class.new( nil, nil )
+    coefficient.times do
+      result += self
+    end
+    result
+=end
+
+    coef = coefficient
+    current = self
+    result = self.class.new( :infinity )
+    while coef > 0
+      result += current   if coef.odd?   ##  if (coef & 0b1) > 0
+      current = current.double   ## double the point
+      coef >>= 1           ## bit shift to the right
+    end
+    result
+  end
+  alias_method :*, :mul
+
+
+  def add( other )
+    require_curve!( other )
+
+    return other   if infinity?        ## self is infinity/infinity ?
+    return self    if other.infinity?  ## other is infinity/infinity ?
+
+    if @x == other.x && @y != other.y
+      return self.class.new( :infinity )
+    end
+
+
+    if @x != other.x   ## e.g. add point operation
+      # s = (other.y - @y) / (other.x - @x)
+      # x3 = s**2 - @x - other.x
+      # y3 = s * (@x - x3) - @y
+      s  = _div( _sub(other.y, @y),
+                 _sub(other.x, @x))
+      x3 = _sub( _pow(s,2), @x, other.x )
+      y3 = _sub( _mul( s, _sub(@x, x3)), @y )
+
+      return self.class.new( x3, y3 )
+    end
+
+    if @x == other.x && @y == other.y   ## e.g. double point operation
+      return double
+    end
+
+    raise "failed to add point #{inspect} to #{other.inspect} - no point addition rules matched; sorry"
+  end
+  alias_method :+, :add
+
+
+  def double  # double point operation
+    if @y == _mul( 0, @x )
+      self.class.new( :infinity )
+    else
+      # s = (3 * @x**2 + curve.a) / (2 * @y)
+      # x3 = s**2 - 2 * @x
+      # y3 = s * (@x - x3) - @y
+      s = _div( _add( _mul( 3,_pow(@x, 2)), curve.a),
+                _mul(2, @y))
+      x3 = _sub( _pow(s, 2), _mul( 2, @x))
+      y3 = _sub( _mul( s, _sub(@x, x3)), @y)
+
+      self.class.new( x3, y3 )
+    end
+  end
+end # class Point
+end # module ECC

data/lib/elliptic-lite/secp256k1.rb

@@ -0,0 +1,31 @@
+
+module ECC
+
+class S256Field < FiniteField::Element
+  P = 2**256 - 2**32 - 977
+  def self.prime() P; end
+end
+
+class S256Point < Point
+  def self.curve() @curve ||= Curve.new( a: 0, b: 7, f: S256Field ); end
+
+  def inspect   ## change to fixed 64 char hexstring for x/y
+    if infinity?
+      "#{self.class.name}(:infinity)"
+    else
+      "#{self.class.name}(#{'0x%064x' % @x},#{'0x%064x' % @y})"
+    end
+  end
+end # class S256Point
+
+
+# use Secp256k1 - why? why not?
+#   or use GROUP_SECP256K1 or SECP256K1_GROUP  (different from "plain" CURVE_SECP256K1) - why? why not?
+SECP256K1 = Group.new(
+              g: S256Point.new( 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
+                                0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 ),
+              n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
+)
+end # module ECC
+
+