16579288857

Committed 28 Jul 2025 08:13PM UTC coverage: 99.371% (+3.8%) from 95.58%

Build # 16579288857

Build Type

Pull #15

github

Committed by

web-flow

Commit Message

Merge e10df30b0 into d917b1701

Pull Request Pull Request #15: Improve bernstein math

Run Details

283 of 283 new or added lines in 32 files covered. (100.0%)

7 existing lines in 2 files now uncovered.

1421 of 1430 relevant lines covered (99.37%)

10.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.33

/src/Serializer/PointDecoder/Traits/PMod85RecoveryTrait.php

<?php

namespace Famoser\Elliptic\Serializer\PointDecoder\Traits;

use Famoser\Elliptic\Primitives\Point;
use Famoser\Elliptic\Serializer\PointDecoder\PointDecoderException;

trait PMod85RecoveryTrait
{
    /**
     * take the square root of alpha, while doing a (much cheaper) exponentiation
     *
     * observe that alpha^((p+3)/8) = y^((p+3)/4) = candidate
     * (p+3)/8 is an integer, as for our prime p it holds that p mod 8 = 5
     *
     * implements https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.1
     */
    protected function recoverXForPMod85(\GMP $x): Point
    {
        $p = $this->curve->getP();
        $alpha = gmp_mod($this->calculateRightSide($x), $p);

        $const = gmp_div(gmp_add($p, 3), 8);
        $candidate = gmp_powm($alpha, $const, $p);

        $candidateSquare = gmp_powm($candidate, 2, $p);
        if (gmp_cmp($candidateSquare, $alpha) === 0) {
            return new Point($x, $candidate);
        } else {
            $check = gmp_mod(gmp_add($candidateSquare, $alpha), $p);
            if (gmp_cmp($check, 0) === 0) {
                $const = gmp_div(gmp_sub($p, 1), 4);
                $correctionFactor = gmp_powm(2, $const, $p);
                $correctedCandidate = gmp_mod(gmp_mul($candidate, $correctionFactor), $p);

                return new Point($x, $correctedCandidate);
            }

            throw new PointDecoderException('No square root of alpha.');
        }
    }
}

1	<?php
2
3	namespace Famoser\Elliptic\Serializer\PointDecoder\Traits;
4
5	use Famoser\Elliptic\Primitives\Point;
6	use Famoser\Elliptic\Serializer\PointDecoder\PointDecoderException;
7
8	trait PMod85RecoveryTrait
9	{
10	/**
11	* take the square root of alpha, while doing a (much cheaper) exponentiation
12	*
13	* observe that alpha^((p+3)/8) = y^((p+3)/4) = candidate
14	* (p+3)/8 is an integer, as for our prime p it holds that p mod 8 = 5
15	*
16	* implements https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.1
17	*/
18	protected function recoverXForPMod85(\GMP $x): Point	3✔
19	{
20	$p = $this->curve->getP();	3✔
21	$alpha = gmp_mod($this->calculateRightSide($x), $p);	3✔
22
23	$const = gmp_div(gmp_add($p, 3), 8);	3✔
24	$candidate = gmp_powm($alpha, $const, $p);	3✔
25
26	$candidateSquare = gmp_powm($candidate, 2, $p);	3✔
27	if (gmp_cmp($candidateSquare, $alpha) === 0) {	3✔
UNCOV 28	return new Point($x, $candidate);	×
29	} else {
30	$check = gmp_mod(gmp_add($candidateSquare, $alpha), $p);	3✔
31	if (gmp_cmp($check, 0) === 0) {	3✔
32	$const = gmp_div(gmp_sub($p, 1), 4);	1✔
33	$correctionFactor = gmp_powm(2, $const, $p);	1✔
34	$correctedCandidate = gmp_mod(gmp_mul($candidate, $correctionFactor), $p);	1✔
35
36	return new Point($x, $correctedCandidate);	1✔
37	}
38
39	throw new PointDecoderException('No square root of alpha.');	2✔
40	}
41	}
42	}

famoser / elliptic / 16579288857

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous