# R0 : p # R1 : a # R2 : 2^(-1)R mod P # R3 : R mod P # R4 : R^(-1) mod P # R5 : k # R11 : X1 # R12 : Y1 # R13 : Z1 $R0 =0000000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F $R1 =00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 $R2 =00000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000 $R3 =000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000003D1 $R4 =0000000000000000000000000000000000000000000000000000000000000000C9BD1905155383999C46C2C295F2B761BCB223FEDC24A059D838091D0868192A $R5 =0000000000000000000000000000000000000000000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $R11 =00000000000000000000000000000000000000000000000000000000000000009981E643E9089F48979F48C033FD129C231E295329BC66DBD7362E5A487E2097 $R12 =0000000000000000000000000000000000000000000000000000000000000000CF3F851FD4A582D670B6B59AAC19C1368DFC5D5D1F1DC64DB15EA6D2D3DBABE2 $R13 =000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000003D1 # KITAITI # R11 =00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 19314349 7BA03EE6 764D8004 60292477 7DA2E18C CFA0E479 C89FEC98 FEC1DFBE # R12 =00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 BF45CD28 F32684EA CA1E8876 D23CC968 35BECE70 5C3052D5 4051228B A87C07B8 # R13 =00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 7D2DFB05 4969A1FF CD8AC3E3 03520EE8 43FBC4AB 849A3CC9 32C7701B 654C04E7 # Elliptic Curve Scalar Function # RevX B(SCR) NOP SCRSTOP: A=SEL1;X=3 R13=A;SEL(X);A=SEL1 R11=A R12=A END(0) SCR: X=13 SEL(X);A=SEL1;D=SEL2;X=5 TESTD;SEL(X);B=SEL2;D=SEL2;R10=A;X=12 BZF(SCRSTOP);SEL(X);A=SEL1;TESTD R9=A;X=11;D=SEL2 BZF(SCRSTOP);SEL(X);A=SEL1 R8=A;SUB;INV;A=SEL1 SCR1: ADDR=D;SUB;D=SEL2 BCF(SCR1);B=SEL1;ADDR=B;C=SEL1;A=SEL1 ADDL=A;INV;A=SEL1 C=SEL3;A=SEL1;INV C=SEL3;ADDL=A;ADDR=D;A=SEL1 C=SEL3;ADDL=A;INV;A=SEL1 ADDL=A;INV;A=SEL1;X=0 SEL(X);B=SEL2;R4=A ADDR=C;A=SEL1 R5=A;X=4 SCR2: SEL(X);D=SEL2;A=SEL1 TESTD BZF(SCREND);ADDL=A;INV;A=SEL1 R4=A CALL(DOUBLE) NOP X=5 SEL(X);A=SEL1 A=SEL2;C=SEL3 BC(SCR3) R5=A CALL(ECADD) NOP SCR3: B(SCR2) X=4 SCREND: END(0);@R11;@R12;@R13 # Elliptic Curve Double Function # Rev0 00.04.11 # IN R11=X, R12=Y, R13=Z , B = p # OUT R11=X, R12=Y, R13=Z # R0 = p # R1 = a # R3 = RmodP # a != p - 3 DBLSTOP: X=3;A=SEL1 R13=A;SEL(X);A=SEL1 R12=A;RET R11=A DOUBLE: X=12 SEL(X);D=SEL2 TESTD;X=13 BZF(DBLSTOP);SEL(X);D=SEL2 TESTD;MRES BZF(DBLSTOP) I<=64;XCOUNT MONTMULX1: XCOUNT;MMUL;BI(MONTMULX1) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1 MRES I<=64;XCOUNT MONTMULX2: XCOUNT;MMUL;BI(MONTMULX2) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1;X=1 SEL(X);D=SEL2 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT MONTMULX3: XCOUNT;MMUL;BI(MONTMULX3) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=12 R14=A;SEL(X);D=SEL2;X=13 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULX4: XCOUNT;MMUL;BI(MONTMULX4) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MMUL;MRES;A=SEL1;D=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;C=SEL2 ADDL=A;ADDR=C;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R13=A;ADDR=D;A=SEL1;X=11 R15=A;SEL(X);D=SEL2 MRES I<=64;XCOUNT MONTMULX5: XCOUNT;MMUL;BI(MONTMULX5) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MMUL;MRES;A=SEL1;D=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;C=SEL2 ADDL=A;ADDR=C;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;C=SEL2 ADDL=A;ADDR=C;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;C=SEL2 ADDR=D;A=SEL1 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=14 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R12=A;D=SEL1 MRES I<=64;XCOUNT MONTMULX6: XCOUNT;MMUL;BI(MONTMULX6) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDR=B;A=SEL1;D=SEL1 ADDL=A;ADDR=C;SUB;INV;A=SEL1 ADDR=D;A=SEL1;D=SEL1 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=15 R11=A;SEL(X);A=SEL1;D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1 MRES I<=64;XCOUNT MONTMULX7: XCOUNT;MMUL;BI(MONTMULX7) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1 ADDR=B;A=SEL1 ADDL=A;ADDR=D;SUB;INV;A=SEL1 R14=A;ADDR=B;A=SEL1;X=11 SEL(X);D=SEL2 ADDL=A;ADDR=D;SUB;INV;A=SEL1 ADDL=A;ADDR=C;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=12 SEL(X);D=SEL2 MRES I<=64;XCOUNT MONTMULX8: XCOUNT;MMUL;BI(MONTMULX8) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;MRES;X=14 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;RET R12=A # Rev0 00.04.11 # IN R11=X, R12=Y, R13=Z, R8=X1, R9=Y1, R10=Z1 # OUT R11=X, R12=Y, R13=Z # R0 = p # R1 = a # R2 = 1/2 RmodP # R3 = RmodP ECADD: X=3 SEL(X);A=SEL1;X=10 SEL(X);D=SEL2 ADDL=A;ADDR=D;SUB;INV;D=SEL2 TESTD;X=10 BZF(ECADD1);SEL(X);D=SEL2 X=12 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY1: XCOUNT;MMUL;BI(MONTMULY1) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MMUL;MRES;A=SEL1;D=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT;ADDR=D;C=SEL2 MONTMULY2: XCOUNT;MMUL;BI(MONTMULY2) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R12=A;X=11;ADDR=C;D=SEL2 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY3: XCOUNT;MMUL;BI(MONTMULY3) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R11=A ECADD1: X=13 SEL(X);D=SEL2;X=9 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY4: XCOUNT;MMUL;BI(MONTMULY4) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MMUL;MRES;A=SEL1;D=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT;ADDR=D;C=SEL2 MONTMULY5: XCOUNT;MMUL;BI(MONTMULY5) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R7=A;X=8;ADDR=C;D=SEL2 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY6: XCOUNT;MMUL;BI(MONTMULY6) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=11 R6=A;SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=6 SEL(X);D=SEL2 R6=A;ADDR=B;A=SEL1 ADDL=A;ADDR=D;SUB;INV;A=SEL1;X=11 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=7 R11=A;SEL(X);A=SEL1;X=12 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=7 SEL(X);D=SEL2 R7=A;ADDR=B;A=SEL1 ADDL=A;ADDR=D;SUB;INV;A=SEL1;X=12 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=11 R12=A;SEL(X);D=SEL2;X=13 TESTD;SEL(X);A=SEL1 BZF(ECADDSTOP);MRES I<=64;XCOUNT MONTMULY7: XCOUNT;MMUL;BI(MONTMULY7) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 ADDL=A;C=SEL2;X=10 SEL(X);D=SEL2 MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT MONTMULY8: XCOUNT;MMUL;BI(MONTMULY8) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R13=A;ADDR=C;D=SEL2;X=6 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY9: XCOUNT;MMUL;BI(MONTMULY9) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;X=12 R6=A;SEL(X);D=SEL2 MRES I<=64;XCOUNT MONTMULY10: XCOUNT;MMUL;BI(MONTMULY10) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1;ADDR=B;A=SEL1;X=6 SEL(X);C=SEL2 ADDL=A;ADDR=C;SUB;INV;A=SEL1;X=11 SEL(X);C=SEL2 ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1;R11=A ADDL=A;ADDR=D;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1;ADDR=B;A=SEL1 ADDL=A;ADDR=D;SUB;INV;A=SEL1;X=6 SEL(X);D=SEL2 ADDL=A;ADDR=D;A=SEL1;X=12 SEL(X);D=SEL2 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT MONTMULY11: XCOUNT;MMUL;BI(MONTMULY11) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 R12=A;ADDR=C;D=SEL2;X=7 SEL(X);A=SEL1;MRES I<=64;XCOUNT MONTMULY12: XCOUNT;MMUL;BI(MONTMULY12) XCOUNT;MMUL MMUL;MRES;MUL;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MMUL;MRES;A=SEL1;D=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT MONTMULY13: XCOUNT;MMUL;BI(MONTMULY13) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 D=SEL1;ADDR=B;A=SEL1 ADDL=A;ADDR=D;SUB;INV;A=SEL1;X=12 SEL(X);C=SEL2 ADDL=A;ADDR=C;A=SEL1;X=2 SEL(X);D=SEL2 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1 MRES I<=64;XCOUNT MONTMULY14: XCOUNT;MMUL;BI(MONTMULY14) XCOUNT;MMUL MMUL;MRES;A=SEL1 CMP;SUB;INV;ADDL=A;ADDR=B;A=SEL1;RET R12=A ECADDSTOP: X=12;A=SEL1 SEL(X);D=SEL2;R11=A TESTD;R12=A;X=3 BZF(ECADDSTOP2);SEL(X);B=SEL2 R13=A;ADDR=B;A=SEL1 RET NOP ECADDSTOP2: RET;R11=A R12=A