Prime Numbers

7.2 Elliptic arithmetic 327
Algorithm 7.2.3 (Elliptic addition: Modified projective coordinates).
We assume an elliptic curve E(F ) over a field F with characteristic = 2, 3
(but see the note preceding Algorithm 7.2.2), given by the affine equation
y 2 = x 3 +ax+b. For modified projective points of the general form P = 〈X, Y, Z〉,
with 〈0, 1, 0〉, 〈0, −1, 0〉 both denoting the point at infinity P = O, this algorithm
provides functions for point negation, doubling, addition, and subtraction.
1. [Elliptic negate function]
neg(P ) return 〈X, −Y,Z〉;
2. [Elliptic double function]
double(P ) {
if(Y == 0 or Z == 0) return 〈0, 1, 0〉;
M =(3X 2 + aZ 4 ); S =4XY 2 ;
X ′ = M 2 − 2S; Y ′ = M(S − X2) − 8Y 4 ; Z ′ =2YZ;
return 〈X ′ ,Y ′ ,Z ′ 〉;
}
3. [Elliptic add function]
add(P1,P2) {
if(Z1 == 0) return P2; // Point P1 = O.
if(Z2 == 0) return P1; // Point P2 = O.
U1 = X2Z 2 1; U2 = X1Z 2 2;
S1 = Y2Z 3 1; S2 = Y1Z 3 2;
W = U1 − U2; R = S1 − S2;
if(W == 0) { // x-coordinates match.
if(R == 0) return double(P1);
return 〈0, 1, 0〉;
}
T = U1 + U2; M = S1 + S2;
X3 = R 2 − TW 2 ;
Y3 = 1
2 ((TW2 − 2X3)R − MW 3 );
Z3 = Z1Z2W ;
return 〈X3,Y3,Z3〉;
}
4. [Elliptic subtract function]
sub(P1,P2) {
return add(P1,neg(P2));
}
It should be stressed that in all of our elliptic addition algorithms, if
arithmetic is in Zn, modular reductions are taken whenever intermediate
numbers exceed the modulus. This option (3) algorithm (modified projective
coordinates) obviously has more field multiplications than does option (1)
(affine coordinates), but as we have said, the idea is to avoid inversions (see
Exercise 7.9). It is to be understood that in implementing Algorithm 7.2.3
one should save some of the intermediate calculations for further use; not all
of these are explicitly described in our algorithm display above. In particular,