pyecsca.sca.re.zvp module

Provides functionality inspired by the Zero-value point attack [ZVP].

Implements ZVP point construction from [FFD].

pyecsca.sca.re.zvp.map_to_affine(formula, polys)

Map unrolled polynomials of a formula to affine form, using some assumptions along the way (e.g. Z = 1).

Parameters:

• formula (Formula) – The formula the polynomials belong to.

• polys (List[Tuple[str, Poly]]) – The polynomials (intermediate values) to map.

Return type:

List[Tuple[str, Poly]]

Returns:

The mapped intermediate values, with associated variable names.

pyecsca.sca.re.zvp.compute_factor_set(formula, affine=True, filter_nonhomo=True, xonly=False)

Compute a set of factors present in the formula.

Parameters:

• formula (Formula) – Formula to compute the factor set of.

• affine (bool) – Whether to transform the polynomials into affine form.

• filter_nonhomo (bool) – Whether to filter out non-homogenous polynomials.

• xonly (bool) – Whether to make the factor set “x”-only by eliminating y-coords using the curve equation.

Return type:

Set[Poly]

Returns:

The set of factors present in the formula.

pyecsca.sca.re.zvp.zvp_points(poly, curve, k, n)

Find a set of (affine) ZVP points for a given intermediate value and dlog relationship.

Parameters:

• poly (Poly) – The polynomial to zero out, obtained as a result of unroll_formula() (or its factor).

• curve (EllipticCurve) – The curve to compute over.

• k (int) – The discrete-log relationship between the two points, i.e. (x2, x2) = [k](x1, x1)

• n (int) – The curve order.

Return type:

Set[Point]

Returns:

The set of points (x1, y1).