Re: [dev-crypto-csharp] Issue about ECDomainParameters

[Peter Dettman]

Hi Fabrizio,

All those divisions should be modular divisions. To perform a modular 
division using BigInteger you use the ModInverse method:

x / y mod m => y.ModInverse(m).Multiply(x).Mod(m)

Regards,
Pete Dettman


On 3/01/2024 8:41 pm, Fabrizio Lieggi wrote:

Hi everyone,

I’m starting to learn the BouncyCastle C# lib use,  can anybody help 
me with this code:

publicstaticECDomainParameters BabyJubJubDomainParameters()

{

// EC parameters (Montgomery Form)

// values from https://eips.ethereum.org/EIPS/eip-2494

varp = 
newOrg.BouncyCastle.Math.BigInteger("21888242871839275222246405745257275088548364400416034343698204186575808495617");

varh = newOrg.BouncyCastle.Math.BigInteger("8");

varn = 
newOrg.BouncyCastle.Math.BigInteger("21888242871839275222246405745257275088614511777268538073601725287587578984328");

vara = newOrg.BouncyCastle.Math.BigInteger("168698");

varb = newOrg.BouncyCastle.Math.BigInteger("1");

varM_GX = newOrg.BouncyCastle.Math.BigInteger("7");

varM_GY = 
newOrg.BouncyCastle.Math.BigInteger("4258727773875940690362607550498304598101071202821725296872974770776423442226");

varorder = n.Multiply(h);

/*

https://upcommons.upc.edu/bitstream/handle/2117/361741/mathematics-09-03022.pdf?sequence=1

# Transform a Montgomery curve to a short Weierstrass .

a = (3 - A^2) / (3 * B^2)

b = (2 * A^3 - 9*A) / (27 * B^3)

x0,y0 = (x0 + A/3) / B , y0 / B

x1,y1 = (x1 + A/3) / B , y1 / B

*/

varnove = newOrg.BouncyCastle.Math.BigInteger("9");

varW_a = 
((Org.BouncyCastle.Math.BigInteger.Three.Subtract(a.Pow(2))).Divide(Org.BouncyCastle.Math.BigInteger.Three.Multiply(b.Pow(2)))).Mod(p);

varW_b = 
(Org.BouncyCastle.Math.BigInteger.Two.Multiply(a.Pow(3)).Subtract(nove.Multiply(a))).Divide((newOrg.BouncyCastle.Math.BigInteger("27")).Multiply(b.Pow(3))); 
//.Mod(p);

varW_GX = 
(M_GX.Add(a.Divide(Org.BouncyCastle.Math.BigInteger.Three))).Divide(b); 
//.Mod(p);

varW_GY = M_GY.Divide(b); //.Mod(p);

Org.BouncyCastle.Math.EC.ECCurve curve = newFpCurve(p, W_a, W_b, n, h);

  Org.BouncyCastle.Math.EC.ECPoint generatorPoint = 
curve.CreatePoint(W_GX, W_GY);

returnnewECDomainParameters(curve, generatorPoint, n, h);

}

varecParameters = CryptoUtils.BabyJubJubDomainParameters();

The internal method ValidatePublicPoint of the class 
ECDomainParameters returns an exception:

*System.ArgumentException:*'Point not on curve (Parameter 'q')'

Thanks in advance,

Best regards

F